Vulnerability Library

Overview

AttackForge utilises a centralized vulnerability library which makes it fast & easy to create new vulnerabilities on your projects.
Every vulnerability in the library acts as a template, which can then be re-used on projects. This means you only need to write the issue once - saving you hours of reporting time for every single project.
The Vulnerability Library is separated into 3 key areas:
    Main Vulnerabilities
      This is the primary source of your vulnerability write-ups/templates.
      It contains 1300+ pre-loaded vulnerabilities that come with AttackForge. You can also add your own.
      This library is shared, which means any user on a project with permissions to create vulnerabilities for the project, will be able to use any of the vulnerabilities in this library.
    Imported Vulnerabilities
      This is where you can find all of the vulnerabilities you have imported from various tools & scanners.
      This library is shared, which means any user on a project with permissions to create vulnerabilities for the project, will be able to use any of the vulnerabilities in this library.
    Project Vulnerabilities
      This is where you can access vulnerability write-ups that are designated to specific projects.
      This is useful if you have project-specific or sensitive data which you would like to segregate from the Main and Imported libraries which are shared libraries.
For details on access controls to the Vulnerability Library - see Access Control Matrix

Creating A Vulnerability

To create a new vulnerability, click on Create New Vulnerability from the page menu.
Start by selecting which library you wish to assign the vulnerability to - Main, Imported or Project.
If you select Imported - you will be required to enter additional information regarding to the source/tool where the vulnerability is being imported from.
If you select Project - you will be required to link the vulnerability to at least one (1) project. Only users with access to the linked project(s) will be able to use this write-up/template when creating a new vulnerability on the linked projects.
After you have selected the vulnerability library, you can proceed to enter in the information relating to the vulnerability. You can also search for an existing write-up, which will pre-fill the fields for you to make it faster.
You can create a placeholder CVSS score which will be loaded when a user selects this vulnerability to add on their projects. This makes it easier to set a default score for vulnerabilities.

Creating Custom Fields

You can create custom fields using the Add ReportGen Custom Tagbutton. This is useful if you are using sections within your custom reports, or exporting custom fields for vulnerabilities into your tools. You can enter any name and value for the custom fields.

Updating Vulnerabilities

You can update or modify the write-ups/templates at any time by visiting the Vulnerability Library module and clicking on Edit button for the vulnerability you wish to update.
!IMPORTANT: updates to write-ups/templates will affect all vulnerabilities on projects.

Main Vulnerabilities

This is the primary source of your vulnerability write-ups/templates. The Main Library provides centralised and shared vulnerability write-ups/templates that your teams can reuse on any project.
Write-ups/templates in the Main Library are shared. This means any user on a project with permissions to create vulnerabilities for the project, will be able to use any of the vulnerabilities in this library.

Imported Vulnerabilities

This is where you can find all of the vulnerabilities you have imported from various tools & scanners. When a vulnerability is imported into AttackForge - by default it will appear in this library. You can change this prior to performing the import if you would like to import the vulnerabilities to another library.
Write-ups/templates in the Imported Library are shared. This means any user on a project with permissions to create vulnerabilities for the project, will be able to use any of the vulnerabilities in this library.

Project Vulnerabilities

This is where you can access vulnerability write-ups that are designated to specific projects.
This is useful if you have project-specific or sensitive data which you would like to segregate from the Main and Imported libraries which are shared libraries.
Vulnerabilities in this library must be assigned/linked to at least one (1) project. They can be assigned to more than one project, if it would be relevant to do so.
Only users with access to the linked project(s) will be able to use this write-up/template when creating a new vulnerability, and only on the linked projects.
Users with access to this library will only be able to view & modify vulnerability write-ups for which the user has access to at least one (1) of the linked projects. By default, Admins will be able to see all write-ups/templates in this library.

All Vulnerabilities

This is where you can see all vulnerability write-ups/templates in AttackForge. It is restricted to Admin users only.

Deleted Vulnerabilities

This is where you can see all deleted vulnerability write-ups/templates in AttackForge. It is restricted to Admin users only.
You can delete a write-up/template by using the actions menu and selecting Delete. Any write-ups/templates you delete from the library will be relocated to the Deleted Vulnerabilities tab and will no longer be selectable on projects for new vulnerabilities or changes to existing vulnerabilities.
However, deleted write-ups/templates will still be referenced on existing projects - so that integrity of vulnerabilities on a project remains in-tact.
Admins can restore vulnerability write-ups/templates if required to do so.

Re-Assigning Vulnerabilities To Libraries

In order to re-assign vulnerabilities between libraries, start by clicking on the tab for the relevant library that you would like to re-assign vulnerabilities from, then select Re-Assign vulnerabilities from the page menu.
Select the vulnerabilities you wish to re-assign, then from the page menu, select the option for the library you would like to assign the vulnerabilities to.
After you have added the supporting required information and confirmed the assignment, the vulnerabilities will now be re-assigned to the new library.
Re-assigning vulnerabilities to Import Library
Re-assigning vulnerabilities to Project Library - Step 1
Re-assigning vulnerabilities to Project Library - Step 2

Bulk Deleting Vulnerabilities

You can perform a bulk delete on vulnerabilities by clicking on the tab for the relevant library that you would like to delete vulnerabilities from, then select Re-Assign vulnerabilities from the page menu.
After you have selected the vulnerabilities you wish to delete, click on Delete Vulnerabilities form the page menu and confirm your action.
Last modified 27d ago