Attack Patterns

The Gang of Four started something when they began documenting design patterns for writing software.

It didn't take long for other patterns -- enterprise patterns, test patterns, and even anti-patterns -- to pop up. The most recent patterns to be documented are "attack patterns."

Attack patterns are common attack approaches from the set of known exploits. Knowing and understanding common attack patterns help you improve the assurance profile of software. Sean Barnum and Amit Sethi have published a series of excellent papers on the subject, starting with Introduction to Attack Patterns which, as its title suggests, introduces attack patterns from concept to terminology.

This is followed by articles on Attack Pattern Generation, Attack Pattern Usage, and the like.

Posted by Jon Erickson at 10:19 AM  Permalink