What is Common Attack Pattern Enumeration and Classification (CAPEC™)

Understanding how the adversary operates is essential to effective cyber security. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attacks employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.

  • Focuses on application security
  • Enumerates exploits against vulnerable systems
  • Includes social engineering / supply chain
  • Associated with Common Weakness Enumeration (CWE)