Portfolios

Overview

Portfolios help you to create dedicated programs to track and manage your security testing activities. Want to know how your internal systems compare to your external systems? Or wanting to track security posture for your applications? Portfolios makes this easy!

Each Portfolio comes with Streams. Streams help you to consolidate all of your related testing activities for a portfolio, for example:

Portfolio: Externally Facing Applications

Stream 1: US External Apps

  • Project 1: USA Commerce Portal

  • Project 2: USA Mobile App

  • Project 3: Main Integration Gateway

Stream 2: European External Apps

  • Project 1: Main Integration Gateway

  • Project 2: EU Mobile App

Portfolios and Streams can help you track Business-as-Usual (BAU) pentesting and help you to better understand where to focus your time and resources more effectively.

Projects can be assigned to many streams and portfolios. This can help to ensure you are tracking the right vulnerabilities, across your enterprise. Using example above, vulnerabilities in project Main Integration Gateway might be relevant to both USA External Apps & European External Apps - therefore could be assigned to both streams.

Every Portfolio and Stream has a unique dashboard which includes details on vulnerabilities, projects & assets - helping you make more informed business decisions when it comes to tracking and remediation.

Portfolios are created and managed by administrators.

View access can be given to individual portfolios, or their respective streams, to non-admin users. Those users will only see data relevent to projects they have access to on the portfolio and/or stream.

Creating a Portfolio

Start by clicking on Portfolios module in your main menu. You must be an Administrator. Click on New.

Complete the details for your portfolio. You can add a stream by clicking on Streams.

Enter a name for your stream, and optionally link any existing projects to the stream. You can create as many streams as you need. You can also update this later on.

View access can be given to to non-admin users for individual portfolios or their respective streams. Those users will only see data relevent to projects they have access to on the portfolio and/or stream.

Linking Projects to Streams

You can add new projects to Portfolios & Streams from the Portfolio Edit page.

To edit a Portfolio, click on the cog from the portfolio page.

Select Access and Streams. You can create new streams and link associated projects, or you can update existing projects on existing streams.

You can also associate a project with one or more Portfolios & Streams at time of project creation or approval; or when editing a project.

Managing Access to Streams

View access can be given to to non-admin users for individual portfolios or their respective streams. Those users will only see data relevent to projects they have access to on the portfolio and/or stream.

Access can be granted to portfolios and/or streams based on Groups or Users.

Access can be granted to the entire Portfolio and its related Streams using the option at the top of the Access and Streams settings page for the Portfolio.

Alternatively, access to individual streams can be granted by clicking on any of the streams and configuring the access on that stream.

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge