← Cybersecurity Alphabet Soup

CAPEC

Common Attack Pattern Enumeration and Classification

appsechard

CAPEC is a MITRE catalog of known attack patterns, describing how adversaries actually exploit weaknesses, from phishing to parameter tampering. It complements CWE: weaknesses describe what is wrong in the software, while attack patterns describe how those weaknesses get abused. Threat modelers and test designers use CAPEC during design and testing to make sure realistic attacks are considered.

Sources

More in appsec