Common Attack Pattern Enumeration and Classification : CAPEC
CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to
exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and
educators to advance community understanding and enhance defenses.
ID
Name
Action
CAPEC-160
Exploit Script-Based APIs
CAPEC-161
Infrastructure Manipulation
CAPEC-162
Manipulating Hidden Fields
CAPEC-163
Spear Phishing
CAPEC-164
Mobile Phishing
CAPEC-165
File Manipulation
CAPEC-166
Force the System to Reset Values
CAPEC-167
White Box Reverse Engineering
CAPEC-168
Windows ::DATA Alternate Data Stream
CAPEC-169
Footprinting
CAPEC-170
Web Application Fingerprinting
CAPEC-173
Action Spoofing
CAPEC-174
Flash Parameter Injection
CAPEC-175
Code Inclusion
CAPEC-176
Configuration/Environment Manipulation
CAPEC-177
Create files with the same name as files protected with a higher classification
CAPEC-178
Cross-Site Flashing
CAPEC-179
Calling Micro-Services Directly
CAPEC-180
Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-181
Flash File Overlay
CAPEC-182
Flash Injection
CAPEC-183
IMAP/SMTP Command Injection
CAPEC-184
Software Integrity Attack
CAPEC-185
Malicious Software Download
CAPEC-186
Malicious Software Update
CAPEC-187
Malicious Automated Software Update via Redirection
CAPEC-188
Reverse Engineering
CAPEC-189
Black Box Reverse Engineering
CAPEC-190
Reverse Engineer an Executable to Expose Assumed Hidden Functionality
CAPEC-191
Read Sensitive Constants Within an Executable
CAPEC-192
Protocol Analysis
CAPEC-193
PHP Remote File Inclusion
CAPEC-194
Fake the Source of Data
CAPEC-195
Principal Spoof
CAPEC-196
Session Credential Falsification through Forging
CAPEC-197
Exponential Data Expansion
CAPEC-198
XSS Targeting Error Pages
CAPEC-199
XSS Using Alternate Syntax
CAPEC-200
Removal of filters: Input filters, output filters, data masking
