Further information about Attack Patterns.
Attack patterns are a rather new concept and, as of yet, relatively little content is available for further reading. The References page in this content area lists some resources that may prove valuable. Specifically, the following resources are directly relevant and should be considered:
- The Common Attack Pattern Enumeration and Classification (CAPEC) initiative sponsored by the Department of Homeland Security. The objective of this effort is to develop and deploy to the public an initial baseline catalog of attack patterns along with a comprehensive schema and classification taxonomy. It is hoped that, after its launch, this catalog will continue to form the standard mechanism for identifying, collecting, refining, and sharing attack patterns among the software community.
- Exploiting Software: How to Break Code [Hoglund 04]
- Attack Modeling for Information Security and Survivability [Moore 01]
- Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs [Gegick 05]
Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.
Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.
For information regarding external or commercial use of copyrighted materials owned by Cigital, including information about “Fair Use,” contact Cigital at firstname.lastname@example.org.
The Build Security In (BSI) portal is sponsored by the U.S. Department of Homeland Security (DHS), National Cyber Security Division. The Software Engineering Institute (SEI) develops and operates BSI. DHS funding supports the publishing of all site content.