AttackForge Enterprise

CreateVulnerabilityBulk

This method can be used for the following: Create multiple vulnerabilities on a project you have access to, by project identifier (Id).

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

POST /api/ss/vulnerability/bulk HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

projectId (string)

Identifier for the project.

Example:

{
"projectId": "..."
}

title (string)

Title for the vulnerability.

Example:

{
"title": "..."
}

affected_asset_names (array of strings)

Names of the affected assets. A new vulnerability will be created for each asset name.

Example:

{
"affected_asset_names": ["...", "...", "..."]
}

priority (string)

Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info

Example:

{
"priority": "Critical"
}

likelihood_of_exploitation (number)

Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.

Example:

{
"likelihood_of_exploitation": 10
}

description (string)

Description of the vulnerability.

Example:

{
"description": "..."
}

attack_scenario (string)

Attack Scenario for the vulnerability.

Example:

{
"attack_scenario": "..."
}

remediation_recommendation (string)

Remediation Recommendation for the vulnerability.

Example:

{
"remediation_recommendation": "..."
}

steps_to_reproduce (string)

Steps to Reproduce the vulnerability (POC).

Example:

{
"steps_to_reproduce": "..."
}

tags (array of strings) (optional)

Tags for the vulnerability.

Example:

{
"tags": ["...", "...", "..."]
}

notes (array of strings) (optional)

Notes for the vulnerability.

Example:

{
"notes": ["...", "...", "..."]
}

is_zeroday (boolean) (optional)

Whether vulnerability is a zeroday (0-day) or not.

Example:

{
"is_zeroday": true
}

is_visible (boolean) (optional)

Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).

Example:

{
"is_visible": true
}

Example

The following example is a cURL request to create multiple vulnerabilities on a project by the project identifier (Id).

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X POST 'https://demo.attackforge.com/api/ss/vulnerability/bulk' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
"projectId": "5efa890661ee7e0a11f90130",
"title": "SQL Injection",
"affected_asset_names": ["AttackForge.com", "app.attackforge.com", "support.attackforge.com"],
"priority": "Critical",
"likelihood_of_exploitation": 10,
"description": "Lorem Ipsum...",
"attack_scenario": "Lorem Ipsum...",
"remediation_recommendation": "Lorem Ipsum...",
"steps_to_reproduce": "Lorem Ipsum...",
"tags": ["CWE-89", "Injection"],
"notes": ["Lorem Ipsum...", "Lorem Ipsum..."],
"is_zeroday": false,
"is_visible": true
}'

Response

Response contains a vulnerability object.

{
"count": 999,
"vulnerability": {
"vulnerability_id": "...",
"vulnerability_created": "...",
"vulnerability_modified": "...",
"vulnerability_title": "...",
"vulnerability_priority": "...",
"vulnerability_status": "...",
"vulnerability_retest": "...",
"vulnerability_likelihood_of_exploitation": 10,
"vulnerability_steps_to_reproduce": "...",
"vulnerability_tags": ["...","..."],
"vulnerability_is_zeroday": "...",
"vulnerability_notes": [{"note":"..."},{"note":"..."}],
"vulnerability_description": "...",
"vulnerability_attack_scenario": "...",
"vulnerability_remediation_recommendation": "...",
"vulnerability_affected_asset_name": "...",
"vulnerability_affected_asset_id": "...",
"vulnerability_project_name": "...",
"vulnerability_project_id": "..."
}
}