Attack Pattern
What is Attack Pattern?
Attack PatternA reusable description of how attackers exploit a class of weaknesses, used to map techniques, build detections, and harden systems against threats.
An attack pattern is an abstract, structured description of an adversary's approach — the steps, prerequisites, and weaknesses involved in a class of attacks rather than a single exploit. The MITRE CAPEC catalogue contains hundreds of patterns (for example CAPEC-66 "SQL Injection" or CAPEC-242 "Code Injection"), each linked to related CWE weaknesses and CVE entries. In threat modelling and detection engineering, attack patterns sit one layer above MITRE ATT&CK techniques and provide common vocabulary for purple-team exercises, secure-design reviews, and threat intelligence sharing in STIX/TAXII. They help teams generalise from a single incident to a recurring class of behaviour worth detecting and preventing.
● Examples
- 01
CAPEC-153 "Input Data Manipulation" patterns used to harden API gateways.
- 02
Mapping a phishing incident to MITRE ATT&CK T1566 and a CAPEC parent pattern for reporting.
● Frequently asked questions
What is Attack Pattern?
A reusable description of how attackers exploit a class of weaknesses, used to map techniques, build detections, and harden systems against threats. It belongs to the Defense & Operations category of cybersecurity.
What does Attack Pattern mean?
A reusable description of how attackers exploit a class of weaknesses, used to map techniques, build detections, and harden systems against threats.
How does Attack Pattern work?
An attack pattern is an abstract, structured description of an adversary's approach — the steps, prerequisites, and weaknesses involved in a class of attacks rather than a single exploit. The MITRE CAPEC catalogue contains hundreds of patterns (for example CAPEC-66 "SQL Injection" or CAPEC-242 "Code Injection"), each linked to related CWE weaknesses and CVE entries. In threat modelling and detection engineering, attack patterns sit one layer above MITRE ATT&CK techniques and provide common vocabulary for purple-team exercises, secure-design reviews, and threat intelligence sharing in STIX/TAXII. They help teams generalise from a single incident to a recurring class of behaviour worth detecting and preventing.
How do you defend against Attack Pattern?
Defences for Attack Pattern typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Attack Pattern?
Common alternative names include: CAPEC pattern, Attack technique pattern.
● Related terms
- compliance№ 687
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques observed in real-world attacks, maintained by MITRE.
- appsec№ 1150
Threat Modeling
A structured analysis that identifies the assets, threats, vulnerabilities and mitigations of a system so security can be designed in rather than bolted on.
- vulnerabilities№ 1216
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
- defense-ops№ 307
Detection Engineering
The discipline of designing, testing, deploying, and maintaining security detections as code, with measurable coverage of adversary techniques.