Security Engineering (SE) Workbench

Return to the SE-Workbench Project Page

Security Attack Explorer Exercises

1. Explore the Security Attack Analysis Tool

  1. Initialize the tool by loading the tool or resetting the filters
  2. Review the Table Header Instructional information and click the Show/Hide button to Hide the Instructions
  3. Observe the column filters pulldown menus, visible columns, the text search field, and the data rows and cells.
  4. Observe the options within the Column Visibility function.
  5. Observe the options within the Select Data function.
  6. Observe the options within the Export Data function.
  7. Scroll down to the bottom of the page and note the number of entries in the CAPEC data.

2. Explore the Attack Patterns associated with "buffer overflow"

  1. Reset the filters or reload the tool
  2. Use the Search Field to find the weaknesses associated with the term "buffer overflow". How many CAPEC entries are in that list?
  3. Review the visible entries. Note that some of the entries provide a narrative of how the attack progresses, i.e., execution flow.

3. Explore the CAPEC entries associated with "ransomware"

  1. Reset the filters or reload the tool
  2. Use the Search Field to find the weaknesses associated with the term "ransomware".
  3. Optionally access the complete CAPEC entry on Mitre website by clicking on the URL in the Attack Description Field for the entry.

4. Explore the CAPEC entries associated with "social engineering"

  1. Reset the filters or reload the tool
  2. Use the pull down menu to select the Common Attack Patterns that are associated with the "Social Engineering" Attack Domain
  3. Optionally use the "Show" pull down menu to change the number of entries visible on the web page from 10 to 100.
  4. Review the visible entries. How many Attack Patterns are in the list?
  5. Optionally create an output file:
    • Use the Select Data button to Select the "filtered" CAPEC entries
    • Use the Export Data button to create a spreadsheet (CSV) file containing the CAPEC entries for the "social engineering" attack domain

4. Explore the CAPEC entries associated with Defects and Abuses

  1. Reset the filters or reload the tool
  2. Use the pulldown menu labeled "Defect v. Abuse" to filter the CAPEC entries that are associated with "defects" (Related CWE exists). How many CAPEC entries are in that list?
  3. Use the pulldown menu labeled "Defect v. Abuse" to filter the CAPEC entries that are associated with "abuses" (no related CWE). How many CAPEC entries are in that list?
  4. Optionally restrict the list be selecting CAPEC entries in the "social engineering" attack domain. How many CAPEC entries have related CWEs? How many CAPEC entries do not have related CWEs?

6. Explore the CAPEC entries by "Typical Severity" and "Typical Likelihood"

  1. Reset the filters or reload the tool
  2. Use the pulldown menu labeled "Typical Severity" to select the "Very High".
  3. Use the pulldown menu labeled "Typical Severity" to select the "High".
  4. Use the pulldown menu labeled "Typical Likelihood" to select the "High".
  5. Optionally use the "Show" pulldown menu to change the number of entries visible on the web page from 10 to 100.
  6. Optionally sort the entries in order:
    • Use the Column Visibility button to show the "Typical Severity" Column
    • Use the Column Visibility button to show the "Typical Likelihood" Column
    • Click on the Column Header for "Typical Severity" Column to sort the entries in ascending or descending order
  7. Optionally create an output file:
    • Use the Select Data button to Select the "filtered" CAPEC entries
    • Use the Export Data button to create a spreadsheet (CSV) or PDF file

7. Explore the CAPEC entries associated with "SQL Injection"

  1. Reset the filters or reload the tool
  2. Use the Search Field to find the weaknesses associated with the term "SQL Injection". What are the Attack Patterns with the highest Severity and Likelihood? What are the Attack Patterns with the lowest Severity and Likelihood?
  3. Optionally create an output file:
    • Use the Select Data button to Select the "filtered" CAPEC entries
    • Use the Export Data button to create a Print file containing the CAPEC entries for the "SQL Injection" related entries

8. Explore the CAPEC entries based on the Impact of successful attack

  1. Reset the filters or reload the tool
  2. Use the pulldown menu labeled "Attack Impact" to select the "Resource Consumption".
  3. Optionally use the "Show" pulldown menu to change the number of entries visible on the web page from 10 to 100.
  4. Optionally sort the entries in order:
    • Use the Column Visibility button to show the "Typial Severity" and "Typical Likelihood" Columns
  5. Optionally create an output file:
    • Use the Select Data button to Select the "filtered" CAPEC entries
    • Use the Export Data button to create a spreadsheet (CSV) or PDF file
  6. Optionally use a combination of pulldown menus to explore the CAPEC entry with "Resource Consumption" Impact that is "Low Severity". What is the attack? What is the prerequisite for the attack?

9. Examine Steps used in Attacks for various Domains

  1. Reset the filters or reload the tool
  2. Use the drop down menu to filter CAPEC attack patterns by domain, i.e., Hardware, Telecomm, etc.
  3. Use the drop down menu to observe the Attack steps relevant to the selected attack domain.
  4. Select one or more Attack Steps to view the related CAPEC pattern
  5. View the CAPEC patterns that do not have Attack Steps
    • Reset the filter for Attack Steps
    • Select the Attack Step Filter again
    • Scroll to the bottom of the Attack Step list and select the "No Steps" entry

10. Explore Attacks based on Impact within Domain

  1. Reset the filters or reload the tool
  2. Use the drop down menu to filter CAPEC attack patterns by domain, e.g., Hardware, Telecomm, etc.
  3. Use the drop down menu to select an attack impact, e.g., Gain Privileges, Modify Data, etc.
  4. Use the Column Visibility button to show the "Typical Severity" and "Typical Likelihood" Columns
  5. Prioritize the list
    • Click on the column header for "Typical Likelihood" to order the column highest to lowest
    • Click on the column header for "Typical Severity" to order the column highest to lowest
  6. Scroll thru the table from top to bottom to view the entries in prioritized order

11. Create a Security Attack Analysis Worksheet

  1. Reset the filters or reload the tool
  2. Use one of the following methods to select attacks of interest from the data in the tool.
    • Use cursor to highlight individual items
    • Use filters to select groups of items, for example, enter a text string, such as "buffer overflow", or "SQL injection", or, select one or more attack domains such as "Social Engineering" or "Hardware". Afterward, use the "Select Data" button and "Select Filtered Data"
  3. Create the Assessment Worksheet by Accessing the Assessment CSV button within the Export Data Function
  4. Open the downloaded CSV file in a local Spreadsheet program
  5. Format the downloaded spreadsheet by:
    • Set row 1 to Bold text to highlight the column headers
    • Select the entire spreadsheet and enable text wrap.
    • Select and stretch the column identifiers A thru L to show to spreadsheet content
    • Optionally set cell alignment at top
    • Save the changes to a local file
    • Work with the file to assign and track work items

top of the page

Copyright © 2022 Jim Whitmore.

LAST UPDATE: 5 October 2022