CAPEC and CWE are two complementary databases maintained by MITRE, but they do not have the same objective. CWE describes technical weaknesses in code or design (e.g., lack of input validation), while CAPEC describes attack methods that exploit these weaknesses (e.g., SQL injection).
In other words, CWE focuses on the cause, while CAPEC focuses on the attacker's action. The two can be linked: a CAPEC pattern often specifies which CWEs it targets, making it possible to link the theoretical vulnerability, the practical exploitation, and the associated CVEs.
Cybersecurity professionals are the primary users of CAPECs: SOC analysts, penetration testing experts, security architects, developers, trainers, or threat intelligence teams. They use them to understand adversary tactics, prepare test scenarios, and strengthen defenses.
For example, a pentester can use a CAPEC to structure a simulated attack according to a realistic scenario. A developer can find guidance on design flaws to avoid. A CISO can integrate them into risk analyses to better illustrate the potential consequences of a technical weakness.