Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Further Information on Attack Patterns

Published: November 07, 2006 | Last revised: May 14, 2013 Author(s): Amit Sethi Sean Barnum Maturity Levels and Audience Indicators: / E  SDLC Life Cycles: Requirements  Testing  Copyright: Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.

Abstract

Further information about Attack Patterns.

Attack patterns are a rather new concept and, as of yet, relatively little content is available for further reading. The References page in this content area lists some resources that may prove valuable. Specifically, the following resources are directly relevant and should be considered:

  • The Common Attack Pattern Enumeration and Classification (CAPEC) initiative sponsored by the Department of Homeland Security. The objective of this effort is to develop and deploy to the public an initial baseline catalog of attack patterns along with a comprehensive schema and classification taxonomy. It is hoped that, after its launch, this catalog will continue to form the standard mechanism for identifying, collecting, refining, and sharing attack patterns among the software community.
  • Exploiting Software: How to Break Code [Hoglund 04]
  • Attack Modeling for Information Security and Survivability [Moore 01]
  • Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs [Gegick 05]

Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.

Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.

For information regarding external or commercial use of copyrighted materials owned by Cigital, including information about “Fair Use,” contact Cigital at copyright@cigital.com.

The Build Security In (BSI) portal is sponsored by the U.S. Department of Homeland Security (DHS), National Cyber Security Division. The Software Engineering Institute (SEI) develops and operates BSI. DHS funding supports the publishing of all site content.