The MITRE Common Attack Pattern Enumeration and Classification (CAPEC) is a publicly available, comprehensive catalog that documents and categorizes common attack patterns used by adversaries to exploit software and systems. CAPEC provides structured descriptions of how attacks are carried out, including their prerequisites, execution steps, and potential impacts. The framework organizes attack patterns into a hierarchical taxonomy, ranging from broad mechanisms to specific techniques, and links them to related security frameworks such as CWE and CVE. By offering standardized language and detailed guidance, CAPEC supports threat modeling, incident response, and the development of secure software throughout its lifecycle, helping organizations anticipate, identify, and mitigate potential threats more effectively.
Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst / Threats