US Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. Build Security In. Setting a higher standard for software assurance.

Further Information on Attack Patterns

Published: November 07, 2006 | Last revised: May 14, 2013

Author(s): Amit Sethi and Sean Barnum SDLC Life Cycles: Requirements, Testing Copyright: Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.

Abstract

Further information about Attack Patterns.

Attack patterns are a rather new concept and, as of yet, relatively little content is available for further reading. The References page in this content area lists some resources that may prove valuable. Specifically, the following resources are directly relevant and should be considered:

  • The Common Attack Pattern Enumeration and Classification (CAPEC) initiative sponsored by the Department of Homeland Security. The objective of this effort is to develop and deploy to the public an initial baseline catalog of attack patterns along with a comprehensive schema and classification taxonomy. It is hoped that, after its launch, this catalog will continue to form the standard mechanism for identifying, collecting, refining, and sharing attack patterns among the software community.
  • Exploiting Software: How to Break Code [Hoglund 04]
  • Attack Modeling for Information Security and Survivability [Moore 01]
  • Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs [Gegick 05]

Back to Top