Invite User To Project

Overview

AttackForge lets you invite any person to your project who may need to collaborate with you or the project team; or to provide access to the vulnerabilities, reports, testing progress & tracking features.

Only an Administrator, Project Coordinator or delegated user can invite a user to a project and manage their access levels.

Start by clicking on the project settings button (cog in the top-right) then select Members.

This page will show you all the users with access to your project, and their associated access level & project role.

You can update a user's access to your project at any time by clicking on their current access level (in the table) and selecting from any of the options in the drop-down menu.

You can update a user's project role also by clicking on the current role (in the table) and selecting from any of the options in the drop-down menu.

You can also remove access to your project for a user at any time by clicking actions menu and selecting Remove Member.

You can also click on Add User button to invite a new person to your project.

To help you with scheduling, you can view which consultants are available (not assigned on an overlapping project) during the project test window (start & end dates).

You can also view the calendar for projects you have access to, and also view all projects assigned to any user.

Clicking on any of the projects in the calendar will open the project.

Every project has three (3) levels of access control that can be assigned to any user. This controls the user's ability to see vulnerabilities & data from the project within AttackForge, and also how they can interact with that project.

Access Roles

For a detailed breakdown of every project-level privilege - please see Access Control Matrix

View Access

This is typical privilege assigned to Clients/Customers. It provides them with all of the necessary permissions to view details about vulnerabilities, generate on-demand reports, flag vulnerabilities for retesting and request retests, and self-export vulnerabilities to tools.

Upload Access

This is typical privilege assigned to Developers / Engineers. It provides them with the same privileges of View access, however also provides ability to upload files to the projects' workspace as well as create project notes. This is useful for users who would need to share information with the security team, for example test accounts, solutions documents, files, etc.

Edit Access

This is typical privilege assigned to Pentesters / Security Consultants. It provides them with the same privileges as Upload access, however also provides ability to create vulnerabilities, action test cases, create attack chains, update executive summary, and perform retests.

Who Can I Invite To My Project?

You can invite any person to your project by selecting the user from the system. Please ensure you have consent from the person before inviting them.

The user will receive an email notification informing them you have now invited them to the project and they can access the project immediately.

Project Roles

Project Roles can be assigned to any user on the project. The roles do not provide the user with any additional access rights. Privileges on the project are controlled via the Access Roles (see above).

Project Roles are displayed ion the project dashboard, so that other team members can see who is on their project and also their role on the project - to help with collaboration and contacting the right person.

Project Roles are also included in the reports, alongside the project team member's name.

Email Notifications

Project Team members can receive emails related to events on the project, for example testing has started/stopped or new vulnerabilities have been found.

The following email notifications can be configured per project team member:

  • All Emails

  • No Emails

  • Daily Start/Stop Testing Email

  • New Critical Vulnerability Discovered

  • New High Vulnerability Discovered

  • New Medium Vulnerability Discovered

  • New Low Vulnerability Discovered

  • New Info Vulnerability Discovered

  • Project Role Has Been Updated

  • Project is On-Hold / Off-Hold

  • Retest Has Been Completed

!IMPORTANT: for the New Vulnerability email to be sent to a project team member, this must first be enabled in the projects' settings.

PreviousCreating & Updating ProjectsNextView Project Team

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge