FAQ

The official source of the CAPEC database is the MITRE website. This portal allows users to explore all the attack patterns, categorized by type, complexity, target, or level of sophistication. Each entry is accompanied by precise definitions, examples, and links to other useful resources (CWE, ATT&CK, etc.).

CAPEC provides a detailed structure to reproduce realistic attack scenarios, making it a valuable resource for simulations. Each pattern describes the prerequisites, execution steps, targets, attack vectors, and the potential goals of the attacker. This helps security teams design well-structured red teaming or threat modeling exercises.

For example, a tester might choose a CAPEC pattern for brute-force attacks on a network service and use it as a basis to assess an application's robustness. This approach makes testing more consistent and facilitates the documentation of results and recommendations.

CAPEC and CWE are two complementary databases maintained by MITRE, but they serve different purposes. CWE describes technical weaknesses in code or design (e.g., lack of input validation), while CAPEC describes attack methods that exploit these weaknesses (e.g., SQL injection).

In other words, CWE focuses on the cause, while CAPEC focuses on the attacker's action. The two can be linked: a CAPEC entry often specifies which CWE it targets, allowing the connection between the theoretical vulnerability, its practical exploitation, and the associated CVEs.

Cybersecurity professionals are the primary users of CAPEC: SOC analysts, penetration testers, security architects, developers, trainers, or threat intelligence teams. They use it to understand adversarial tactics, prepare test scenarios, and strengthen defenses.

For example, a pentester can use a CAPEC entry to structure a simulated attack based on a realistic scenario. A developer might find insights into design flaws to avoid. A CISO can integrate CAPEC into risk analyses to better illustrate the potential consequences of a technical weakness.

CAPEC attack patterns are used to document the tactics and techniques used by attackers to exploit systems. By studying them, security analysts, developers, and architects can understand the goals of an attack, its typical steps, and the vulnerabilities being exploited. This helps anticipate threats and design more effective countermeasures.

They are also useful for training, risk analysis, attack simulation (red teaming), and implementing defensive security controls. By linking CAPEC to CWE and CVE, one can build a complete chain from weakness to real-world exploitation, enriching threat modeling and security-by-design approaches.

CAPEC stands for Common Attack Pattern Enumeration and Classification. It is a structured knowledge base developed by MITRE that catalogs and describes known attack patterns used against information systems. Unlike isolated incidents, CAPEC outlines reusable strategies that attackers can use to exploit vulnerabilities.

Each CAPEC pattern is an abstract representation of malicious behavior: it explains how an attack is carried out, what type of weakness it targets, and the attacker’s objective. The goal of CAPEC is to help security professionals better understand, detect, and anticipate adversarial tactics.