2016 Archive
Right-click and copy a URL to share an article. Send feedback about this page to
capec@mitre.org.
CAPEC is part of the OWASP Cornucopia gamification
June 3, 2016 | Share this article
CAPEC is part of the
Open Web Application Security Project (OWASP) Cornucopia gamification card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic and through the CAPEC mappings to the Cornucopia
"attack suits" the
Cornucopia card game links the attacks with requirements and verification techniques. With each card mapped to CAPEC software attack pattern IDs, which themselves are mapped to CWEs, the game also covers the CWE weakness IDs targeted. Each card is also mapped to the 36 primary security stories in the
SAFECode "Security Stories and Security Tasks for Agile Development Environments", as well as to the
OWASP SCP v2,
ASVS v2 2014 and
AppSensor (application attack detection and response) to help teams create their own security-related stories for use in Agile processes. The first card deck is an "Ecommerce Website Edition" with other decks, like mobile apps in the works.
CAPEC part of ISACA's Cybersecurity Fundamentals Glossary
January 2016 | Share this article
CAPEC is part of
Information Systems Audit and Control Association's (ISACA's)
Cybersecurity Fundamentals Glossary, provided as part of their
Cybersecurity Nexus (CSX) offerings for cybersecurity professionals. CSX provides knowledge, tools, training and credentials for cybersecurity professionals. Additional information on CSX is available at
https://cybersecurity.isaca.org.
More information is available — Please select a different filter.
|
