Invite User To Project


AttackForge lets you invite any person to your project who may need to collaborate with you or the project team; or to provide access to the reports & tracking features.
Only an Administrator or Project Coordinator can invite a user to a project and manage their access levels.
If you are an Administrator or Project Coordinator, you can select Manage Access from your project menu.
This page will show you all the users with access to your project, and their associated access level & project role.
You can update a user's access to your project at any time by clicking on their current access level (in the table) and selecting from any of the options in the drop-down menu.
You can update a user's project role also by clicking on the current role (in the table) and selecting from any of the options in the drop-down menu.
You can also remove access to your project for a user at any time by clicking Delete on the user record in the table (in last column).
You can also click on the Invite User To Project button in order to invite a new person to your project.
To help you with scheduling, you can view which consultants are available (not assigned to another project) during the project test window (start & end dates).
You can also view the calendar for projects you have access to, and also view all projects assigned to any user.
Clicking on any of the projects in the calendar will redirect you to the Project Tracking / Overview page for that project where you can view the entire project team.
Every project has three (3) levels of access control that can be assigned to any user. This controls the user's ability to see vulnerabilities & data from the project within AttackForge, and also how they can interact with that project.

Access Roles

View Access

This is typical privilege assigned to Customers.
  • View project-related data in following modules:Dashboard, Analytics, Retesting, Schedule, Reporting, Search
  • View project dashboard
  • View scope
  • View test cases
  • View retesting history
  • Request retest
  • View project vulnerabilities, including their remediation notes – except Pending vulnerabilities
  • Add remediation notes on vulnerabilities
  • Flag vulnerability as Ready for Retesting / Not-Ready for Retesting (Re-Open)
  • View attack chains
  • Download report in PDF / DOCX / HTML / CSV / JSON / ZIP / ReportGen
  • Customise reports
  • View daily tracking
  • View project team member profiles
  • Collaborate in Slack project channel
  • Self-Export vulnerabilities to JIRA
  • Self-Export vulnerabilities to Slack

Upload Access

This is typical privilege assigned to Developers / Engineers
  • Inherits View
  • Upload files to the project workspace

Edit Access

This is typical privilege assigned to Pentester / Security Consultant
  • Inherits Upload
  • Send daily start / stop testing email notifications
  • Create / Update / Delete scope
  • Create / Update / Delete workspace notes & files
  • Update test cases, including actioning, adding notes & uploading evidence
  • Create / Update / Delete vulnerabilities, including Pending vulnerabilities, upload evidence, close vulnerabilities, & import vulnerabilities
  • Create / Update / Delete attack chains
  • Notify project team that retest round is completed
  • Upload testing logs
  • Update executive summary on report
  • Place project on-hold / off-hold

Who Can I Invite To My Project?

You can invite any person to your project by selecting the user from the system. Please ensure you have consent from the person before inviting them.
The user will receive an email notification informing them you have now invited them to the project and they can access it immediately.

Project Roles

Project Roles can be assigned to any user on the project. The roles do not provide the user with any additional access rights. Privileges on the project are controlled via the Access Roles (see above).
Project Roles are displayed in the Project Tracking / Overview page, so that other team members can see who is on their project and also their role on the project - to help with collaboration and contacting the right person.
Project Roles are also included in the reports, alongside the project team member's name.

Email Notifications

Project Team members can receive emails related to events on the project, for example testing has started/stopped or new vulnerabilities have been found.
The following email notifications can be configured per project team member:
  • All Emails
  • No Emails
  • Daily Start/Stop Testing Email
  • New Critical Vulnerability Discovered
  • New High Vulnerability Discovered
  • New Medium Vulnerability Discovered
  • New Low Vulnerability Discovered
  • New Info Vulnerability Discovered
  • Project Role Has Been Updated
  • Project is On-Hold / Off-Hold
  • Retest Has Been Completed
!IMPORTANT: emails are only sent to project team members. Users with Group-based access to the project will not receive project emails.
!IMPORTANT: for the New Vulnerability email to be sent to a project team member, this must first be enabled in the projects' settings.