Creating a New Penetration Test (Pentest) Or Other Security Testing Activity
AttackForge is built upon Projects. Each project has assets (scope) and vulnerabilities. Vulnerabilities are linked to assets.
Projects can be any of the following, however is not limited to the following:
Web Application Penetration Test
Web Services / API Penetration Test
Mobile Application Penetration Test
Network and Infrastructure Penetration Test
Wireless Network Assessment
Physical Security Audit
To create a new project, click on Projectsmodule from the main menu. You will see a page which contains a table with all your projects. To create a new project, click on Create New Project button in top-right corner.
Selecting a Scoring System
When creating a new project, you can select a scoring system for the vulnerabilities.
AttackForge supports following scoring systems:
manually select Priority (Critical / High / Medium / Low / Info)
manually select Likelihood of Impact (0 to 10)
CVSS v3.1 Baseline
CVSS v3.1 Baseline + Temporal
CVSS v3.1 Baseline + Temporal + Environmental
Selecting a Methodology
When creating a new project, you can select one or more methodologies or checklists to apply to the project - referred to as Test Suites.
A test suite helps:
Clients understand exactly what was tested on the project;
Developers/Engineers link test cases to vulnerabilities;
Pentesters structure their testing in a methodical, consistent & standardized way.
When hovering over each test suite, you will see brief information relating to what the test suite is intended for, and number of test cases that will be loaded on the project.
AttackForge comes preloaded with test suites from industry benchmarks such as OWASP, OSSTMM, NIST and more.
You can create custom test suites via the Test Suite Builder module. This allows you to define exactly what you will test on your projects; or for customers.
Updating a Project
After your project is created, you will be redirected to the Project Dashboard page. This is you control center for your projects. From here you can access all project areas.
If you would like to update your project, you can select Edit Projectfrom the Project Dashboard page menu.
Place Project On-Hold / Off-Hold
A project may be set to On-Hold or Off-Hold at any time. This can be used when there are issues which are preventing the project from progressing further, and recording when these issues have been resolved.
When a project is placed on-hold or off-hold, an email will be sent to the project team with the reason why, and a banner will be displayed on the project dashboard with the details.
Every time a project is placed on-hold or off-hold, the details are logged in the project tracking section. You can access this by clicking on Tracking button on your project dashboard page.
If you are the project owner, you can delete your project at any time by pressing Delete Project from your project menu. You will receive a confirmation prompt to authorise this.
If you accidentally delete your project and you need it to be restored, in most cases you can recover your project by contacting our support email. However you need to be quick before the data is purged.