Common Attack Pattern Enumeration and Classification : CAPEC

CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
ID Name Action
CAPEC-217 Exploiting Incorrectly Configured SSL/TLS
CAPEC-218 Spoofing of UDDI/ebXML Messages
CAPEC-219 XML Routing Detour Attacks
CAPEC-220 Client-Server Protocol Manipulation
CAPEC-221 Data Serialization External Entities Blowup
CAPEC-222 iFrame Overlay
CAPEC-224 Fingerprinting
CAPEC-226 Session Credential Falsification through Manipulation
CAPEC-227 Sustained Client Engagement
CAPEC-228 DTD Injection
CAPEC-229 Serialized Data Parameter Blowup
CAPEC-230 Serialized Data with Nested Payloads
CAPEC-231 Oversized Serialized Data Payloads
CAPEC-233 Privilege Escalation
CAPEC-234 Hijacking a privileged process
CAPEC-237 Escaping a Sandbox by Calling Code in Another Language
CAPEC-240 Resource Injection
CAPEC-242 Code Injection
CAPEC-243 XSS Targeting HTML Attributes
CAPEC-244 XSS Targeting URI Placeholders
CAPEC-245 XSS Using Doubled Characters
CAPEC-247 XSS Using Invalid Characters
CAPEC-248 Command Injection
CAPEC-250 XML Injection
CAPEC-251 Local Code Inclusion
CAPEC-252 PHP Local File Inclusion
CAPEC-253 Remote Code Inclusion
CAPEC-256 SOAP Array Overflow
CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data
CAPEC-263 Force Use of Corrupted Files
CAPEC-267 Leverage Alternate Encoding
CAPEC-268 Audit Log Manipulation
CAPEC-270 Modification of Registry Run Keys
CAPEC-271 Schema Poisoning
CAPEC-272 Protocol Manipulation
CAPEC-273 HTTP Response Smuggling
CAPEC-274 HTTP Verb Tampering
CAPEC-275 DNS Rebinding
CAPEC-276 Inter-component Protocol Manipulation
CAPEC-277 Data Interchange Protocol Manipulation
CAPEC-278 Web Services Protocol Manipulation
CAPEC-279 SOAP Manipulation
CAPEC-285 ICMP Echo Request Ping
CAPEC-287 TCP SYN Scan
CAPEC-290 Enumerate Mail Exchange (MX) Records
CAPEC-291 DNS Zone Transfers
CAPEC-292 Host Discovery
CAPEC-293 Traceroute Route Enumeration
CAPEC-294 ICMP Address Mask Request
CAPEC-295 Timestamp Request
Showing 50 of 559 Results