November 2024 Release – keeping AttackForge the best (as always)!
2024 is rolling toward festive season and the AttackForge engineers have prepared a full bag of presents!
The signature feature for this release is AFScript – AttackForge’s own programming language – allowing even deeper customization and integration of AttackForge into organisational ecosystem, and improvements in User Experience.
Another great feature is Custom Table views. And now you can save your favourite and frequent views!
Plus, other complimenting features and improvements like we do for every release:
UX Improvements
Configure sections, re-order your forms
Improved scrolling implementation
Consolidated Writeup selection fields
Updated email template tags
Added support for custom informational message on Vulnerability visibility
More default value options
New Modal Experience for Writeups
Inline Code Snippets
Better Management of Select Field Options
Asset ID Now In-Tables and CSV Export
Vulnerability Code limitations removed
Powered up Project Forms – with AttackForge Script
Improved Logging
ReportGen Improvements
Self Service API improvements
And last but not least – No Timeout when actively entering data
AttackForge Script
AttackForge is a platform that operates as a part of the wider Enterprise ecosystem. This means many things – the need to push and pull and then transform data from other places, evaluate the information using custom algorithms, and present the results the way our customers want to see them, and many other uses that require customer-defined logic. It is possible to achieve some of that using configurations, however… every Enterprise customer needs it in their own special way.
That encouraged us to develop and introduce AFScript – AttackForge’s own interpreted programming language built by the engineering wizards at AttackForge - to help you customize and align YOUR AttackForge to YOUR needs – to work in your ecosystem! 💪
You can check our video here.
AFScript gives you the ability to:
Change AttackForge own application logic to better align with how you (and your customers) see your workflows.
Drive new behavior in AttackForge forms, their sections and fields – programming it without leaving AttackForge and building a separate application.
Create special in-app automations for your projects, vulnerabilities, assets and more. It is not yet available in every component of AttackForge – but we add AFScript to a new module every few weeks. So, check your tenant for updates!
Push and pull and then transform data from your other applications and databases – and use them – all without need to build additional applications or infrastructure.
Apply pre-and-post data transformations when saving, updating or exporting data.
And even build bespoke dashboards and analytics – so they show what matters to you. And again – without need to build (and maintain) a separate application.
AttackForge Script (AFScript) came to be after the successes we’ve had experimenting with other custom logic and filtering languages we built into AF - Hide Expressions (custom fields and sections, vulnerability SLAs, custom vulnerability parsing), and Filter Expressions (custom emails, APIs) which gave AttackForge customers ways to make AF their own.
Our engineers built AFScript to provide a safe and secure path to use your own code in your AttackForge tenant – without losing performance - and without creating any security holes.
Just a reminder - AFScript is not executable - for your peace of mind.
The language was built to look-and-feel like JavaScript – so it is familiar and easy to use. It comes with a built-in modern and optimized code editor similar to VS Code – so it is easy to use. As you know – it is AttackForge philosophy to make it simple for our customers!
In this release, you can use AFScript to change the logic for how project status is calculated and to create custom value suggestions for fields.
Our video on this feature is here.
And as always – we give you samples to start from:
For more information on AFScript, how it works and how to use it - please visit our Support Centre
Custom Views for Tables
Customizable Table views are becoming everywhere in AttackForge. And now you can save your favourite and frequent views!
Different tasks may require different presentation of the same data on the screen – now you can easily configure, save and switch between different views!
For example – Vulnerabilities Table. When you create or review vulnerabilities as part of daily pentesting work you would need key information on what the vulnerability is, so you can easily find the one you want to work on. So, you create a view for that task once, save it to your profile, and use it every time you create or edit vulnerabilities. But that view would not be suitable when you review vulnerabilities as part of retesting after remediation. You might want to see the statuses or information from the engineers in the table. So, what you do – you create a view for that – and save it again. Next time you work on retesting it will be ready for you.
You might want to see Projects in a very specific way when planning the next week’s work for your team. And you definitely need another view when analyzing the last quarter’s projects.
Now you can create each of those views and save them as part of your own personal user settings.
And best of all - you can create as many views as you need!
If you want to see how it is done - check here.
Each view is unique. You can customize various table state and components in each view:
Whole Table filters
Column visibility
Column specific filters
Ordering
Sorting
Column locking
Other Column features
Table scroll.
Then - you can give every view their own name – and use then when you need.
AttackForge also supports ordering (and re-ordering) stored views, making it easy to switch between frequently accessed data.
Custom views have already made its way to Projects, Vulnerabilities and Assets and will be rolling out across the app to other tables in the coming weeks. Check it on your AttackForge tenant regularly.
Improved Logging
I thought to leave you with the two key new features… but I think improved logging deserves to be mentioned. Our customers asked for more comprehensive logging – and we all know that logging is important, especially in Enterprise environments. We are in the process of ongoing SOC2 Type II certification – and we know that every Information Security Management Framework has its own section dedicated to Logging and Auditing…
So here is the list of additional data you can extract when using API to get logging information (and keep your auditors at bay 😉 )
HTTP method
URL
Request path
Request query parameters
Request body
API endpoint name
HTTP status code
User Id
Project Id
Source IP address
Event details
Timestamp
More details of this and previous releases in our Support site Release Notes.