Test Suite Builder


Test Suite Builder is where you can create custom methodologies, checklists and service catalogues for your customers to pick from when requesting a project; or for you to assign to any new projects you create.
When a test suite is assigned to a project, the linked test cases will also be assigned to the project - so that the pentester or auditor has a checklist to work from.
A test suite helps:
    Clients understand exactly what was tested on the project;
    Developers/Engineers link test cases to vulnerabilities;
    Pentesters structure their testing in a methodical, consistent & standardized way;
    Organizations create repeatable, standardized & comparable assessments - independent of who was actually performing the assessment.
Test cases can provide valuable insight into a penetration test or audit. It shows:
    What was tested
    When it was tested
    Who tested it
    What was the status
    Supporting evidence

My Test Suites

AttackForge comes pre-loaded with dozens of industry methodologies that you can select from, for any given project. The methodologies are derived from OWASP, OSSTMM, NIST and others.
Any new test suites that you create will show in the My Test Suites tab. You can use the actions menu to Edit or Delete any of these entries.
You can view the test cases linked to the test suites by clicking on the test suite name.
In AttackForge Enterprise - all test suites are shared and common. This means any entries you create can be used by your peers - pooling together your knowledge to save time & effort.
You can access the entire library of vulnerabilities from the All Test Suites tab.

Creating A New Test Suite

To create a new test suite in the library, click on Create New Test Suite button. You will then see a form which you can complete to add the new test suite to the library. Once the form is submitted, the test suite will be immediately available to drill down in to so you can start linking test cases.
To add a new test case, click on the page menu and select Add Test Case. This will take you to a form where you can add a new test case on this test suite.
You can also search the library for an existing test case, this will pre-fill the fields for you to save you time & effort when you only want to make small changes to an existing test case.
The Code field is used to help with sorting & ordering test cases when displayed in projects & reports.
Code will appear before the details of the test case. For example: WEB-APP-001 Test for X, Y & Z; WEB-APP-002 Test for A, B & C; etc.
Once you have filled in the details, you can click Add More to save & link the test case to your test suite, and start working on a new test case; or you can click I'm Done to save & link the test case to your test suite, then go back to the test suite page.
Any new test cases will now be visible in the table on the page.
You can update or modify the test cases at any time by using the actions menu.
You can also update or modify the test suite at any time by using the page menu.
!IMPORTANT: updates to test cases in your library will apply globally to all projects which are referencing that test case.
!IMPORTANT: any test cases you add or delete on a test suite project will not apply retrospectively to existing projects. This is to preserve integrity of what was actually assigned & tested on projects, and avoid situation where a project may be Completed and is now Not Completed as new test cases are assigned.

Abuse Cases

Abuse cases are project or assessment specific test cases. They are unique test cases which apply to the assets on the project or relate to the objective of the assessment.
Abuse cases help to ensure complete coverage for any given project, beyond the standard test cases.
For example, consider a web application pentest for a reverse auction website. Typically the pentest may cover the standard OWASP ASVS test cases, however the customer also requires that business logic tests are performed against the bidding functionality to determine whether it can be cheated or not. Abuse cases can be created to specifically test this functionality which relating to the application. This provides a higher level of assurance beyond standard test cases.
Abuse Cases can be created directly from the Test Cases section on a project by Admins or Project Coordinators; and are stored & tracked per project in the Test Suite Builder module under the new Abuse Cases tab.
You can delete Abuse Cases directly from a project. To delete abuse cases on a project, click on Edit Multiple Test Cases button from the page menu.
Select the test cases you would like to delete, then click on Delete Selected Test Cases from the page menu.

Deleted Test Suites

You can access any deleted test suites by clicking on the Deleted Test Suites tab. Here you can view and restore any test suites if desired.
Any test suites you delete from the library will no longer be able to select them on any projects or project requests. However they will still be referenced on existing projects so that integrity of test cases on a project remains in-tact.
Last modified 8mo ago