New to CAPEC? Start Here
Home > News > News & Events - 2016 Archive  

News & Events

2016 Archive

Right-click and copy a URL to share an article. Send feedback about this page to

CAPEC is part of the OWASP Cornucopia gamification

June 3, 2016 | Share this article

CAPEC is part of the Open Web Application Security Project (OWASP) Cornucopia gamification card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic and through the CAPEC mappings to the Cornucopia "attack suits" the Cornucopia card game links the attacks with requirements and verification techniques. With each card mapped to CAPEC software attack pattern IDs, which themselves are mapped to CWEs, the game also covers the CWE weakness IDs targeted. Each card is also mapped to the 36 primary security stories in the SAFECode "Security Stories and Security Tasks for Agile Development Environments", as well as to the OWASP SCP v2, ASVS v2 2014 and AppSensor (application attack detection and response) to help teams create their own security-related stories for use in Agile processes. The first card deck is an "Ecommerce Website Edition" with other decks, like mobile apps in the works.

CAPEC part of ISACA's Cybersecurity Fundamentals Glossary

January 2016 | Share this article

CAPEC is part of Information Systems Audit and Control Association's (ISACA's) Cybersecurity Fundamentals Glossary, provided as part of their Cybersecurity Nexus (CSX) offerings for cybersecurity professionals. CSX provides knowledge, tools, training and credentials for cybersecurity professionals. Additional information on CSX is available at

More information is available — Please select a different filter.
Page Last Updated or Reviewed: June 26, 2019