AttackForge Enterprise

CreateVulnerabilityLibraryIssue

This method can be used for the following functionality: Create a vulnerability in AttackForge internal vulnerability library.

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

POST /api/ss/library/vulnerability HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

title (string)

Title for the vulnerability.

Example:

{
"title": "..."
}

severity (number) (optional)

Severity of the vulnerability. Must be a number between 1 to 10.

Example:

{
"severity": 10
}

likelihood_of_exploitation (number) (optional)

Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.

Example:

{
"likelihood_of_exploitation": 10
}

impact_on_confidentiality (string) (optional)

Impact on Confidentiality. Must be one of the following: High, Medium, Low, None

Example:

{
"impact_on_confidentiality": "High"
}

impact_on_integrity (string) (optional)

Impact on Integrity. Must be one of the following: High, Medium, Low, None

Example:

{
"impact_on_integrity": "High"
}

impact_on_availability (string) (optional)

Impact on Availability. Must be one of the following: High, Medium, Low, None

Example:

{
"impact_on_availability": "High"
}

description (string)

Description of the vulnerability.

Example:

{
"description": "..."
}

attack_scenario (string)

Attack Scenario for the vulnerability.

Example:

{
"attack_scenario": "..."
}

remediation_recommendation (string)

Remediation Recommendation for the vulnerability.

Example:

{
"remediation_recommendation": "..."
}

tags (array of strings) (optional)

Tags for the vulnerability.

Example:

{
"tags": ["...", "...", "..."]
}

Example

The following example is a cURL request to create a vulnerability in the library.

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X POST 'https://demo.attackforge.com/api/ss/library/vulnerability' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
"title": "SQL Injection",
"severity": 10,
"likelihood_of_exploitation": 10,
"impact_on_confidentiality": "High",
"impact_on_integrity": "High",
"impact_on_availability": "High",
"description": "Lorem Ipsum...",
"attack_scenario": "Lorem Ipsum...",
"remediation_recommendation": "Lorem Ipsum...",
"tags": ["CWE-89", "Injection"]
}'

Response

Response contains a vulnerability object.

{
"vulnerability": {
"vulnerability_id": "...",
"vulnerability_created": "...",
"vulnerability_modified": "...",
"vulnerability_title": "...",
"vulnerability_severity": 10,
"vulnerability_likelihood_of_exploitation": 10,
"vulnerability_impact_on_confidentiality": "High",
"vulnerability_impact_on_integrity": "High",
"vulnerability_impact_on_availability": "High",
"vulnerability_description": "...",
"vulnerability_attack_scenario": "...",
"vulnerability_remediation_recommendation": "...",
"vulnerability_tags": ["...","..."]
}
}