CAPEC CWE Coverage
Overview
Common Attack Pattern Enumeration and Classification (CAPEC) provides a publicly available catalog that helps users understand how adversaries exploit weaknesses in applications.
It offers a comprehensive framework for identifying, classifying, and describing common attack patterns, enabling security teams to better anticipate and defend against potential threats.
This article organizes Common Weakness Enumerations (CWEs) relevant to CAPEC.
Each row in the table below outlines a specific compliance standard, categorized by the following columns:
Compliance Standard: The specific category of the standard to which the CWE is mapped.
Languages: Supported programming languages.
CWE-ID: The relevant CWE for this standard, along with a short description.
CAPEC CWE Coverage
Compliance Standard | Languages | CWE-ID |
---|---|---|
CAPEC-100: Overflow Buffers |
|
|
CAPEC-102: Session side jacking |
|
|
CAPEC-123: Buffer Manipulation |
|
|
CAPEC-126: Path Traversal |
|
|
CAPEC-134: Email Injection |
|
|
CAPEC-135: Format String Injection |
|
|
CAPEC-136: LDAP Injection |
|
|
CAPEC-159: Redirect Access to Libraries |
|
|
CAPEC-165: File Manipulation |
|
|
CAPEC-194: Fake the Source of Data |
|
|
CAPEC-197: Exponential Data Expansion |
|
|
CAPEC-201: Serialized Data External Linking |
|
|
CAPEC-215: Fuzzing and observing application log data/errors for application mapping |
|
|
CAPEC-242: Code Injection |
|
|
CAPEC-252: PHP Local File Inclusion |
|
|
CAPEC-284: Improper Access Control |
|
|
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
|
|
CAPEC-337: Insufficient Transport Layer Protection |
|
|
CAPEC-34: HTTP Response Splitting |
|
|
CAPEC-475: Signature Spoofing by Improper Validation |
|
|
CAPEC-492: Regular Expression Exponential Blowup |
|
|
CAPEC-503: WebView Exposure |
|
|
CAPEC-540: Overread Buffers |
|
|
CAPEC-586: Object Injection |
|
|
CAPEC-63: Cross-Site Scripting (XSS) |
|
|
CAPEC-66: SQL Injection |
|
|
CAPEC-83: XPath Injection |
|
|
CAPEC-92: Forced Integer Overflow |
|
|
CAPEC-93: Log Injection-Tampering-Forging |
|
|
CAPEC-94: Man in the Middle Attack |
|
|
CAPEC-97: Cryptanalysis |
|
|