AttackForge
Search
K

Creating & Updating Projects

Creating a New Penetration Test (Pentest) Or Other Security Testing Activity

Overview

AttackForge is built upon Projects. Each project has assets (scope) and vulnerabilities. Vulnerabilities are linked to assets.
Projects can be any of the following, however is not limited to the following:
  • Web Application Penetration Test
  • Web Services / API Penetration Test
  • Mobile Application Penetration Test
  • Network and Infrastructure Penetration Test
  • Wireless Network Assessment
  • PCI-DSS Assessment
  • SCADA Assessment
  • OSINT Assessment
  • Physical Security Audit
To create a new project, click on Projectsmodule from the main menu. You will see a page which contains a table with all your projects. To create a new project, click on Create New Project button in top-right corner.

Selecting a Scoring System

When creating a new project, you can select a scoring system for the vulnerabilities.
AttackForge supports following scoring systems:
  • Manual
    • manually select Priority (Critical / High / Medium / Low / Info)
    • manually select Likelihood of Impact (0 to 10)
  • CVSS v3.1 Baseline
  • CVSS v3.1 Baseline + Temporal
  • CVSS v3.1 Baseline + Temporal + Environmental

Selecting a Methodology

When creating a new project, you can select one or more methodologies or checklists to apply to the project - referred to as Test Suites.
A test suite helps:
  • Clients understand exactly what was tested on the project;
  • Developers/Engineers link test cases to vulnerabilities;
  • Pentesters structure their testing in a methodical, consistent & standardized way.
When hovering over each test suite, you will see brief information relating to what the test suite is intended for, and number of test cases that will be loaded on the project.
AttackForge comes preloaded with test suites from industry benchmarks such as OWASP, OSSTMM, NIST and more.
You can create custom test suites via the Test Suite Builder module. This allows you to define exactly what you will test on your projects; or for customers.

Updating a Project

After your project is created, you will be redirected to the Project Dashboard page. This is you control center for your projects. From here you can access all project areas.
If you would like to update your project, you can select Edit Projectfrom the Project Dashboard page menu.

Place Project On-Hold / Off-Hold

A project may be set to On-Hold or Off-Hold at any time. This can be used when there are issues which are preventing the project from progressing further, and recording when these issues have been resolved.
When a project is placed on-hold or off-hold, an email will be sent to the project team with the reason why, and a banner will be displayed on the project dashboard with the details.
Every time a project is placed on-hold or off-hold, the details are logged in the project tracking section. You can access this by clicking on Tracking button on your project dashboard page.

Delete Project

If you are the project owner, you can delete your project at any time by pressing Delete Project from your project menu. You will receive a confirmation prompt to authorise this.
If you accidentally delete your project and you need it to be restored, in most cases you can recover your project by contacting our support email. However you need to be quick before the data is purged.