I think I mentioned a few posts ago that we see three areas as strategically important for AttackForge and for our clients: Better analytics, more Integration with the rest of security ecosystem, and constant improvement of user experience. This release follows these directions.

Trend Analysis and Comparison added to Analytics module

One of the challenges that every organisation that runs a sizeable penetration testing program is to measure the results. The first challenge is to have objective measurements. With AttackForge it can be done – through enforcement of methodologies (Test Suites in AttackForge) and using consistent terminology (Vulnerability Library templates). With those, security managers could measure where they are in terms of managing pentesting vulnerabilities. This functionality has been part of AttackForge for quite some time.

In this release our product team has added ability to perform trend analysis. Now security managers can compare key data such as projects, vulnerabilities, SLAs, etc. across periods of time, vendors, business units, etc.  Now you can discover if you are getting better or worse over time. You can reliably determine which business units or vendors are improving (or not) faster.

You can prove the value of usually quite expensive penetration testing program with objective information.

To compare Analytics, click on Compare button in the top-right of your Analytics dashboard.

Update to Report generation (AttackForge ReportGen)

Our clients’ feedback has been quite strong - ability to provide highly tailored and focused reports for specific audiences is very important for our customers to keep their auditors, executives and customers happy.

This release AttackForge is adding new capabilities to already sophisticated ReportGen module. Less time wasted on writing and manipulating reports means more time on fun stuff – the actual hacking/pentesting.

You can now check to see if a tag (including custom tags) contains or does not contain a specified value, or array of values, and continue if true/exists or false/doesn’t exist.

You can also now use a 'count' filter to set an arbitrary counter for a condition, then reference that counter later in the report.

You can also search a tag which contains specific information to return an object which meets a specific condition.

New metatags have been added to allow more flexibility in the reports.

As usual – you can find the details in ReportGen section on our support site:

https://support.attackforge.com/attackforge-enterprise/modules/reporting#attackforge-reportgen  

Dashboard Notifications

Now you can receive notifications from AttackForge on what is happening within the pentesting program. Email contains the summary of of key information – for example projects, vulnerabilities, SLAs, group activity, user activity etc.

The Daily Admin Update Email includes the following:

·        Total number of Vulnerabilities discovered in past 24 hours, including Critical, High, Medium, Low and Informational

• Total number of Vulnerabilities Closed in past 24 hours

• Total number of Vulnerabilities Ready for Retest in past 24 hours

• Total number of Projects Requested in past 24 hours, including project name and desired test window

• Total number of Projects In-Progress, including name, test window and total number of vulnerabilities

• Total number of Projects Waiting to Start in next 7-days, including project name and test window

• Total number of New Users in past 24 hours, including first and last names

Daily Admin Update Email supports following options:

• Enable/Disable - depending on whether you would like to use the feature or not. Default is Disabled.

• Selection of users to send the email to - you can individually add users to receive the email.

• Time each day the email will be sent - this is based on the geographical region assigned to your tenant. The emails will be sent at any given point during the selected hour.

You can access Notifications via the global menu. It is currently restricted to admin users only.

Other new and improved features

Here is the list:

• Automating Access to Groups/Projects via Active Directory (if your tenant is integrated with AD)

• Every change to vulnerability is recorded in Revision History

• Users can set their own Custom Default Landing Page (if you work on projects – just set project module as your landing page)

• Access Project Logs On-Demand

• New Administration Module

• New Global Config Options Available

• Multiple UX Enhancements

The full Release Notes are in their usual place: https://support.attackforge.com/release-notes#2021-05-03