Another big release. A lot of great features for our customers!

• We introduced Vulnerability SLAs and Remediation Plans – to help security managers and platform owners to track vulnerabilities and remediation activities against their organisation’s policies

• Custom fields for Assets – to capture organisation specific information about assets, so it is easier to focus pentesting activities on the most critical assets

• Another update to our best-of-breed reporting engine ReportGen – introduction of sophisticated logic and diagnostics – to further empower our customers

• Improved Retest workflow

• New configuration options for Single Sign-On with multiple Identity Providers

• UX improvements across multiple modules

• And – as always - updates to Self-Service API

And just a reminder – we do not charge our Enterprise customers when we introduce new features.  

Custom Vulnerability SLAs

Penetration testing has a purpose – this purpose is to find vulnerabilities and facilitate remediation.

Each organisation has its own rules – how fast different vulnerabilities must be remediated one way or another. Those rules are Vulnerability SLAs. These SLAs depend on the risk that each specific vulnerability presents to the organisation. So, it is natural that AttackForge enables our customers to configure SLAs based on asset characteristics, criticality for vulnerability, threat environment, etc. AttackForge SLA rules-engine supports over fifty (50) datapoints across vulnerabilities, assets, and relevant projects – improving vulnerability tracking, triaging and compliance reporting for our customers.

Every SLA is color-coded and includes countdown trackers.

Vulnerability SLAs can be enabled by Administrators via Administration module.

For more information please visit https://support.attackforge.com/attackforge-enterprise/getting-started/vulnerability-slas

Remediation Plans

This release introduces a new workflow to capture Remediation Plans for vulnerabilities.

Remediation plans can be submitted by your customers or internal stakeholders, developers, engineers, and teams.

Remediation plans help to track when vulnerabilities are planned to be fixed, to help security team keep on top of open vulnerabilities.

And again - every remediation plan includes a countdown tracker to make it easy to identify and action vulnerabilities which are getting close to, or have already exceeded, their remediation plan dates.

Administrators can enable this functionality via Administration module.

Asset Custom Fields

In this release, AttackForge introduces custom fields for assets. Now our customers can capture important asset metadata, and use it within AttackForge, in their reports and API integrations.

Custom fields support all usual data types - input fields, select fields, datepicker, etc... They can be set as mandatory or optional within forms. Custom fields can also be displayed in tables, for easy filtering and sorting.

ReportGen version 2.1

Our brilliant product and engineering teams have just released another major update for AttackForge ReportGen!

This time we have introduced ReportGen Functions. You can now use functions in your templates to program custom logic and create even more sophisticated and powerful reports.

This release introduces twelve new functions - seven Procedures and five Operators. You can access Functions in the ReportGen tool menu. Full list is on our support site: https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions

It is our priority to make it easy for our customers to build their reporting templates. So, logically we introduced the $help function to print diagnostics information within your ReportGen browser console. This helps you to access that correct data you need in your report, and to help you with understanding what scope (tags/keys) is available. Insert this function wherever you need help in your template, and it will provide you with information inside the ReportGen tool.

AttackForge ReportGen 2.1 also includes two new Filters to provide greater flexibility when accessing your tags and data – dateFormat and sort.

• dateFormat. This filter can be used to convert a date to a desired format. It uses named formats and masks to allow for custom date formats. For example, this filter can be used to produce timestamps in user-friendly formats such as Saturday, June 9, 2021.

• Sort. This filter can be used to sort the data within a tag by a key within scope (or multiple keys). For example, this filter can be used to sort vulnerabilities by their CVSS score within the report.

For more information, please visit https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters

Significant improvement for Retest workflow

Our customers have been using Retest workflow extensively. And they love the ability to track and manage retesting activities with minimal efforts and maximum efficiency. And they provided us with feedback – what would make retesting even simpler. And we have listened (as always).

This release enables our customers to set up each retesting round with a dedicated scope of work, as well as date when retest will be ready to commence. Security teams can now independently action each round of retesting, determining when it has been completed and which vulnerabilities were retested.

We have also added option to cancel a retest.

For more information, please visit https://support.attackforge.com/attackforge-enterprise/getting-started/retesting#request-a-retest

Support for multiple SSO / identity providers.

Using established authentication methods are extremely important for our Enterprise customers, as well as for our MSSP customers. It is quite standard that one organisation might use different Identity Providers for different geographical locations, or different business units.

This release AttackForge introduced ability to use multiple identity providers for a particular AttackForge tenant. The relevant configuration is available from the tenant Administration module.

As always - updates to Self Service API

New API endpoints (quite a few of them), updates to existing APIs (with backward compatibility – as usual!)  – to help clients with the integration of AttackForge into their own ecosystem.

Other Functionality

• Custom one-off email notifications to project team. Now security teams can send custom one-off email notifications to project team members.

• New notification type for new vulnerability emails. When a new vulnerability is discovered – you can now send one single email with the details for all new vulnerabilities. Or you can still send an individual email per vulnerability, if desired. This new email notification type is fully configurable and supports tags to allow you to customize the content for each vulnerability to your requirements.

• Users with Upload access to a project get new dashboard buttons. It makes it easier for users to access the project workspace and notes directly from project dashboard.

Full details are in the Release Notes.