FAQ

Cybersecurity professionals are the primary users of CAPEC: SOC analysts, penetration testers, security architects, developers, trainers, or threat intelligence teams. They use it to understand adversarial tactics, prepare test scenarios, and strengthen defenses.

For example, a pentester can use a CAPEC entry to structure a simulated attack based on a realistic scenario. A developer might find insights into design flaws to avoid. A CISO can integrate CAPEC into risk analyses to better illustrate the potential consequences of a technical weakness.