FAQ

CAPEC provides a detailed structure for reproducing realistic attack scenarios, making it a valuable resource for simulations. Each pattern describes the prerequisites, execution steps, targets, attack vectors, and potential attacker objectives. This allows security teams to design well-defined red teaming or threat modeling exercises.

For example, a tester can choose a CAPEC pattern for a brute-force attack on a network service and use it as a basis for evaluating the robustness of an application. This approach makes testing more consistent and facilitates the documentation of results and recommendations.

CAPEC stands for Common Attack Pattern Enumeration and Classification. It is a structured knowledge base developed by MITRE that lists and describes known attack patterns used against computer systems. Unlike isolated incidents, CAPECs describe reusable strategies used by attackers to exploit vulnerabilities.

Each CAPEC pattern is an abstract representation of malicious behavior: it explains how an attack is carried out, what type of weakness it targets, and for what purpose. The goal of CAPEC is to help security professionals better understand, detect, and anticipate the tactics used by attackers.

CAPEC and CWE are two complementary databases maintained by MITRE, but they do not have the same objective. CWE describes technical weaknesses in code or design (e.g., lack of input validation), while CAPEC describes attack methods that exploit these weaknesses (e.g., SQL injection).

In other words, CWE focuses on the cause, while CAPEC focuses on the attacker's action. The two can be linked: a CAPEC pattern often specifies which CWEs it targets, making it possible to link the theoretical vulnerability, the practical exploitation, and the associated CVEs.

The official source of the CAPEC database is the MITRE website. This portal allows you to explore all patterns classified by attack type, complexity, target, or level of sophistication. Each record is accompanied by precise definitions, examples, and links to other useful resources (CWE, ATT&CK, etc.).

CAPEC attack patterns serve to document the tactics and techniques used by attackers to exploit systems. By studying them, security analysts, developers, and architects can understand the objectives of an attack, its typical steps, and the vulnerabilities exploited. This allows them to anticipate threats and design more effective countermeasures.

They are also useful for training, risk analysis, attack simulation (red teaming), and the implementation of defensive security controls. By linking CAPECs to CWEs and CVEs, a complete chain can be established from weakness to concrete exploitation, which enriches threat modeling or security by design approaches.

Cybersecurity professionals are the primary users of CAPECs: SOC analysts, penetration testing experts, security architects, developers, trainers, or threat intelligence teams. They use them to understand adversary tactics, prepare test scenarios, and strengthen defenses.

For example, a pentester can use a CAPEC to structure a simulated attack according to a realistic scenario. A developer can find guidance on design flaws to avoid. A CISO can integrate them into risk analyses to better illustrate the potential consequences of a technical weakness.