Understanding How They Attack Your Weaknesses: CAPEC

From OWASP
Revision as of 12:09, 25 October 2010 by Mark.bristow (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
By learning to think more like attackers, we gain a better understanding of how to defeat their methods. The Common Attack Pattern Enumeration and Classification (CAPEC™) initiative is a community-driven software security effort to create a publicly available catalog of attack patterns. At the core of CAPEC is the concept of an "Attack Pattern," a powerful mechanism for capturing and codifying various approaches to cyber attack including the detailed action-oriented attack execution flow, the capability and motivation of the attacker, the context within which the attack is possible, the weaknesses being targeted by the attack, characterization of the typical impact of a successful attack, and recommended mitigations to prevent or decrease the impact of the attack. This talk will serve as an overview of the CAPEC project to-date and showcase the various uses cases for CAPEC in software development, testing, architecture analysis, and secure operations.

The speaker

Speaker bio will be posted shortly