July 2025 Release β things are getting faster! More features before we go to LV Summer Camp 2025
We are going to be at all three conferences in Las Vegas this August β so if you see AttackForge t-shorts in the crowd β come and say Hello!
Now β new features that we are proud to boast about (unlike others π):
Flows! More capabilities β you can create you API!
AttackForge Portfolios β build your own analytics,
Drafts β extended to more features,
Advanced Filtering β available for Writeups, Assets and Project Requests
Long awaited User Session experience improvement
And β of course β Updates to AFScript and Self-Service API!
Build Your Own Custom APIs with AttackForge Flows!
Yes β this is not a mistake! Your own API endpoints β as you want them!
This is big! AttackForge Flows can now be triggered by User Defined HTTP Triggers. It means that you can now build your very own custom APIs directly within AttackForge!
Why is this a real game-changer, you might ask? π€ Well, imagine:
Your external systems pushing data directly to AttackForge in real-time, exactly when you need it!
Running AttackForge automations as you see fit, triggered on-demand.
Creating completely custom integrations that respond to your unique needs.
Building modularized sequential Flows β triggering them from other Flows for complex automation chains!
Check this example β how to use this functionality to push information from Bug Bounty system (in this case β HackerOne) to AttackForge!
Every HTTP Triggered Flow comes with:
A dedicated URL to receive your instructions and launch your Flow (you can even rotate it for security!).
Configurable HTTP Methods (GET, POST, PUT, etc.).
Security β enabling Authentication and Authorization.
Control over input into the Flow, and output from the Flow.
An unlimited number of Actions performed by your Flow.
Support for custom scripting using AFScript!
Support for Secrets for managing sensitive data securely.
Whitelist or blacklist HTTP Headers for granular control.
Donβt forget to document your Flows using README section!
Build your own custom workflows
How many Pentest Management Platforms gives you the option to create your own workflows?
Only one β AttackForge!
These custom workflows open up a world of possibilities, including:
Fetching information about affected assets from an external CMDB or the AttackForge Assets Library for prioritization and risk scoring in the context of a specific asset.
Custom scoring vulnerabilities β merging pentesting data with threat intelligence from external databases like Flashpoint's VulnDB.
Enriching vulnerabilities - with CWE data (descriptions, remediation advice, references) via the MITRE CWE API.
Creating tickets in external tools like Atlassian JIRA, ServiceNow, Azure DevOps, and more.
Triggering conditional email notifications for automatic escalations.
Posting messages to Slack, Teams, or other collaboration tools.
Options are unlimited β thanks to AttackForge Flows!
Analytics in Portfolios and Streams
Portfolios have already been a game-changer for many security teams, helping to track and monitor security across:
Business Units, Subsidiaries, and Functional Teams,
Customers, internal and external,
Applications, Systems, and Technologies,
Geographies,
Compliance obligations,
Security Programs,
Mergers and Acquisitions.
This Release adds Analytics for every Portfolio and Stream!
It means Security Managers (yours or your Customers) have easier way to track, monitor, and report on:
What are the most common vulnerabilities?
Which assets need the most attention?
What are the root causes for these vulnerabilities?
Are we getting better, or are we getting worse?
DRAFTS extended to Writeups, Project Requests, Assets, and Test Cases
In our last release, we introduced DRAFTS β a feature that make life of AttackForge users easier, and their work more effective and efficient.
DRAFTS ensure you never lose your data thanks to the real-time autosave feature, giving you peace of mind. You can store your work, and come back to it when you are ready. You can work on multiple concurrent DRAFTS.
This release, we've extended DRAFTS to:
Writeups
Assets
Test Cases
Project Requests
And guess what?
DRAFTS are coming to even more places soon, including a central location where you'll be able to find all of your DRAFTS for everything in one convenient spot!
User Session Improvements
We know you wanted this one! And finally β¦ it is here!
Everyone hates being logged out while working on vulnerability and at the same time - session inactivity logout is a must, especially for security professionals!
Contradiction? Not for AttackForge any more!
At AttackForge, weβre all about making your pentesting experience as seamless and efficient as possible. Weβve completely revamped how we handle user interactivity to ensure your active sessions stay alive when you need them most, while giving you full control over timeout settings.
Weβve introduced a customizable session inactivity timeout warning to give you a heads-up before your session expires. You can now set exactly when the warning appears, tailoring it to your policies and work habits. If your session does time out, donβt worryβweβve got you covered! Whether itβs a detailed write-up or project notes, your progress is safe with AttackForge.
AttackForge gives you even more control over what happens when a session expires. Administrator can now configure whether users are automatically redirected to the login page or prompted to take action. This flexibility ensures your AttackForge experience aligns with your security policies and workflow preferences, making AttackForge even more adaptable to your needs.
Less frustrations β more hacking!
Additional Enhancements to Streamline Your Workflow
As always β there are more features in our Release than I can fit in a Blog post without turning it into War and Peaceβ¦
Review Notes Improvements:
We improve ability of our customers to perform comprehensive QA using Review Notes!
Now Review Notes support every system and custom field.
You can even start a thread on multiple topics for better collaboration.
Stay tuned for more exciting updates coming soon for QA and Reviews!
Advanced Filtering
As promised β Advanced Filtering has come to Writeups, Assets, and Project Requests!
Our customers love the option to quickly find the exact information they need in Table views. And now, combine Advanced Filtering with Custom Views β and you can save your search filters and effortlessly repeat your custom searches.
And of course β update to AttackForge Script, AttackForge ReportGen and Self-Service API and much more!
More details in the usual spot β our Release Notes that we are never afraid to publish.