Common Attack Pattern Enumeration and Classification : CAPEC

CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
ID Name Action
CAPEC-51 Poison Web Service Registry
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-54 Query System for Information
CAPEC-55 Rainbow Table Password Cracking
CAPEC-57 Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CAPEC-58 Restful Privilege Elevation
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery
CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-65 Sniff Application Code
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-68 Subvert Code-signing Facilities
CAPEC-69 Target Programs with Elevated Privileges
CAPEC-70 Try Common or Default Usernames and Passwords
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-73 User-Controlled Filename
CAPEC-74 Manipulating State
CAPEC-75 Manipulating Writeable Configuration Files
CAPEC-76 Manipulating Web Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81 Web Server Logs Tampering
CAPEC-83 XPath Injection
CAPEC-84 XQuery Injection
CAPEC-85 AJAX Footprinting
CAPEC-86 XSS Through HTTP Headers
CAPEC-87 Forceful Browsing
CAPEC-88 OS Command Injection
CAPEC-89 Pharming
CAPEC-90 Reflection Attack in Authentication Protocol
CAPEC-92 Forced Integer Overflow
CAPEC-93 Log Injection-Tampering-Forging
CAPEC-94 Adversary in the Middle (AiTM)
CAPEC-95 WSDL Scanning
CAPEC-96 Block Access to Libraries
CAPEC-97 Cryptanalysis
CAPEC-98 Phishing
CAPEC-100 Overflow Buffers
CAPEC-101 Server Side Include (SSI) Injection
CAPEC-102 Session Sidejacking
CAPEC-103 Clickjacking
CAPEC-104 Cross Zone Scripting
Showing 50 of 559 Results