CAPEC - Documents

Home > About CAPEC > Documents


	About CAPEC Overview \| Board \| Glossary \| Use Cases \| Resources \| Documents \| FAQs \| New to CAPEC? Documents A number of documents exist to help clarify the historical significance, current use, and future directions of CAPEC. Documentation Schema Documentation This document, which is posted on the CAPEC Reports page, contains descriptions of the various elements in the official CAPEC Schema. It provides a basic understanding of the CAPEC data structure and can be used as a useful guide for developing new CAPEC entries or adding content to existing entries. Previous versions of the schema documentation are available on the Archive page. Release Notes Release notes citing the difference between the current official version of the CAPEC List and CAPEC Schema in comparison to the most previous version are posted on the CAPEC Reports page. Difference reports for previous releases are available on the Archive page. ATT&CK Comparison Understanding adversary behavior is increasingly important in cybersecurity. Two approaches exist for organizing knowledge about adversary behavior – CAPEC and ATT&CK, each focused on a specific set of use-cases. This page explains the similarities, differences, and relationship between CAPEC and ATT&CK and the role of each in cybersecurity. Back to top CAPEC User Summit 2022 Videos The videos below, from the first-ever “CAPEC Program User Summit,” are hosted on the CAPEC/CWE YouTube channel. Session 1 - Pen Testing and Execution Flows Session 2 - Using CAPEC in Education Session 3 - Hardware and CAPEC Session 4 - CAPEC Entry Completeness and Quality Session 5 - Supply Chain Risk and CAPEC Session 6 - Community Discussion: Future Vision for CAPEC Transcripts Talking Exploits, Session 1 - Pen Testing and Execution Flows - Navaneeth Krishnan Subramanian, CAPEC/CWE Program The Missing Piece in Vulnerability Management, Session 1 - Pen Testing and Execution Flows - Fil Filiposki, AttackForge Penetration Testing Planning with CAPEC—The ESSecA Experience, Session 1 - Pen Testing and Execution Flows Case Studies of Industry to Academics—CAPEC’s Role in Threat Management at SJU, Session 2 - Using CAPEC in Education - Suzanna Schmeelk, St. John's University How Do Students Feel About CAPEC-based Security Static Analysis Exercises?, Session 2 - Using CAPEC in Education Securing HW with the Help of CAPEC, Session 3 - Hardware and CAPEC Protecting Hardware Or How to Boot More Securely, Session 3 - Hardware and CAPEC CAPEC Entry Completeness and Quality, Session 4 - CAPEC Coverage, Completeness, and Quality - Steve Christey Coley, CAPEC/CWE Program Supply Chain Attacks—MITRE’s System of Trust™ and CAPEC, Session 5 - Supply Chain Risk and CAPEC - Robert A. Martin, MITRE Corporation Community Discussion—Future Vision for the CAPEC Program, Session 6 - Community Discussion: Future Vision for CAPEC - Alec J. Summers, CAPEC/CWE Program (moderator) Agenda CAPEC User Summit 2022 – Speakers List and Final Agenda (PNG, 145 KB) Back to top Archived Documents CAPEC Introductory Brochure A brief two-page introduction to the CAPEC effort. February 2013. PDF (111 KB) An Introduction to Attack Patterns as a Software Assurance Knowledge Resource OMG SwA Workshop 2007 PDF (2 MB) Attack Patterns - Knowing Your Enemies in Order to Defeat Them BlackHat_DC_07 Paper - PDF (119 KB) Slides - PDF (522 KB) Back to top More information is available — Please select a different filter.

Page Last Updated or Reviewed: June 02, 2022


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.