CAPEC: Common Attack Pattern Enumeration and Classification and ATT&CK Comparison
“Attack Patterns” are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. Attack patterns define the challenges that an adversary may face and how they go about solving it. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples.
Each attack pattern captures knowledge about how specific parts of an attack are designed and executed, and gives guidance on ways to mitigate the attack’s effectiveness. Attack patterns help those developing applications, or administrating cyber-enabled capabilities to better understand the specific elements of an attack and how to stop them from succeeding.
CAPEC entries are related to Common Weakness Enumeration (CWE™) and Common Vulnerabilities and Exposures (CVE®)
ATT&CK Comparison
Understanding adversary behavior is increasingly important in cybersecurity. Two approaches exist for organizing knowledge about adversary behavior — CAPEC and ATT&CK, each focused on a specific set of use cases.
This page explains the similarities, differences, and relationship between CAPEC and ATT&CK and the role of each in cybersecurity.
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC is focused on application security and describes the common attributes and techniques employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. (e.g., SQL Injection, XSS, Session Fixation, Clickjacking)
- Focus on application security
- Enumerates exploits against vulnerable systems
- Includes social engineering / supply chain
- Associated with Common Weakness Enumeration (CWE)
Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
ATT&CK is focused on network defense and describes the operational phases in an adversary’s lifecycle, pre and post-exploit (e.g., Persistence, Lateral Movement, Exfiltration), and details the specific tactics, techniques, and procedures (TTPs) that advanced persistent threats (APT) use to execute their objectives while targeting, compromising, and operating inside a network.
- Focus on network defense
- Based on threat intelligence and red team research
- Provides a contextual understanding of malicious behavior
- Supports testing and analysis of defense options
How they are related …
Many attack patterns enumerated by CAPEC are employed by adversaries through specific techniques described by ATT&CK. This enables contextual understanding of the attack patterns within an adversary’s operational lifecycle. CAPEC attack patterns and related ATT&CK techniques are cross-referenced when appropriate between the two efforts.
When to use …
Use CAPEC for:
- Application threat modeling
- Developer training and education
- Penetration testing
Use ATT&CK for:
- Comparing computer network defense capabilities
- Defending against the Advanced Persistent Threat
- Hunting for new threats
- Enhancing threat intelligence
- Adversary emulation exercises
LEARN CYBERSECURITY IN 2024
Check out our comprehensive cybersecurity course and enhance your knowledge in the field! Join now to learn the essential skills and techniques to protect yourself and others in the digital world. Don’t miss this opportunity to become a cybersecurity expert!
