Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
News & Events
Right-click and copy a URL to share an article. Send feedback about this page to firstname.lastname@example.org.
CAPEC List Version 2.9 Now Available
January 10, 2017 | Share this article
Major changes for Version 2.9 include adding five new attack patterns: CAPEC-594: Traffic Injection, CAPEC-595: Connection Reset, CAPEC-596: TCP RST Injection, CAPEC-597: Absolute Path Traversal, and CAPEC-598: DNS Spoofing. Also, the Mechanisms of Attack view was cleaned-up by removing categories that were not mechanisms (but rather more like goals), removing circular relationships, and verifying consistency in the meta->standard->detailed relationship structure. In all, 78 patterns and categories were modified, and 13 patterns and categories were deprecated. There were no schema updates.
There are now 503 total attack patterns listed.
Changes for the new version release include the following:
See the complete list of changes at https://capec.mitre.org/data/reports/diff_reports/v2.8_v2.9.html.
Comments are welcome on the CAPEC Research Email Discussion List. Future updates will be noted here and on the CAPEC Research list.
CAPEC Refreshes Website with Easier-to-Use Navigation Menus & Streamlined CAPEC List Page
January 09, 2017 | Share this article
We have updated the CAPEC website to streamline site navigation for an improved user experience. The main navigation menu is now located in an easy-to-access menu bar at the top of every page, with Section Contents menus for each section of the website just below the new main menu.
The main CAPEC List page has also been streamlined for ease-of-use into four main sections:
Navigate CAPEC – Offers two hierarchical representations, Mechanisms of Attack and Domains of Attack, to help you navigate the entire list according to your specific point of view.
External Mappings – Offers views used to represent mappings to external groupings such as a Top-N list, as well as to express subsets of entries that are related by some external factor.
Helpful Views – Offers additional helpful views based on a specific criteria and hope to provide insight for a certain domain or use case, such as a Comprehensive CAPEC Dictionary, Mobile Device Patterns, etc.
Release Downloads – Provides an archive of previous release versions of the core content downloads, schemas, schema documentation, and difference reports.
Please send any comments or concerns to email@example.com.
CAPEC is part of the OWASP Cornucopia gamification
June 3, 2016 | Share this article
CAPEC is part of the
Open Web Application Security Project (OWASP) Cornucopia gamification
CAPEC part of ISACA's Cybersecurity Fundamentals Glossary
January 2016 | Share this article
CAPEC is part of Information Systems Audit and Control Association's (ISACA's) Cybersecurity Fundamentals Glossary, provided as part of their Cybersecurity Nexus (CSX) offerings for cybersecurity professionals. CSX provides knowledge, tools, training and credentials for cybersecurity professionals. Additional information on CSX is available at https://cybersecurity.isaca.org.
More information is available — Please select a different filter.