Retesting & Remediation
Last updated
Last updated
Check YouTube for more tutorials: https://youtube.com/@attackforge
AttackForge tracks the remediation history for all vulnerabilities - from Open
, to Retesting
& Closed
. This helps to understand the status of a vulnerability - at any point in time - when you or the customer needs it.
Every vulnerability has its own history which contains Remediation Notes
, to help track what remediation actions were performed, when and by whom.
AttackForge also tracks every Round of Retesting
that has been requested or performed against the project to make the process simple & fast.
Any project team member can add remediation notes to a vulnerability. This can be used by engineering teams when updating the remediation actions performed on the vulnerability, or by pentesters when documenting observations during a retest.
To view and create remediation notes, navigate to the vulnerability page and click on the Remediation
icon on the right hand side.
To bulk add remediation notes, select the vulnerabilities and then click Actions -> Add Remediation Note
.
If the Remediation Plan
field is enabled (see Administration module), project team members can update the remediation plan for any of the vulnerabilities. This is useful to help get vulnerabilities acknowledged by technical teams, and plan for when those vulnerabilities will be fixed.
The vulnerability will now track Target Remediation Date
.
You can use the Target Remediation Date
to create Custom Time-Based Emails
which automatically follow up on vulnerabilities for you.
Any project team member can assign a vulnerability for retesting. This can be used by engineering teams indicating that a vulnerability has been resolved and can now be retested.
You can assign a vulnerability for retesting by clicking on Update Status -> Ready for Retesting
from the vulnerability page.
You will be prompted to enter an optional remediation note which is useful to help the security team understand what fixes have been put in place in order to indicate vulnerability is now ready for retesting.
You can view Remediation History
by clicking on Remediation
button on the vulnerability page.
You can also bulk assign vulnerabilities for retesting.
After you have marked vulnerabilities as Ready for Retesting
on a project, you can request a Retesting Round
to be performed.
To request a round of retesting, click on Retesting
from the project menu, then click on Request Retest
.
Select the test window when the retest can occur.
Select the vulnerabilities you would like to include in this round of retesting. You can only select from vulnerabilities which are currently marked as Ready for Retest.
Click Request Retest
when ready.
After submitting the request, you will receive a confirmation email. The administrators will also be notified of your request.
You will also see your request registered as a new round.
Once a retest has been requested, the pentesters/consultants can commence the retesting. The vulnerabilities in-scope for the retest can be accessed from the Retesting
section on the project.
Click on a vulnerability to bring up a list of in-scope vulnerabilities for the given round.
Perform your retesting for each vulnerability. Note you will need to have Edit permissions on the project in order to perform the retest.
Check the Workspace - get all the information and context you need to set up for the retest.
View Remediation Notes - to understand what steps have been taken to mitigate this vulnerability.
Upload Evidence - upload screenshots and proof of the findings/observations from the retest.
Add Remediation Note - add further remediation notes to include the findings/observations from the retest.
Re-Open Vulnerability - re-open the vulnerability if it is deemed to be not fixed.
Close Vulnerability - close the vulnerability if it is deemed to be fixed.
Once you have performed the retest for all the in-scope vulnerabilities, click on Complete Round
from the actions menu for the round of retesting you are working on. An email notification will be sent to the project team to inform them that the retest is now completed. A record of the retested vulnerabilities will also be visible and also accessible in reports.
You can track retesting history on a project by simply viewing the project dashboard page.
You can keep track of all retests on your projects by clicking on Retesting View
from the projects module.
Here you will find a list of all your projects, including columns at the end (far right) which you can sort by and includes:
number of vulnerabilities flagged for retesting on the project;
number of round of retesting requested on the project;
number of rounds of retesting completed on the project.
You can click on any of the numbers in order to drill-down to the details.
Administrators and persons who had requested a retest can cancel their retest if it is no longer required. Once a retest has been cancelled, no further actions can be taken for that round - however a new round can always be requested.
All in-scope vulnerabilities for the cancelled round of retesting will be reset back to Open status.
A remediation note will also be created to track the status change due to cancelled retest.
You can cancel a retest by clicking on Cancel Round
from the actions menu.