IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. Glossary
  3. CAPEC

Frameworks & standards

CAPEC

Common Attack Pattern Enumeration and Classification

Common Attack Pattern Enumeration and Classification (CAPEC) is a MITRE-maintained catalog of the attack patterns adversaries use to exploit weaknesses - for example CAPEC-66 (SQL Injection). CAPEC describes how weaknesses (CWEs) are attacked, bridging weakness taxonomy and adversary behavior.

Key points

  • Catalog of how weaknesses are exploited.
  • Bridges CWE (weaknesses) and ATT&CK (adversary behavior).
  • Referenced in vulnerability pages here.

Related

CWEMITRE ATT&CKOWASP

References

  • CAPEC (MITRE)

Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.

Join the waitlist
← All terms
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub