Introduction
In cybersecurity, it’s not enough to know what the weakness is — we also need to understand how attackers exploit it. That’s where CAPEC comes in.
So… what is CAPEC?
1. CAPEC = Common Attack Pattern Enumeration and Classification
CAPEC is a public catalog of common attack patterns used by cybercriminals to exploit known weaknesses in software, systems, or networks.
Think of it as the attacker’s playbook, organized and documented for defenders to study.
2. Who manages CAPEC?
CAPEC is maintained by MITRE, the same organization behind CVE and CWE.
Together, CVE + CWE + CAPEC give a full picture:
- CVE = Specific vulnerability
- CWE = Type of weakness
- CAPEC = Method of attack
3. What’s in a CAPEC entry?
Each CAPEC includes:
- CAPEC ID: e.g. CAPEC-137
- Name: Parameter Injection
- Description: How the attack works
- Prerequisites: What the attacker needs
- Related CWEs: Associated weaknesses
- Mitigations: How to prevent it
4. Real-world example
Let’s say:
- A web app is vulnerable to CWE-89: SQL Injection
- An attacker uses CAPEC-108: Command Injection to exploit it
- The issue is recorded as CVE-2024-12345
The three systems work together to model the full lifecycle of an attack.
5. Why CAPEC matters in DevSecOps
- Improves threat modeling
- Helps build more attack-aware defenses
- Enhances training and awareness for developers
- Integrates into threat detection systems and security testing
Conclusion
CAPEC helps you think like an attacker. It turns raw vulnerabilities into real-world attack strategies — giving teams the knowledge to prevent them before they happen.
That’s what a CAPEC is.