Northern summer is running into Autumn. AttackForge has been hibernating in the Australian winter working on another great surprise to our customers. This release is mainly focused on User Experience!

AttackForge is getting even easier to use with short of virtually no learning curve!

Here we have it:

• Enhanced Image Support and File Management

  • Copy and Paste images and files directly from your clipboard into rich-text fields

  • Drag and Drop images and files directly into rich-text fields or within drop-zones

  • Upload files at any time - even before saving the form

  • Preview images and add captions directly within rich-text fields

  • Expand rich-text fields to full-screen for maximum efficiency

  • File manager accessible within rich-text fields

• New Pentest Report Template is Out!

You can use new template as an example or a starting point for your own templates

• Cloud Testing Methodologies added to the standard set of Test Suites.

  • CIS Amazon Web Services Foundation

  • CIS Microsoft Azure Foundation

  • CIS Google Cloud Platform Foundation

  • Kubernetes Infrastructure

  • Oracle Cloud Infrastructure

• Access Detailed Asset Information directly from Vulnerabilities

• New Time-Based custom email notification: Writeups

  • Get an email update daily/weekly on newly created or modified Writeups

  • Notify maintainers on changed Writeups in a custom library

  • Get updates on Writeups that meet your specific criteria, even custom fields!

• Invite User to AttackForge by Email Address

• Advanced Table controls

  • Column Freeze on Table Scroll

  • Improved Table Custom Fields, with extended abilities to edit, filter, sort, expand and many other features

• Updates to Self-Service API

Enhanced Image Support and File Management

Long awaited inline image support and file management is here!

It means that you can now:

• Paste images and files directly from the clipboard into every rich-text fields. 

• Drag and Drop images and files directly into rich-text fields or into drop-zones. No pesky “attach file first then add it to the field”!

Adding images and files from your clipboard or via familiar drag & drop is now a piece of 🍰

• Upload files at any time. No need to save the form first. Less clicks – less pain.

• Preview images and add captions directly within rich-text fields – while you adding them – not afterward. Again – better user experience.

• Expand rich-text fields to full-screen for maximum convenience. More space to type detailed proof of concept for your 0-day!

• File manager directly accessible within rich-text fields. It is much easier to manage evidence files, images, logs, and insert the ones you need with one-click.

New Pentest Report Template is Out!

We've been working hard behind the scenes improving on the most powerful 💪 reporting engine - ReportGen. One great thing about ReportGen – it is easy (at least much easier than others) to use. New Pentest Report Template v3.4 (example | template) makes sure that you can see all the capabilities, and have great example how to use them in your own reports.

This template takes advantage of the great new features and capabilities introduced into AttackForge and ReportGen over the past several months. And there have been a lot of new features!

Pentest Report Template v3.4 demonstrates how you can build even more comprehensive report.

Here is the changes if compared with the previous template:

• New Section: Document Control

• New Section: Version Control

• Improved: Project Team

• Re-designed: Executive Summary

• New Section: Background

• New Section: Approach

• New Section: Methodology

• New Section: Out-of-Scope

• New Section: Customer Goals

• New Section: Testing Team Goals

• New Section: Assumptions and Constraints

• New Section: Summary of Recommendations

• New Section: Positive Security Observations

• Re-designed: Retesting History

• Updated: Summary of Findings

• Re-designed: Vulnerabilities

• New Section: Unique Vulnerability Details

Cloud Testing Methodologies Now Available

AttackForge always came with extensive pentesting methodologies! We strongly believe that with AttackForge you can start pentesting within minutes after deployment!

This release we added five new Cloud Configuration Testing Methodologies. They are available from our AttackForge GitHub.

Import them into your tenant and voilà - you can use them in your next pentest!

Here is the list:

• CIS Amazon Web Services Foundation

• CIS Microsoft Azure Foundation

• CIS Google Cloud Platform Foundation

• Kubernetes Infrastructure

• Oracle Cloud Infrastructure

New Custom Time-Based Emails: Writeups

AttackForge had custom email notifications for years now. Notifications could be triggered by SLA, new vulnerabilities, project events, re-testing, role changes, etc.

This Release we have added ability to have Writeups related notifications. You can now:

• Get an email update daily/weekly on newly created or modified Writeups

• Notify maintainers on changed Writeups in a custom library

• Get updates on Writeups that meet your specific criteria, even custom fields!

Quite a few AttackForge administrators and library moderators are going to be happy! 😉

Invite User by Email Address

I think this feature is self-explanatory. You can now invite new users to AttackForge directly by email address from the Users module. Invited users will receive an email with an activation link which takes them to a page to finish setting up their profile.

Advanced Table controls

Table Column Freeze on Table Scroll

Remember Excel “Column Freeze” – to keep some columns from scrolling horizontally? You can do it now in AttackForge tables. It keeps the important information on the screen while you look for other information on the right side…. You can also lock multiple columns giving you more control over your tables and data.

Improved Table Custom Fields

We have made significant improvements to table custom fields. You can now:

• Click on a table row to view or edit the full data in a modal window

• Filter and sort on individual columns

• Expand table into a modal window, for advanced filtering and search

• Bulk actions when editing table rows

• Support for pagination

Other User Experience improvements

Exploitability and Custom Tags now Optional

Exploitability and Custom Tags are now optional fields on Vulnerability form. You can now switch them off within Administration -> Vulnerabilities.

View Visible, Pending and All Vulnerabilities

Vulnerability Table can be toggled to view visible, pending and all vulnerabilities on your project. This makes it easier to view and action all vulnerabilities in a single table.

Access Detailed Asset Information from Vulnerabilities

The most of Enterprise users enable AttackForge comprehensive Asset module. So, they requested more convenient access to the Assets information directly from Vulnerabilities screen. And our brilliant engineering team delivered!

Self-Service API Improvements

Every release we improve Self-Service API! Better API means better integration with enterprise ecosystem! This is the list of improvements in this release:

• Major updates to REST endpoints:

• Create Project & Update Project - we updated these APIs to support configuration for Features and Pages on projects.

• Create Writeup & Update Writeup - we added support for creating and editing Writeups in the Project Library.

• All Get Vulnerability APIs - we added support for querying on Pending vulnerabilities.

BTW – if you need to integrate with your custom scanners, ticketing tools, analytics and data lakes - try AttackForge Events API yet! It's perfect for real-time integrations.