| Existing Patterns
Modified with Enhanced Material
|
| CAPEC-3 |
Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-12 |
Choosing Message Identifier |
| CAPEC-17 |
Accessing, Modifying or Executing Executable Files |
| CAPEC-22 |
Exploiting Trust in Client |
| CAPEC-23 |
File Content Injection |
| CAPEC-32 |
Embedding Scripts in HTTP Query Strings |
| CAPEC-35 |
Leverage Executable Code in Non-Executable Files |
| CAPEC-36 |
Using Unpublished APIs |
| CAPEC-44 |
Overflow Binary Resource File |
| CAPEC-47 |
Buffer Overflow via Parameter Expansion |
| CAPEC-48 |
Passing Local Filenames to Functions That Expect a URL |
| CAPEC-58 |
Restful Privilege Elevation |
| CAPEC-62 |
Cross Site Request Forgery (aka Session Riding) |
| CAPEC-65 |
Sniff Application Code |
| CAPEC-75 |
Manipulating Writeable Configuration Files |
| CAPEC-87 |
Forceful Browsing |
| CAPEC-89 |
Pharming |
| CAPEC-95 |
WSDL Scanning |
| CAPEC-104 |
Cross Zone Scripting |
| CAPEC-111 |
JSON Hijacking (aka JavaScript Hijacking) |
| CAPEC-113 |
API Manipulation |
| CAPEC-122 |
Privilege Abuse |
| CAPEC-133 |
Try All Common Switches |
| CAPEC-139 |
Relative Path Traversal |
| CAPEC-141 |
Cache Poisoning |
| CAPEC-143 |
Detect Unpublicized Web Pages |
| CAPEC-144 |
Detect Unpublicized Web Services |
| CAPEC-150 |
Collect Data from Common Resource Locations |
| CAPEC-157 |
Sniffing Attacks |
| CAPEC-158 |
Sniffing Network Traffic |
| CAPEC-160 |
Exploit Script-Based APIs |
| CAPEC-162 |
Manipulating Hidden Fields |
| CAPEC-170 |
Web Application Fingerprinting |
| CAPEC-179 |
Calling Micro-Services Directly |
| CAPEC-180 |
Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-200 |
Removal of filters: Input filters, output filters, data masking |
| CAPEC-207 |
Removing Important Client Functionality |
| CAPEC-208 |
Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements |
| CAPEC-212 |
Functionality Misuse |
| CAPEC-213 |
Directory Traversal |
| CAPEC-216 |
Communication Channel Manipulation |
| CAPEC-217 |
Exploiting Incorrectly Configured SSL |
| CAPEC-233 |
Privilege Escalation |
| CAPEC-239 |
Subversion of authorization checks: cache filtering, programmatic security, etc. |
| CAPEC-240 |
Resource Injection |
| CAPEC-310 |
Scanning for Vulnerable Software |
| CAPEC-464 |
Evercookie |
| CAPEC-465 |
Transparent Proxy Abuse |
| CAPEC-468 |
Generic Cross-Browser Cross-Domain Theft |
| CAPEC-545 |
Pull Data from System Resources |
| CAPEC-560 |
Use of Known Domain Credentials |
| CAPEC-609 |
Cellular Traffic Intercept |
| CAPEC-620 |
Drop Encryption Level |
