Writeups

Overview

AttackForge utilizes centralized vulnerability writeup libraries which makes it fast & easy to create new vulnerabilities on your projects.

Writeups act as a knowledge-base to make creation to vulnerabilities quick and easy.

Writeups are linked to vulnerabilities. They are not copied to vulnerabilities. This is important as it means every vulnerability has a direct relationship to its writeup. This is useful to:

Ensure changes to a writeup (improved recommendations, spelling mistakes, etc.) gets propagated to all linked vulnerabilities.
Speed up the quality review process during a pentest, in conjunction with access controls.
Be able to properly determine unique vulnerabilities.

Every writeup acts as a template, which can then be re-used on projects. This means you only need to write the issue once - saving you hours of reporting time for every single project.

The Writeups Libraries are separated into four (4) areas:

Main Library

This is the primary source of your vulnerability writeups.
It contains 1500+ pre-loaded writeups from MITRE CWE and MITRE CAPEC that come with AttackForge. You can also add your own.
This library is shared by default, which means any user on a project with permissions to create vulnerabilities for the project, will be able to use any of the writeups in this library.
Access to this library can be restricted to certain roles, users or groups via Administration module.

Imported Library

This is where you can find all of the writeups you have imported from various tools & scanners.
This library is shared by default, which means any user on a project with permissions to create vulnerabilities for the project, will be able to use any of the writeups in this library.
Access to this library can be restricted to certain roles, users or groups via Administration module.

Project Library

This is where you can access writeups that are designated to specific projects.
This is useful if you have project-specific or sensitive data which you would like to seperate from the Main and Imported libraries which are shared libraries.
Only users with access to the project will be able to view and use writeups belonging to the project.
Access to this library can be restricted to certain roles, users or groups via Administration module.

Custom Libraries

You can create custom libraries to suite your own needs. For example, you can create libraries for specific types of tests, or libraries for individual teams or testers, or libraries for particular technologies.
Access to this library can be restricted to certain roles, users or groups via Administration module.

For details on access controls to the Writeups libraries - see Access Control Matrix

Creating a Writeup

To create a new writeup, click on New button.

Selecting which library you wish to assign the writeup to - Main, Imported, Project or Custom.

If you select Imported - you will be required to enter additional information regarding to the source/tool where the writeup is being imported from.

If you select Project - you will be required to link the vulnerability to at least one (1) project. Only users with access to the linked project(s) will be able to use this writeup when creating a new vulnerability on the linked projects.

After you have selected the library, you can proceed to enter in the information relating to the writeup. You can also search for an existing writeup, which will pre-fill the fields for you to make it faster.

You can create a placeholder CVSS score which will be loaded when a user selects this writeup when creating a vulnerability on their project. This makes it easier to set a default score for vulnerabilities.

You can add tags and custom tags. This is useful if you are using sections within your custom reports, or exporting custom tags for vulnerabilities into your tools. You can enter any name and value for the custom tags.

Custom fields may be also be configured for your writeups. See this link for more details.

Integrations

SecDim Sandboxes

We're excited to be the first Pentest Management Platform to release a Secure Code Learning collaboration with SecDim - Dev-Native Attack & Defence Wargames.

With the power 💪 of SecDim and AttackForge, you can:

Explore a real vulnerability in a cloud native app. Debug and verify if your security patch can remediate the vulnerability
Train developers on how to fix vulnerabilities identified in their applications, during a pentest
Collaborate between engineers and security teams on how to best remediate vulnerabilities
Improve retesting pass rates for discovered vulnerabilities
Test your knowledge on how to fix common vulnerabilities and measure your effectiveness

Every Sandbox comes with a security test suite to simulate the exploitation of the vulnerability.

Sandboxes are integrated with git so you can save your progress and pick it up again where you left off.

SecDim's catalogue is extensive, covering everything from AI, GraphQL, React, Kubernetes, to Web3. You can test your skills against modern security vulnerabilities inspired by real-world issues.

Each sandbox is deployed in a secure isolated Cloud Development Environment directly in your browser. You can debug, patch and test your code as if you were building an app.

Start by learning more about this integration, and when ready - switch the integration on.

Search SecDim's catalogue of vulnerable sandboxes which you can link to your Writeups.

When you create a vulnerability on a project, users will be able to see the linked SecDim sandboxes and launch a sandbox to get started.

Updating Writeups

You can update or modify the writeups at any time by clicking on Edit button for the writeup you wish to update.

!IMPORTANT: updates to write-ups will affect all linked vulnerabilities on all linked projects.

Custom Libraries

You can create custom libraries to suite your own needs. For example, you can create libraries for specific types of tests, or libraries for individual teams or testers, or libraries for particular technologies.

Custom Libraries can be configured from the Administration module.

My Writeups

These are all of the Writeups which you have created.

All Writeups

This is where you can see all writeups you have access to.

Archived Writeups

This is where you can see all archived writeups in AttackForge. It is restricted to Admin users only.

You can archive a writeup by using the actions menu and selecting Archive. Any writeups you archive from the library will be relocated to the Archived Writeups section and will no longer be selectable on projects for new vulnerabilities or changes to existing vulnerabilities.

However, archived writeups will still be referenced on existing projects - so that the integrity of vulnerabilities on a project remains in-tact.

Admins can restore writeups if required to do so.

Moving Writeups Between Libraries

You can move writeups between libraries by first selecting the writeups, then clicking on Reassign from the actions menu.

Select the option for the library you would like to assign the vulnerabilities to.

Importing Writeups

You can import additional vulnerability knowledge-bases that AttackForge team has prepared and made available on our GitHub: https://github.com/AttackForge/Writeups

MITRE

Start by clicking on New -> Import Writeups.

Select a import source:

AttackForge Community - you can export your writeups in AttackForge Community, and import them into your AttackForge Core/Enterprise.
JSON - generic JSON import option. Includes a template file to help with preparing your data file for import.
CSV - generic CSV import option. Includes a template file to help with preparing your data file for import.