August 2024 Release – User Experience Focused Release!
This release is mainly focused on User Experience!
Here we have it:
Enhanced Image Support and File Management
File manager accessible within rich-text fields
New Pentest Report Template is Out!
Cloud Testing Methodologies added to the standard set of Test Suites.
Notifications on changed Writeups in a your writeup library
Invite User to AttackForge by Email Address
Advanced Table controls
Updates to Self-Service API
May 2024 Release – Another Release – yet another set of excellent features – and no hyped BS!
This release has two great parts.
Part I – a groundbreaking integration and a new set of features.
What is groundbreaking in another integration? Actually – this is the first ever integration between a Pentesting Management Platform and a Security Learning platform. I will have a separate blog post about it later this week.
Part II – usual extensive list of new features~
Here we go in no particular order:
- Project Test Case Custom Fields – enabling true Purple-Teaming
- Project Request workflow improvements (big ones!)
- New Time-Based custom email notification options
- New options for Import Vulnerabilities
- UX Enhancements
- Reporting updates
- Updates to Self-Service API
January 2024 Release – starting the year with a BANG!
January 2024 Release - Starting year with a BANG!
This release is focused on Enterprise capabilities!
Asset Libraries - with access control and ability to import assets
Portfolios Enhancements - Portfolio module and analytics are now available for all users – with proper access controls
Current MITRE ATT&CK Testing Methodologies, MITRE CWE and CAPEC Vulnerability Libraries
And many more - see inside!
October 2023 Release – one of the biggest ever!
Our product team has outdone themselves.
Again!
Condensed list of new features can barely fit in two pages!
And all of that – in one quarter!
Some ten-times bigger organisations😉would deliver less in a year than AttackForge engineers did in a single quarter!
This is how great our engineers are!
AttackForge ReportGen CLI tool is out!
Our engineers have released this new feature: AttackForge ReportGen Command Line Interface tool and the equivalent Node.js library.
Who and why would you need a non-interactive method of pentest report generation?
In fact - large AttackForge customers requested this feature. There are several benefits of having the ability to generate reports without interactive access to a portal.
July 2023 Release is out!
While everyone is going to Las Vegas Summer camp - AttackForge launches July 2023 Release.
Here are some of the big features included in this release:
New and improved Workflows for Infrastructure Pentesting.
Huge update to ReportGen – new free templates, custom styles, new filters, and ReportGen GitHub Community site
Import of results from NMAP and Masscan
User Experience improvements
New functionality withing existing workflows
- New Custom Field type – List
- Ability to select vulnerabilities when exporting a projects’ JSON file
- View Asset Module Data within Project Scope screen-As always – updates to Self-Service API
April 2023 Release is out!
This is the first release since AttackForge V2 was launched in January. What is your expectation – do you think our engineers slowed down after the V2?
No! This is another huge release filled to the brim with features!
Here are some of them:
Significant extension of Custom Fields capabilities
Ability to restrict access to reporting templates – now administrator could set who can access to which reporting templates.
Vulnerabilities could be linked between different projects.
Reports can be created against a hand-picked subset of vulnerabilities.
Updated ReportGen 2.6
Update to Qualys parser – to support the new format.
And many other features.
Penetration Testing Narratives
Tell Me you’re an Elite Pentester Without Telling Me You’re an Elite Pentester.
Happy New AttackForge V2
Finally – our brand new AttackForge Version 2 out!
We built upon great foundation of Version 1 – and bring whole new user experience to our customers! Check it out!
Presenting AttackForge October 2022 Release!
We have been very busy the last three months!
Hacker Summer Camp in Las Vegas, road trip visiting our clients across the USA…
Great time, great food and – the most important – great feedback. Thank you everyone for your hospitality and you feedback!
So - here it is - our October 2022 release:
Delegations - making life easier for admins
Smart Vulnerability Imports - mapping your tools vulns to your library
Extended project cloning functionality
Improved analytics
Bulk adding of remediation notes
UX Improvements, as always 😊
Updates to Self-Service API - as usual
ReportGen 2.4
Presenting AttackForge July 2022 Release!
Presenting AttackForge July 2022 Release!
We launched new product last week – AttackForge Core: Action Pack, but that will be in the next post.
This post is about this release - we have delivered a lot over past two months!
The focus has been on enhancing the features that made AttackForge so valuable for our customers.
Advanced Email notification
Enhancing Test Suite module with execution flows, notes, and associated evidence.
New version of ReportGen
And much more - check inside!
AttackForge May 2022 Release is out!
Another exciting release this month!
Project Clone capabilities – how many times did we want to simplify running recurring rounds of pentesting?
ReportGen v2.2 - with updated filtering capabilities, concept of Parent object, and styles for Executive Summary
Executive Summary with Rich Text support, WYSIWYG in UI, and Review Notes for better QA!
More control of user accounts
UX Improvements
New configuration options
And – as always - updates to Self-Service API!
The Missing Piece In Vulnerability Management
Perspective on one of the biggest challenges in vulnerability management today.
Internal vs. External Pentest Teams - Two Worlds Apart
Perspective on why internal & external pentest teams do pentesting very differently.
New Release: March 2022
Another big release. A lot of great features for our customers!
We introduced Vulnerability SLAs and Remediation Plans – to help security managers and platform owners to track vulnerabilities and remediation activities against their organisation’s policies
Custom fields for Assets – to capture organisation specific information about assets, so it is easier to focus pentesting activities on the most critical assets
Another update to our best-of-breed reporting engine ReportGen – introduction of sophisticated logic and diagnostics – to further empower our customers
Improved Retest workflow
New configuration options for Single Sign-On with multiple Identity Providers
UX improvements across multiple modules
And – as always - updates to Self-Service API
Pandemic or New Year – AttackForge Release Must Go On!
Pandemic or New Year – AttackForge Release Must Go On!
Happy New Year and Happy New Release! This one is definitely big and full of great stuff!
Custom Vulnerability Libraries – to make sure that your vulnerability write-ups are easy to manage and control
Second generation of AttackForge famous ReportGen tool,
Introduction of endpoints to Assets – making tracking and remediation of vulnerabilities more granular and visible.
And many more…
New Release: November2021
This release is all about User Experience and Customization!
Introduction of three distinct centralized Vulnerability Libraries
Custom forms, fields, and conditions
Group project access control management
Further improvements to global dashboard
Updates to ReportGen
Updates to Self-Service API
Part 4. People
This purpose of this article is to identify the People component of the solution.
Let’s look at the list of roles necessary to implement the process and structure described in the second article
Part 3. Technology -Enabling governance structure & process
This article is going to focus on how, in my view, the technology component of the solution should look like.
And again - I want to highlight that NO technology alone would be sufficient.
We need to get all three components right – process, technology and people.
Part 2. Pentesting - how to address the challenges… let’s start with the Process
This article is going to focus on what I believe is the first component of the solution – addressing the pentesting process and governance structure for sizeable pentesting programs (more than twenty pentests per year).