WEBVTT 1 00:00:00.000 --> 00:00:01.260 In this lesson, 2 00:00:01.260 --> 00:00:04.710 we will learn about common attack pattern enumeration 3 00:00:04.710 --> 00:00:07.830 and classification, or CAPEC. 4 00:00:07.830 --> 00:00:10.170 CAPEC is a threat modeling framework 5 00:00:10.170 --> 00:00:11.760 developed by MITRE 6 00:00:11.760 --> 00:00:15.450 that categorizes and describes common attack patterns 7 00:00:15.450 --> 00:00:20.310 used by adversaries to exploit vulnerabilities in systems. 8 00:00:20.310 --> 00:00:25.080 CAPEC provides detailed attributes for each attack pattern, 9 00:00:25.080 --> 00:00:29.400 such as the attack's prerequisites, potential outcomes, 10 00:00:29.400 --> 00:00:34.260 and the typical steps involved in executing the attack. 11 00:00:34.260 --> 00:00:37.920 These attributes enable security professionals 12 00:00:37.920 --> 00:00:40.920 to understand how attacks are carried out. 13 00:00:40.920 --> 00:00:44.430 A key use case for CAPEC is in identifying 14 00:00:44.430 --> 00:00:46.860 and mitigating vulnerabilities 15 00:00:46.860 --> 00:00:49.650 during the software development lifecycle. 16 00:00:49.650 --> 00:00:51.840 By referencing CAPEC patterns, 17 00:00:51.840 --> 00:00:55.050 developers can anticipate potential threats 18 00:00:55.050 --> 00:00:57.810 and design more secure systems. 19 00:00:57.810 --> 00:01:01.530 For example, if a development team identifies 20 00:01:01.530 --> 00:01:03.960 that their application is vulnerable 21 00:01:03.960 --> 00:01:06.630 to structured query language injection, 22 00:01:06.630 --> 00:01:09.990 they can refer to the relevant CAPEC entry 23 00:01:09.990 --> 00:01:13.140 to understand the attributes of this attack, 24 00:01:13.140 --> 00:01:17.400 allowing them to implement specific defenses against it. 25 00:01:17.400 --> 00:01:20.400 Let's learn more about the common attack pattern 26 00:01:20.400 --> 00:01:24.030 enumeration and classification, or CAPEC. 27 00:01:24.030 --> 00:01:27.570 The common attack pattern enumeration and classification 28 00:01:27.570 --> 00:01:31.080 is a threat modeling framework created by MITRE 29 00:01:31.080 --> 00:01:34.290 that categorizes and describes attack patterns 30 00:01:34.290 --> 00:01:36.690 commonly used by adversaries 31 00:01:36.690 --> 00:01:39.360 to exploit system vulnerabilities. 32 00:01:39.360 --> 00:01:42.720 CAPEC aims to provide security professionals 33 00:01:42.720 --> 00:01:46.050 with a structured way to understand attacks 34 00:01:46.050 --> 00:01:49.080 by detailing each pattern's prerequisites, 35 00:01:49.080 --> 00:01:50.700 likely outcomes, 36 00:01:50.700 --> 00:01:54.150 and the specific steps attackers might use. 37 00:01:54.150 --> 00:01:58.680 CAPEC is available as a public resource on MITRE's website 38 00:01:58.680 --> 00:02:03.680 at https://capec.mitre.org/ 39 00:02:07.560 --> 00:02:10.170 making it easily accessible for teams 40 00:02:10.170 --> 00:02:13.410 looking to enhance their security practices 41 00:02:13.410 --> 00:02:16.470 and counter potential vulnerabilities. 42 00:02:16.470 --> 00:02:21.060 By breaking down attack patterns into organized categories, 43 00:02:21.060 --> 00:02:23.910 CAPEC empowers teams to anticipate 44 00:02:23.910 --> 00:02:27.900 and defend against threats more effectively. 45 00:02:27.900 --> 00:02:31.770 Each CAPEC entry goes beyond a general description 46 00:02:31.770 --> 00:02:35.430 and offers detailed attributes about an attack 47 00:02:35.430 --> 00:02:38.910 such as the conditions needed for success 48 00:02:38.910 --> 00:02:43.050 and the typical outcomes of a successful attack. 49 00:02:43.050 --> 00:02:45.780 For example, each entry includes 50 00:02:45.780 --> 00:02:48.630 information on attacks' prerequisites, 51 00:02:48.630 --> 00:02:53.160 like specific software configurations or user permissions, 52 00:02:53.160 --> 00:02:56.790 which need to be in place for the attack to proceed. 53 00:02:56.790 --> 00:03:01.080 CAPEC also outlines the potential outcomes of an attack 54 00:03:01.080 --> 00:03:04.680 such as data theft, system disruption 55 00:03:04.680 --> 00:03:06.510 or denial of service, 56 00:03:06.510 --> 00:03:08.790 as well as the standard steps 57 00:03:08.790 --> 00:03:10.470 attackers might follow 58 00:03:10.470 --> 00:03:12.900 in carrying out an attack. 59 00:03:12.900 --> 00:03:16.500 These details give defenders critical insight 60 00:03:16.500 --> 00:03:18.840 into how each attack works, 61 00:03:18.840 --> 00:03:23.340 enabling them to identify and address vulnerabilities 62 00:03:23.340 --> 00:03:25.140 before they're exploited. 63 00:03:25.140 --> 00:03:27.600 A significant strength of CAPEC 64 00:03:27.600 --> 00:03:31.590 is its usefulness in the software development lifecycle. 65 00:03:31.590 --> 00:03:33.180 In software development, 66 00:03:33.180 --> 00:03:35.640 security teams and developers 67 00:03:35.640 --> 00:03:39.420 can reference CAPEC during early stages of development 68 00:03:39.420 --> 00:03:42.420 to identify potential vulnerabilities 69 00:03:42.420 --> 00:03:45.840 and implement preventive measures proactively. 70 00:03:45.840 --> 00:03:49.050 Also, by consulting CAPEC patterns, 71 00:03:49.050 --> 00:03:52.260 developers can predict which types of attacks 72 00:03:52.260 --> 00:03:54.480 may target their applications 73 00:03:54.480 --> 00:03:56.610 and introduce protections 74 00:03:56.610 --> 00:04:00.930 such as secure coding practices early on. 75 00:04:00.930 --> 00:04:04.590 For example, CAPEC may guide development teams 76 00:04:04.590 --> 00:04:08.100 to apply thorough input validation techniques 77 00:04:08.100 --> 00:04:11.040 to protect against injection attacks 78 00:04:11.040 --> 00:04:14.310 or to utilize strong encryption practices 79 00:04:14.310 --> 00:04:16.890 to secure sensitive information, 80 00:04:16.890 --> 00:04:21.660 helping to mitigate risk long before software is deployed. 81 00:04:21.660 --> 00:04:25.740 CAPEC's structure also makes it an excellent resource 82 00:04:25.740 --> 00:04:30.210 for defenders managing ongoing security needs. 83 00:04:30.210 --> 00:04:34.650 For instance, CAPEC groups attack patterns into categories 84 00:04:34.650 --> 00:04:36.420 and subcategories, 85 00:04:36.420 --> 00:04:40.200 allowing security teams to quickly locate information 86 00:04:40.200 --> 00:04:44.610 on specific threats or related attack techniques. 87 00:04:44.610 --> 00:04:48.930 This organization helps defenders find relevant information 88 00:04:48.930 --> 00:04:51.750 based on their system's vulnerabilities, 89 00:04:51.750 --> 00:04:53.850 whether they're searching for information 90 00:04:53.850 --> 00:04:56.040 on an individual attack type, 91 00:04:56.040 --> 00:04:58.260 or understanding how certain attacks 92 00:04:58.260 --> 00:05:01.680 relate to common tactics within their industry. 93 00:05:01.680 --> 00:05:05.160 In this way, CAPEC's classification system 94 00:05:05.160 --> 00:05:08.190 enables defenders to develop both specific 95 00:05:08.190 --> 00:05:10.740 and broader defense strategies, 96 00:05:10.740 --> 00:05:14.610 strengthening resilience against diverse threats. 97 00:05:14.610 --> 00:05:17.490 For example, if a development team 98 00:05:17.490 --> 00:05:21.390 discovers a potential SQL injection vulnerability, 99 00:05:21.390 --> 00:05:26.310 they can consult the relevant CAPEC entry on SQL injection 100 00:05:26.310 --> 00:05:29.820 for a detailed understanding of the attack. 101 00:05:29.820 --> 00:05:32.010 This entry will provide guidance 102 00:05:32.010 --> 00:05:33.720 on how attackers might attempt 103 00:05:33.720 --> 00:05:37.590 to exploit SQL injection vulnerabilities, 104 00:05:37.590 --> 00:05:40.890 such as by submitting malicious database queries 105 00:05:40.890 --> 00:05:43.590 through application input fields. 106 00:05:43.590 --> 00:05:46.830 By following the suggested defense recommendations 107 00:05:46.830 --> 00:05:48.450 in the CAPEC entry, 108 00:05:48.450 --> 00:05:52.830 such as parameterized queries and input validation, 109 00:05:52.830 --> 00:05:55.470 the security team can implement controls 110 00:05:55.470 --> 00:05:58.170 to secure their database interactions, 111 00:05:58.170 --> 00:06:02.280 reducing the risk of SQL injection attack. 112 00:06:02.280 --> 00:06:05.520 So remember, the common attack pattern, 113 00:06:05.520 --> 00:06:08.490 enumeration and classification, or CAPEC, 114 00:06:08.490 --> 00:06:12.570 is a powerful tool for understanding, categorizing 115 00:06:12.570 --> 00:06:15.930 and defending against known attack patterns. 116 00:06:15.930 --> 00:06:18.150 By offering detailed information 117 00:06:18.150 --> 00:06:20.310 on each attack's attributes, 118 00:06:20.310 --> 00:06:24.000 CAPEC enables security teams and developers 119 00:06:24.000 --> 00:06:28.680 to build proactive defenses directly into their systems. 120 00:06:28.680 --> 00:06:31.590 Available for free on MITRE's website, 121 00:06:31.590 --> 00:06:35.280 the common attack pattern, enumeration and classification 122 00:06:35.280 --> 00:06:39.480 is an important framework for creating resilient software, 123 00:06:39.480 --> 00:06:41.700 identifying vulnerabilities, 124 00:06:41.700 --> 00:06:44.370 and continuously assessing risks 125 00:06:44.370 --> 00:06:46.743 throughout the software lifecycle.