Happy New AttackForge V2
Finally – after years in the making, our brand new AttackForge Version 2 is in production and available to our customers!
New version of AttackForge was planned two years ago. We wanted to build upon great foundation of Version 1 – and bring in that feedback we got from our customers. I mentioned that before – listening to our customers is one of the key differentiators we have!
We are proud to count quite a few of the biggest enterprises and consulting organisations as our partners and customers. And we listen and learn from them – making AttackForge better in the process! AttackForge V2 is the result of our labor and our customers’ feedback!
But our engineering team could not just deliver a new generation of AttackForge products – they also managed to add whole bunch of new features:
New version of our free AttackForge ReportGen tool,
Update to Self Service API,
Improvements in custom fields management,
New status for vulnerabilities,
Extended bulk update for vulnerabilities
And some more…
Oh! Our support center is also updated to reflect Version 2! Hurry up – and check it out!
AttackForge V2
V2 improves on V1 in many areas. But the most visible is User Experience. And it is much more than just new look and feel! Interface is simpler, whilst providing more flexibility when you need it.
Dashboards are easier to read and use. If you (or you boss) like to consume information visually – it is much easier with AttackForge V2. How our UX team managed to put more information on the same screen, while keeping it easier on the eyes – I don’t know. It is some sort of magic, I guess. Some of the information, that our customers indicated are not needed was removed and replaced with useful information.
Tables are so much easier to read and configure according to user preferences! Multi-select, ordering, filtering, field placement and selection – all is there for the user to make AttackForge user experience as efficient and enjoyable as possible! Plus - ability to export data right from the tables – so if you are Excel Guru – you can use the export here to build you own graphs and diagrams!
Analytics is easier to read while carrying more information - and you can dig into each line or number to see what is behind them.
New vulnerabilities module - with greater insight into your vulnerabilities. Project module – with all frequently utilised functionality at your fingertips, reducing the number of clicks and hassles for pentesters, project managers and engineers alike!
Portfolios module has been significantly updated – with new dashboard and visual presentation of the relationships between different streams and portfolios. Plus - access to the relevant projects, assets, and vulnerabilities without leaving the portfolio module!
AttackChains has new look and feel – nice and easy to understand.
And – for AttackForge administrators – reworked User module and Administration module – making it easier for our customers to manage their tenants.
New rich-text editors, menus, forms, interface components, etc … - all those small things, that make life much more comfortable!
AND
Number of “under the hood” improvements – extremely important while not immediately visible. AttackForge V2 works faster and more efficiently – with bigger data sets. That was not a simple improvement – but our illustrious back-end team is the best! They delivered!
ReportGen v2.5
Our AttackForge ReportGen version 2.5 has been released: The ultimate pentest reporting tool! And it is free – and can be used with any (including non AttackForge) JSON data!
This release includes six new filters, three new functions, and interesting updates to existing filters.
Resize filter allows user to resize the images. It works by setting a max-width value in pixels. The height will be automatically adjusted to match the same ratio.
Replace filter allows user to replace data in the report. For example, if you have some assets in AttackForge that looked like this: https://application.com – but you want them to appear in the report as application.com. This filter will do it for you. And it works with regular expressions as well!
Split filter enables users to split data based on a separator - and return a list of items. For example, assuming you have tags in this format: tag1:value. And you only want to show the right-hand-side (value), you could do the following:
{#vulnerabilities}
{#tags}
{$declare[tagSplitCounter][0]}
{#this | split:[“:”]}
{#$greaterThan[tagSplitCounter][0]}{.}{/}
{#$equals[tagSplitCounter][0]}{$increment[tagSplitCounter][1]}{/}
{/}{/}{/}
This example makes use of this filter to split the tag based on colon (:) as the separator. It also uses functions as a way to instruct the logic to skip over the first iteration of the loop (tag1) and then print everything after that (value). And again - it works with regular expressions as well!
There are also new functions (such as Sort) and updates to other filters.
New status of Vulnerabilities: Not Ready for Retesting
Retesting workflows are the big part of AttackForge functionality. We strongly believe that the key value of a pentest is enabling engineers for fast remediation. And not just a static report.
During remediation, some vulnerabilities might be assigned for retesting, only to discover that engineers have jumped the gun and further adjustments might be needed before they are retested. In this case – a specific status is necessary. With this version of AttackForge, engineers can now reassign vulnerabilities as Not Ready for Retesting in such cases.
Assignment of either “Ready for Retesting” and “Not Ready for Retesting” can be done in bulk – to save time for engineers and project managers.
Project Request form is updated:
Custom fields have been available for Project Request screen for quite some time. However, now it is possible to also hide (and disable) system fields – making your Project Request form completely customizable. With this update, our customers can implement the logic in the project request form to adapt when and how the system fields are displayed during a new project request.
Updates to Self-Service API
In this release, we have improved our Self-Service REST APIs to provide more flexibility and options when interacting with AttackForge.
New REST endpoint: CloneProject
This endpoint can be used to clone an existing project. We have introduced Project Cloning functionality some time ago – as an effective way to:
Prepare for a new round of testing,
Track vulnerabilities for specific assets across projects,
Focus retesting on open vulnerabilities.
And now it is available from Self-Service API.
When cloning a project, the new project will get access to:
Project settings, which can be adjusted for the new project - this includes name, codes, test suites, scope, email templates, portfolios, custom fields & project team
Project workspace, included all notes & files previously uploaded / created (OPTIONAL)
Project notes previously created (excluding private notes) (OPTIONAL)
Executive summary, including uploaded files (OPTIONAL)
You can also select which vulnerabilities (if any) you would like to carry forward into the new project. This is useful for performing a retest on existing vulnerabilities, as part of the new round of testing.
Advanced Query Filtering Support
We have added support for advanced query filtering for multiple REST endpoints: GetVulnerabilities, GetProjectVulnerabilities, GetVulnerabilitiesByAssetName, GetVulnerabilitiesByGroup
Advanced query filtering can be used to select the exact data set you would like the API to return – saving you time on doing the filtering yourself. The filter works like a database query, where you can specify fields & operators - these help to narrow down the results to the data you would need. This filter is only supported for selected API endpoints. More information – as always – in our support site documentation for each endpoint.
Full details of this release are – as always - in the Release Notes!