Another set of new features added in this release:

• ReportGen has got a big power upgrade,

• Tracking added to Test Cases,

• You can personalize your Analytics dashboard

Plus our regular updates to Self Service API and improved User Experience.

So let’s start with ReportGen

AttackForge sophisticated report generation engine is now even better with a new set of capabilities. You can now add full set of programming instructions in your ReportGen templates. Loops, Conditions, Filters, Data Aggregation, Data Formatting and Assignments – you name it! You can use this logic to instruct ReportGen how the resulting report would look like, what would be rendered, how and where. To give you one example – you can create dedicated sessions within report that would automatically assemble PCI related vulnerabilities found on your project, and another section dedicated to weaknesses in TLS implementation. Or another example from one of more recent clients’ requests – you can split your report into sections dedicated to External and Internal vulnerabilities!

Another new great feature is Custom Tags. You can define your own custom fields or tags and reference them anywhere in you ReportGen templates. Use them to capture additional information for your projects, or specific vulnerabilities, or individual assets:

• Project-Level

You can now define custom project-level fields which could be used to capture and include information relating to the overall project, for example client details, report classifications, test-related information, etc. 

More information how to create Custom Tags at Project-Level is here:
https://support.attackforge.com/attackforge-enterprise/modules/reporting#project-level-custom-fields

• Vulnerability-Level (in AttackForge Vulnerability Library)

You can now define custom vulnerability-level fields which could be used to provide supporting details for a vulnerability in the library, for example technical risk score, industry classifications, references to policies and standards.

More information how to create Custom Tags at Vulnerability-Level is here:
https://support.attackforge.com/attackforge-enterprise/modules/reporting#vulnerability-level-library-custom-fields

• Affected Asset-level (vulnerability on project)

You can now define custom affected asset-level fields which could be used to add details for a vulnerability on a project. This is the way, for example to identify whether its derived from internal or external scanning, whether it is PCI related, etc.

More information how to create Custom Tags at Affected Asset-Level is here:
https://support.attackforge.com/attackforge-enterprise/modules/reporting#affected-asset-level-project-custom-fields

You can also perform bulk-add/update to apply custom fields/tags across a selection of vulnerabilities on a project at one time (see following link for more details: https://support.attackforge.com/attackforge-enterprise/getting-started/updating-vulnerabilities#bulk-add-reportgen-fields-tags)

Plus, there are nine new tags added to ReportGen in general. Full list is in the usual spot – on our support site: https://support.attackforge.com/attackforge-enterprise/modules/reporting#available-tags-for-individual-reports

Tracking Test Cases

We, in AttackForge, are strong believers that Penetration Testing is a professional service. And has to follow clear methodology. That’s why we have Test Suites with Test Cases – to help pentesters to formulate methodologies and follow them. And even more – to be able to demonstrate to your clients (internal or external) and auditors – that you indeed followed the methodology.

This release adds more to this very important functionality! Now you can track Test Cases – whether they Passed, Failed, or Remediated.

You can fail a test case automatically by linking a vulnerability to a test case. When creating or updating a vulnerability on a project, select the failed test case(s) to link them. Or you can add a vulnerability directly from the test cases page, to quickly link the test case to the new vulnerability. Whatever fits in your workflow.

There is also ability to filter test cases by Passed, Failed and Remediated when viewing the test cases on the project.

You can also access all that information from ReportGen and include it in your reports.

Personalize Your Analytics

It is our strong belief that access to advanced analytics is one of the key values that AttackForge brings to the clients. So we discuss the use of Analytics with our clients regularly. One issue was raised by different clients nearly every time - everyone wants to see different analytics on their screen. Different enterprises have different policies and SLAs, different ways to measure the security posture, different subjects to report on, etc.

So our engineering team lead, who often participates on the feedback meetings with clients, came with the proposition to let users personalize their AttackForge Analytics page - so they can see what they need and use it to understand, track and report the metrics they require from the first Analytics screen they see.

And to make it work even better AttackForge added number of additional analytics widgets. Each widget can be filtered by time and groups. Full information how (and what) to customize to see your Analytics is on our Support site: https://support.attackforge.com/attackforge-enterprise/modules/analytics#how-to-personalize-analytics