# Test Suites

## Overview

Test Suites module is where you can create custom methodologies, checklists and service catalogues for your customers to pick from when requesting a project; or for you to assign to any new projects you create.

When a `Test Suite` is assigned to a project, the linked `Test Cases` will also be assigned to the project - so that the pentester or auditor has a checklist to work from.

<figure><img src="/files/gYNCgw5r0faJBwvoOozk" alt=""><figcaption></figcaption></figure>

A test suite helps:

* Clients understand exactly what was tested on the project
* Developers/Engineers link test cases to vulnerabilities
* Pentesters structure their testing in a methodical, consistent & standardized way
* Organizations create repeatable, standardized & comparable assessments - independent of who was actually performing the assessment

> Test cases can provide valuable insight into a penetration test or audit.&#x20;

Test cases demonstrate:

* What was tested
* How was it tested
* When was it tested
* Who tested it
* What was the outcome
* What is the supporting evidence

See [Test Cases](https://support.attackforge.com/attackforge-enterprise/getting-started/test-cases) for more information on how test cases are used on projects.

## My Test Suites

AttackForge comes pre-loaded with dozens of industry methodologies that you can select from, for any given project. The methodologies are gathered from [OWASP](https://owasp.org/www-project-application-security-verification-standard/), [MITRE ATT\&CK](https://attack.mitre.org/), [OSSTMM](https://www.isecom.org/research.html), [NIST](https://www.nist.gov/) and others.

Any new test suites that you create will show in `My Test Suites`. You can use the actions menu to Edit, Duplicate, Reorder or Delete any of these entries.

You can view the test cases linked to the test suites by clicking on the test suite name.

All test suites are shared and common. This means any entries you create can be used by your peers - pooling together your knowledge to save time & effort.&#x20;

<figure><img src="/files/aPhx0liEi1lba07OtaKI" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/IrPyexXkYqPZXKuXZru7" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/0UuIt0kO0Mpq69EDWIwF" alt=""><figcaption></figcaption></figure>

## Creating A New Test Suite

To create a new test suite in the library, click on `New` button.&#x20;

Once the form is submitted, the test suite will be immediately available to start assigning test cases.

<figure><img src="/files/xr5VHae89TA5hoWvSOHS" alt=""><figcaption></figcaption></figure>

To add a new test case, click on the test suite, then click on the `Test Cases` tab, then click on `Add Test Case`.

<figure><img src="/files/m8x2IIYUg1pCVnbCev0b" alt=""><figcaption></figcaption></figure>

You can also search the library for an existing test case, this will pre-fill the fields for you to save you time & effort when you only want to make small changes to an existing test case.

The `Code` field is used to help with sorting & ordering test cases when displayed in projects & reports.

Code will appear before the details of the test case. For example: `WEB-APP-001 Test for X, Y & Z`; `WEB-APP-002 Test for A, B & C`; etc.

You can update or modify the test cases at any time by using the actions menu.

You can also update or modify the test suite at any time by using the page menu.

> **!IMPORTANT:** updates to test cases in your library will apply globally to all projects which are referencing that test case.

> **!IMPORTANT:** any test cases you add or delete on a test suite **will not** apply retrospectively to existing projects. This is to preserve integrity of what was actually assigned & tested on projects, and avoid situation where a project may be Completed and is now Not Completed as new test cases are assigned.

You can create `Custom Fields` on your Test Cases from the Administration module.

<figure><img src="/files/qlwPNwRIBMyg8495Mdlz" alt=""><figcaption></figcaption></figure>

## Importing Test Cases

You can import additional methodologies that AttackForge team has prepared and made available on our GitHub: <https://github.com/AttackForge/TestSuites>

### Red Teaming

* [MITRE ATT\&CK Enterprise Version 16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/ENTERPRISE/mitre_attack_enterprise_16_1.json) - see [recommended mapping](https://support.attackforge.com/attackforge-enterprise/modules/test-suite-builder#import-mappings)
* [MITRE ATT\&CK Mobile Version 16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/MOBILE/mitre_attack_mobile_16_1.json) - see [recommended mapping](https://support.attackforge.com/attackforge-enterprise/modules/test-suite-builder#import-mappings)
* [MITRE ATT\&CK ICS Version 16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/ICS/mitre_attack_ics_16_1.json) - see [recommended mapping](https://support.attackforge.com/attackforge-enterprise/modules/test-suite-builder#import-mappings)
* [OSSTMM Version 3 - Human Security Testing](https://github.com/AttackForge/TestSuites/blob/main/OSSTMM/v3/Chapter%207/osstmm_human_security_testing.json)
* [OSSTMM Version 3 - Physical Security Testing](https://github.com/AttackForge/TestSuites/blob/main/OSSTMM/v3/Chapter%208/osstmm_physical_security_testing.json)

### Artifical Intelligence (AI)

* [MITRE ATLAS Version 4.8.0](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATLAS/mitre_atlas_4.8.0_testcases.json)

### Desktop Applications

* [OWASP Desktop App Security Top 10 2021](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-Desktop-App-Security-Top-10-2021.json)

### Operational Technology (OT)

* [OWASP Operational Technology (OT) Top 10 2025](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-Operational-Technology-\(OT\)-Top-10-2025.json)

### Web Application & API

* [OWASP Web Security Testing Guide Version 4.2](https://github.com/AttackForge/TestSuites/blob/main/OWASP/WSTG/v4.2/owasp_wstg.json)
* [OWASP Application Security Verification Standard (ASVS) Version 4 - Level 1](https://github.com/AttackForge/TestSuites/blob/main/OWASP/ASVS/v4/Level%201/owasp_asvs_level_1.json)
* [OWASP Application Security Verification Standard (ASVS) Version 4 - Level 2](https://github.com/AttackForge/TestSuites/blob/main/OWASP/ASVS/v4/Level%202/owasp_asvs_level_2.json)
* [OWASP Application Security Verification Standard (ASVS) Version 4 - Level 3](https://github.com/AttackForge/TestSuites/blob/main/OWASP/ASVS/v4/Level%203/owasp_asvs_level_3.json)
* [OWASP Web Application Security Top 10 2021](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-Web-Application-Top-10-2021.json)
* [OWASP API Security Top 10 2023](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-API-Security-Top-10-2023.json)

### Mobile Application

* [OWASP Mobile Application Security Testing Guide (MASTG) Version 2 2025](https://github.com/AttackForge/TestSuites/blob/main/OWASP/MASTG/v2/OWASP-Mobile-Application-Security-Testing-Guide-\(MASTG\)-Version-2-2025)
* [OWASP Mobile Top 10 2024](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-Mobile-Top-10-2024.json)
* [MITRE ATT\&CK Mobile Version 16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/MOBILE/mitre_attack_mobile_16_1.json) - see [recommended mapping](https://support.attackforge.com/attackforge-enterprise/modules/test-suite-builder#import-mappings)

### Network Infrastructure, Hardware and IOT

* [OSSTMM Version 3 - Telecommunications Security Testing](https://github.com/AttackForge/TestSuites/blob/main/OSSTMM/v3/Chapter%2010/osstmm_telecommunications_security_testing.json)
* [OSSTMM Version 3 - Data Networks Security Testing](https://github.com/AttackForge/TestSuites/blob/main/OSSTMM/v3/Chapter%2011/osstmm_data_networks_security_testing.json)
* [OSSTMM Version 3 - Wireless Security Testing](https://github.com/AttackForge/TestSuites/blob/main/OSSTMM/v3/Chapter%209/osstmm_wireless_security_testing.json)
* [MITRE ATT\&CK ICS Version 16.1](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATT%26CK/ICS/mitre_attack_ics_16_1.json) - see [recommended mapping](https://support.attackforge.com/attackforge-enterprise/modules/test-suite-builder#import-mappings)

### Cloud Configuration

* [CIS Amazon Web Services Foundation v1.2.0](https://github.com/AttackForge/TestSuites/blob/main/AWS/CIS-Amazon-Web-Services-Foundation-v1.2.0.json)
* [CIS Microsoft Azure Foundation v1.2.0](https://github.com/AttackForge/TestSuites/blob/main/AZURE/CIS-Microsoft-Azure-Foundation-v1.2.0.json)
* [CIS Google Cloud Platform Foundation v1.1.0](https://github.com/AttackForge/TestSuites/blob/main/GCP/CIS-Google-Cloud-Platform-Foundation-v1.1.0.json)
* [Oracle Cloud Infrastructure](https://github.com/AttackForge/TestSuites/blob/main/OCI/Oracle-Cloud-Infrastructure.json)
* [Kubernetes Infrastructure](https://github.com/AttackForge/TestSuites/blob/main/KUBERNETES/Kubernetes-Infrastructure.json)

### CI/CD

* [OWASP Top 10 CI/CD Security Risks 2023](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-Top-10-CI-CD-Security-Risks-2023.json)

### Low Code/No Code

* [OWASP Low Code/No Code Top 10 2024](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-Low-Code-No-Code-Top-10-2024.json)

<figure><img src="/files/QfkXf2U3MNiNwaVfUEU2" alt=""><figcaption></figcaption></figure>

Start by clicking on `New -> Import Test Cases`.

<figure><img src="/files/q3cJL7tZcJDQQkLsc4zt" alt=""><figcaption></figcaption></figure>

Select a import source:

* **AttackForge Community** - you can export your test cases in AttackForge Community, and import them into your AttackForge Core/Enterprise.
* **JSON** - generic JSON import option. Includes a template file to help with preparing your data file for import.
* **CSV** - generic CSV import option. Includes a template file to help with preparing your data file for import.

<figure><img src="/files/1L5MyFob2jDiS9QSrM4f" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/6uzqDy4kK1DSkjizpzRn" alt=""><figcaption></figcaption></figure>

Select the test cases you would like to import.

<figure><img src="/files/6bnv5vsTZQUJgjkY2aPY" alt=""><figcaption></figcaption></figure>

You can make changes to the test cases prior to import.

<figure><img src="/files/qZqYeoYliU8wtcu1ujAm" alt=""><figcaption></figcaption></figure>

Receive updates on import progress.

<figure><img src="/files/2sm7bdoNM6Hrg8k0iWMY" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/0M2i90mHa6FivefOR1Fd" alt=""><figcaption></figcaption></figure>

## Import Mappings

We recommend setting the following [Test Case Custom Fields](https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms) when importing test cases from the [AttackForge built testing methodologies](https://github.com/AttackForge/TestSuites).

### MITRE ATT\&CK Enterprise, Mobile and ICS

* Key - **x\_mitre\_attack\_spec\_version**
  * Field Type - ***Input***
* Key - **x\_mitre\_is\_subtechnique**
  * Field Type - ***Input***
* Key - **x\_mitre\_permissions\_required**
  * Field Type - ***List***
* Key - **kill\_chain\_phases**
  * Field Type - ***Table***
  * Columns:
    * Key - **kill\_chain\_name**
      * Field Type - ***Input***
    * Key - **phase\_name**
      * Field Type - ***Input***
* Key - **x\_mitre\_platforms**
  * Field Type - ***List***
* Key - **x\_mitre\_data\_sources**
  * Field Type - ***List***
* Key - **external\_references**
  * Field Type - ***Table***
  * Columns:
    * Key - **source\_name**
      * Field Type - ***Input***
    * Key - **description**
      * Field Type - ***Input***
    * Key - **url**
      * Field Type - ***Input***
    * Key - **external\_id**
      * Field Type - ***Input***
* Key - **mitre\_domain**
  * Field Type - ***Input***
* Key - **mitre\_tactic**
  * Field Type - ***List***
* Key - **mitigations**
  * Field Type - ***Table***
  * Columns:
    * Key - **mitigation**
      * Field Type - ***Input***
    * Key - **description**
      * Field Type - ***Input***
* Key - **detections**
  * Field Type - ***Table***
  * Columns:
    * Key - **data\_source**
      * Field Type - ***Input***
    * Key - **data\_component**
      * Field Type - ***Input***
    * Key - **detects**
      * Field Type - ***Input***
* Key - **x\_mitre\_defense\_bypassed**
  * Field Type - ***List***

## Execution Flows

Execution flows can be assigned to each test case.

Execution flows can have many uses such as:

* Documenting steps and procedures guiding a person in how to perform the test case
* Documenting which tools should be used to perform the test case
* Documenting internal processes and procedures required by the test case
* Links to external resources

You can add execution flows to any test case when creating or updating the test case.

<figure><img src="/files/2sfZfxHqIS8DyUHp4HHR" alt=""><figcaption></figcaption></figure>

## Abuse Cases

Abuse cases are project-specific test cases. They are unique test cases which apply to the project. For example, consider a web application pentest for a reverse auction website. Typically the pentest may cover the standard OWASP ASVS test cases, however the customer also requires that business logic tests are performed against the bidding functionality to determine whether it can be cheated or not. Abuse cases can be created to specifically test this functionality and provide higher level of assurance beyond standard test cases.

To create abuse cases on the project, you must be either an Administrator or Project Coordinator.

From the project test cases section, click on `Add -> Abuse Case`.&#x20;

<figure><img src="/files/XtUfEaWLowbMLi1XS8o0" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/10QtvvYyGEQDae3985hM" alt=""><figcaption></figcaption></figure>

Abuse Cases are stored & tracked per project in the Test Suites module under the `Project Abuse Cases` section.

<figure><img src="/files/tbbGuUYfTAymcvvwiLtb" alt=""><figcaption></figcaption></figure>

You can delete Abuse Cases directly from the project.

## Archived Test Suites

You can access any archived test suites by clicking on the `Archived Test Suites` button. Here you can view and restore any test suites if desired.

Any test suites you archive from the library will no longer be available for projects or project requests. However, any historical project using the test suite will not be affected so that integrity of test cases on a project remains in-tact.

<figure><img src="/files/fvVWJiSCa3KPBqZM5m2K" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://support.attackforge.com/attackforge-enterprise/modules/test-suite-builder.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.