Common Attack Pattern Enumeration and Classification : CAPEC

CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
ID Name Action
CAPEC-160 Exploit Script-Based APIs
CAPEC-161 Infrastructure Manipulation
CAPEC-162 Manipulating Hidden Fields
CAPEC-163 Spear Phishing
CAPEC-164 Mobile Phishing
CAPEC-165 File Manipulation
CAPEC-166 Force the System to Reset Values
CAPEC-167 White Box Reverse Engineering
CAPEC-168 Windows ::DATA Alternate Data Stream
CAPEC-169 Footprinting
CAPEC-170 Web Application Fingerprinting
CAPEC-173 Action Spoofing
CAPEC-174 Flash Parameter Injection
CAPEC-175 Code Inclusion
CAPEC-176 Configuration/Environment Manipulation
CAPEC-177 Create files with the same name as files protected with a higher classification
CAPEC-178 Cross-Site Flashing
CAPEC-179 Calling Micro-Services Directly
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-181 Flash File Overlay
CAPEC-182 Flash Injection
CAPEC-183 IMAP/SMTP Command Injection
CAPEC-184 Software Integrity Attack
CAPEC-185 Malicious Software Download
CAPEC-186 Malicious Software Update
CAPEC-187 Malicious Automated Software Update via Redirection
CAPEC-188 Reverse Engineering
CAPEC-189 Black Box Reverse Engineering
CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality
CAPEC-191 Read Sensitive Constants Within an Executable
CAPEC-192 Protocol Analysis
CAPEC-193 PHP Remote File Inclusion
CAPEC-194 Fake the Source of Data
CAPEC-195 Principal Spoof
CAPEC-196 Session Credential Falsification through Forging
CAPEC-197 Exponential Data Expansion
CAPEC-198 XSS Targeting Error Pages
CAPEC-199 XSS Using Alternate Syntax
CAPEC-200 Removal of filters: Input filters, output filters, data masking
CAPEC-201 Serialized Data External Linking
CAPEC-202 Create Malicious Client
CAPEC-203 Manipulate Registry Information
CAPEC-204 Lifting Sensitive Data Embedded in Cache
CAPEC-206 Signing Malicious Code
CAPEC-207 Removing Important Client Functionality
CAPEC-208 Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements
CAPEC-209 XSS Using MIME Type Mismatch
CAPEC-212 Functionality Misuse
CAPEC-215 Fuzzing for application mapping
CAPEC-216 Communication Channel Manipulation
Showing 50 of 559 Results