AttackForge is built upon Projects. Each project has scope (assets) and findings (vulnerabilities). Vulnerabilities are linked to assets.
Projects can be any of the following, however is not limited to the following:
- Web Application Penetration Test
- Web Services / API Penetration Test
- Mobile Application Penetration Test
- Network and Infrastructure Penetration Test
- Wireless Network Assessment
- Source Code Review
- Configuration Audit
- PCI-DSS Assessment
- SCADA Assessment
- OSINT Assessment
- Physical Security Audit
Only Administrators, Project Coordinators, and delegated users can create a new project.
Projects module is where you can see all of your projects, including ones that you have created; or ones that you have been invited to by other users.
If you are an Administrator or Project Coordinator - to create a new project, click on the New --> Project button from the page menu.
Otherwise for all other users, you can request a new project by clicking on New --> Project Request.
You can click on any of the project names to drill down to the project dashboard view.
You can also use the actions menu to perform quick actions on your projects, such as download reports, manage settings, clone projects, and more.
You can toggle the projects table into a retesting view in order to see remediation related details for each project, such as how many vulnerabilities have been remediated or how many retests have been performed.
If you are an Administrator - you can view projects on behalf of another user. This can be helpful for resource and team planning.
Start by selecting User Projects from the menu, then select a user. You can filter the results further by searching projects where user is assigned a particular role. You can also toggle between a list view and a calendar view.
Archived projects tab provides a list of all projects which have been archived.
Archived projects are hidden and only accessible to Admins. The results from the archived projects (such as vulnerabilities) are not included in Analytics or other sections with AttackForge.
Archived projects can be restored at any time by selecting Restore Project from the actions menu.
You can also delete projects entirely. This can be performed using the Destroy Project Data option.
!WARNING - once a project has been destroyed, there is no way to recover it or its data.
Pending requests section provides a list of all project requests which are awaiting review & action by the administrators.
The administrators will be notified when a new project request is submitted and can commence the review process. The customer will also be notified by email that their request is pending review.
Users can make modifications to their pending requests.
Administrators and Project Coordinators can Approve or Reject requests.
If a request is Approved, the project will be automatically created and the customer will be invited to the project. The customer will be notified by email that their request was approved.
All users can see the history of their project requests in the Actioned Requests section.
You can click on the request to drill down on the information which had been submitted & reviewed.