New Release: May 2020
More features in Attack Chains.
Some time ago, more than a year actually, AttackForge introduced Attack Chains. Idea is to help pentesters to turn technical vulnerabilities into a narrative about how the vulnerabilities they found relate to & impact on the business. Instead of arguing about ratings & hypothetical scenarios, Attack Chains allow you to show how vulnerabilities lead to a “boom” event - such as compromise of a server, perimeter or even company network & crown jewels. And by doing so - tell a story that business can relate to, so they can make informed decisions.
This month our development team significantly increased Attack Chain module capabilities. You can now include Devices, Servers, Databases and Assets to your Attack Chains. This allows you to easier demonstrate lateral movement on a network, and hosts which contributed to reaching attackers’ ultimate objective. This release also enables Attack Chains to be included in the reports that AttackForge generates, as well as being important part of interactive collaboration experience (which is AttackForges’ key purpose).
Attack Chains are also now part of JSON export – so you can import it in your own tools. If you do – let us know! We would love to hear how you use it!
Flexible integration – even more then before
Do you believe that a vendor would know better than you for what you need?
We don’t.
Our integration strategy is to give you - our clients - as much flexibility as it is practical so you can build your own ways to integrate with AttackForge. The method AttackForge has for that is our published Self Service API.
Self Service API allows your tools to collaborate with AttackForge in many ways, whilst maintaining strict access control. You can initiate pentesting projects in AttackForge from your project management tools. You can export vulnerabilities to and from AttackForge and your ticketing systems. You can build custom dashboards the way you need them to be.
You can do nearly anything using SSAPI, especially after this release. We added more than three dozen new endpoints this time! Check them on our support site.