The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.
POST /api/ss/library/vulnerability HTTP/1.1Host: demo.attackforge.comX-SSAPI-KEY: APIKeyContent-Type: application/jsonConnection: close
title (string)
Title for the vulnerability.
Example:
{"title": "..."}
severity (number) (optional)
Severity of the vulnerability. Must be a number between 1 to 10.
Example:
{"severity": 10}
likelihood_of_exploitation (number) (optional)
Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.
Example:
{"likelihood_of_exploitation": 10}
impact_on_confidentiality (string) (optional)
Impact on Confidentiality. Must be one of the following: High, Medium, Low, None
Example:
{"impact_on_confidentiality": "High"}
impact_on_integrity (string) (optional)
Impact on Integrity. Must be one of the following: High, Medium, Low, None
Example:
{"impact_on_integrity": "High"}
impact_on_availability (string) (optional)
Impact on Availability. Must be one of the following: High, Medium, Low, None
Example:
{"impact_on_availability": "High"}
description (string)
Description of the vulnerability.
Example:
{"description": "..."}
attack_scenario (string)
Attack Scenario for the vulnerability.
Example:
{"attack_scenario": "..."}
remediation_recommendation (string)
Remediation Recommendation for the vulnerability.
Example:
{"remediation_recommendation": "..."}
tags (array of strings) (optional)
Tags for the vulnerability.
Example:
{"tags": ["...", "...", "..."]}
The following example is a cURL request to create a vulnerability in the library.
Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.
curl -X POST 'https://demo.attackforge.com/api/ss/library/vulnerability' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{"title": "SQL Injection","severity": 10,"likelihood_of_exploitation": 10,"impact_on_confidentiality": "High","impact_on_integrity": "High","impact_on_availability": "High","description": "Lorem Ipsum...","attack_scenario": "Lorem Ipsum...","remediation_recommendation": "Lorem Ipsum...","tags": ["CWE-89", "Injection"]}'
Response contains a vulnerability object.
{"vulnerability": {"vulnerability_id": "...","vulnerability_created": "...","vulnerability_modified": "...","vulnerability_title": "...","vulnerability_severity": 10,"vulnerability_likelihood_of_exploitation": 10,"vulnerability_impact_on_confidentiality": "High","vulnerability_impact_on_integrity": "High","vulnerability_impact_on_availability": "High","vulnerability_description": "...","vulnerability_attack_scenario": "...","vulnerability_remediation_recommendation": "...","vulnerability_tags": ["...","..."]}}