Reporting

Overview

AttackForge provides high-quality reports on-demand when you or your customers need them.

Any team member on your project can download reports in custom templates. These reports are dynamic and will display the most current data on your project.

Every project can have an unlimited number of reporting templates available.

There is also a JSON export which contains all of the data for the reports. This is useful for creating reports offline or for backup purposes.

The ZIP archive contains all evidence which has been uploaded to the vulnerabilities on the project. It is useful if the customer needs high-resolution screenshots, or access to evidence which is not an image format and as such not already included in the reports - for example scripts, videos, etc.

You can download any of the on-demand custom reports, JSON export or ZIP archive - directly from your project.

Custom Reports

AttackForge has a custom built reporting engine we call ReportGen which helps you create custom DOCX reports, on-demand and in a variety of templates.

For example - you can create:

Pentest reports
Retesting reports
Executive reports
Testing summary reports
Application and Infrastructure reports
Mobile testing reports
Red Team and Purple Team reports
Configuration Audit reports
Compliance reports, to name a few.

Custom reports can be generated by any user, on demand, from the project dashboard or reporting section on their projects.

Each user can only see reporting options which have been made available to them.

Every report template can be configured with access controls in the Report Templates module to restrict visibility and usage of templates for Roles, Groups and Users.

You can also control when the Executive Summary and Custom Reports become available to users on the project, and who is allowed to create reports on the project. This is configure in the project settings under Access.

For more details on how to create reporting templates for custom reports, please see Reporting.

Custom Report on Selected Vulnerabilities

You can select one or more vulnerabilities to create a custom report with only that selection.

This is useful when you need to get a report out to different teams, with only the context for vulnerabilities which are relevant to that team.

Start by selecting the vulnerabilities from your project vulnerabilities tab, then select Actions -> Custom Report. Choose your custom report. The report will be tailored to only the vulnerabilities in your selection.

Update Executive Summary

The reports contain an Executive Summary section. This is where you can include:

Objectives of the assessment
Overall observations or notable findings determined during the assessment
Positive security controls identified
Assumptions
Limitations

If you need to update the Executive Summary, you can do this by clicking on Reporting tab from the project.

Note you must have Edit permissions on the project in order to update the executive summary section.

Custom Reporting Fields

You can create custom sections and custom fields to personalize your Reporting data to the project.

Some ideas for Sections and Fields you can create:

Project Summary - including Executive Summary, Summary of Recommendations and Positive Security Observations
Testing Overview - including Background, Approach and Methodology
Document Control - including Author(s), Reviewer, Approver and Version History

To get started, go to Administration and click on Reporting.

Start creating Sections and Fields for the Reporting data you want to capture on your projects.