AttackForge Update: August and October 2025
We’ve been busy — and these last few months have been packed with major upgrades, UX polish, and some serious automation muscle:
Enhancements to Email notifications and Email templates
Script Editor with Live Preview
Updates to Flows
Whole batch of OWASP Test Suites
QA Improvements
UX Improvements
ReportGen Update
From smarter emails, automated flows, simpler QA tools; to tighter integrations and prettier reports — these releases bring AttackForge another step closer to full control, flexibility, and automation for your Offensive Security workflows!
And keep an eye out for the next wave — AI in the best way possible 😉 CVSS v4 scoring, more Flow Triggers (that’s going to be BIG!), and advanced QA review tools - are just around the corner!
Enhancements to Emails
Your AttackForge notification emails just got a major upgrade – it has been rebuilt to give you more flexibility, more control, and more style.
Global Email Template Settings
Want <meta> tags? Custom CSS? External file links? Go for it. You’re now in complete control of your email templates.
Configure them in Administration > Notifications > Templates > Header and Footer
Configurable Daily & Weekly Emails
Tailor your daily or weekly project updates with exactly the data and look you want.
New Email Tags
We’ve added a stack of new tags to give you more data to play with inside your templates.
Script Editor with Live Preview
No more blind editing! You now get a full code editor with syntax highlighting, auto-formatting, and instant preview.
See exactly what your email will look like before it lands in the inbox — and tweak the HTML anytime with full visibility.
Updates to Flows
Flows are getting even more powerful (and they will get even better soon)!
New Action Type: Script
Run user-defined code directly inside your Flows! Script Actions let you separate logic from HTTP actions — perfect for transforming data or adding smart decision-making between steps.
New Flows – Scheduled
Flows that run at any interval — hourly, daily, weekly, monthly, or completely custom cron-based.
Use it for:
Sync jobs with your external systems – Asset registers, ticketing system, GRC systems (Archer – anyone 😉)
Automated reporting
Data clean-up
Scheduled test runs
Comes with Cron helper, next-run indicator, and time zone control included.
Delay & Repeat Actions in your Flows
Loop over data or throttle API requests with full context awareness.
Create “for loops”, handle API pagination, or gracefully delay retries when systems are down.
No more messy custom scripts — it’s all built in!
New Events
Trigger automations when writeups are created or updated, when files are uploaded, or when test cases change.
You can now also see the User ID behind every event — great for auditing and notifications.
Running Flow Termination
Made a loopy mistake? Stop it instantly. Kill a running flow before it causes chaos (or floods someone’s inbox).
Download Large HTTP Responses
Big payloads? You can now download them directly as files for easy inspection.
QA Improvements
Review Notes are now supported on Project Test Cases and Project Summary pages — giving you tighter feedback loops and better-quality control.
Similar update for Writeups support coming soon!
Review Notes got smoother:
Notes now support all usual custom fields
Threads open as overlays
Smart scrolling, hover actions, and cleaner replies
UX Improvements
We’re polishing every corner to make AttackForge smoother and faster to use ✨
Improved CVSS Scoring: Modal-based scoring with paste-in vectors and better validation.
Rich-Text Enhancements: Now supports strikethrough, blockquote, inline images and drag-and-drop uploads in more places.
Project Notes with Files & Inline Images
Asset & Portfolio Forms – with full support of your fields and sections
Copy IDs from Titles and Breadcrumbs
Hide Expressions Extended – control visibility of vulnerability sections and fields based on portfolios or streams.
HTML Tables & Text Highlighting in Rich-text fields
Added support for beautiful HTML tables (with custom styling) and Text highlighting for emphasis. All visible in the portal and supported in your reports.
· Advanced Filtering Expanded
Advanced Filtering now works across Groups, Portfolios, Test Suites, Retesting, and more. Plus, copy record IDs straight from the table with one click – you might need it for AFScript and Flow debugging.
ReportGen Update
ReportGen keeps getting better and better – as always!
Stacked Bar Charts for layered data visualization.
Bigger Inline Images (up to 1500px).
Dynamic Date Formatting with {now} tag and dateFormat filters.
Smarter Variables – expanded support for $increment, $includes, and more.
Custom Table Styling Options (alignment, colors, margins, borders)
Array_Chunk Filter for dynamic column grouping
Ignore Falsy Values in charts (hide those 0-count labels!)
Configurable Image Downscaling for performance tuning (some people like HUGE images…)
New OWASP Test Suites
We added another set of Industry methodologies – so you can start testing faster!
OWASP Desktop App Security Top 10 2021
OWASP Operational Technology (OT) Top 10 2025
OWASP Web Application Security Top 10 2021
OWASP API Security Top 10 2023
OWASP Mobile Application Security Testing Guide (MASTG) Version 2 2025
OWASP Mobile Top 10 2024
OWASP Top 10 CI/CD Security Risks 2023
OWASP Low Code/No Code Top 10 2024Low Code / No Code Top 10 2024
Out-of-the-box Integration updates
New JIRA & ServiceNow Flows
New prebuilt templates for bi-directional syncing with JIRA and ServiceNow — including auto retest updates, issue closures, and reopen workflows – all using AttackForge Flows!
· Parser Updates
Tenable Security Center – more field support.
Invicti Netsparker – now compatible with Enterprise edition.
And as always:
· AFScript got new functions
· Self-Service API got new endpoints and new filters
Until next time — you can be assured that full details can be found in our release notes, as we do not hide them from our customers, like some others…
Keep automating, keep testing, and keep fixing those vulnerabilities!