Frameworks & standards
CAPEC
Common Attack Pattern Enumeration and Classification
Common Attack Pattern Enumeration and Classification (CAPEC) is a MITRE-maintained catalog of the attack patterns adversaries use to exploit weaknesses - for example CAPEC-66 (SQL Injection). CAPEC describes how weaknesses (CWEs) are attacked, bridging weakness taxonomy and adversary behavior.
Key points
- Catalog of how weaknesses are exploited.
- Bridges CWE (weaknesses) and ATT&CK (adversary behavior).
- Referenced in vulnerability pages here.
Related
References
Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.
Join the waitlist