New Release: October 2020
This time we have a lot of new features to write about. I usually try to fit it into a concise post, but it is going to be hard!
Microsoft Teams
Collaboration is a key focus of AttackForge. We do believe that collaboration is the key to an effective penetration testing program and information security in general. This is the reason behind our logo – combining three distinct sections to symbolise collaboration between three teams –Security, Engineering and Business, and unified through a single point.
This release our engineering team introduced another very popular collaboration tool to the list - Microsoft Teams. Considering that most of enterprises are using Office365 – Teams would allow you to get the right people in the right place with the right information. And using whatever device your organisation allows you to use Teams on. Authentication integrates via your Enterprise Microsoft Azure Identity Provider, as usual for all Office products.
Further Support for Periodic pentesting
Periodic pentesting of solutions has become a new normal for mature organisations. It means that the same solution is pentested again, and again, and again. So keeping logistics (test creds, API descriptions, notes of the previous testing) and tracking previous findings easily turns into a nightmare. Especially if you rotate (and one has to) pentesting teams across various targets.
AttackForge had vulnerability tracking and retesting workflows for a long time. This release we added functionality to perform multiple rounds of periodic testing on a single project (and consuming single project license by the way)!
This will help enterprises to:
· Maintain logistics in one secure place (AttackForge), not in emails
· Keep track of all testing & vulnerabilities against your assets, in one place
· Perform periodic assessments whilst maintaining all data in single project
· View historical rounds of testing performed against assets, without switching projects
· And – quite important – keep auditors at bay. Reduce time spent presenting you pentesting program to auditors. I’ve been there (on the both side of that table) – it is no fun to either build or assess those dreaded evidence spreadsheets.
User Experience improvements
Usually improvements in UX are implemented based on your feed back. This time is not different. Here they are:
· Search in Data Tables. A lot of information in AttackForge is presented as Data Tables. And Data Tables in AttackForge could be searched through a search function (above top right corner of the table). Data could also be exported from those tables to be searched as well. But who would not want to have a simpler way of searching for information in the data tables? So here it is – scroll down to the bottom of the table and conveniently search for the data in a column.
· Tool Belt. Where does a tradesperson keep their most used tools? On the tool belt. Pentesters asked for it and our engineers had built the Quick Action tool belt for the functions that are the most used by pentesters in AttackForge. It is available on the Project Dashboard -
o scoping;
o adding and importing vulnerabilities;
o checking project entry criteria & logistics in the workspace;
o adding notes;
o updating executive summary;
And one more thing.
AttackForge can export vulnerabilities into several other tools and formats. One of the tools the AttackForge founders seem to like a lot is Nucleus Security Unified Vulnerability Management tool. Recently our friends over at Nucleus Security introduced native support for AttackForge JSON exports, allowing you to Post your AF Project JSON file directly to your Nucleus Security tenant – in one easy step. You can also set up an AttackForge Connector within Nucleus Security and upload your AF JSON files that way.
Until the next time…