AttackForge
Search
K

Test Cases

Overview

When creating a new project, you can select one or more methodologies or checklists to apply to the project - referred to as Test Suites. Each test suite has a collection of test cases which gets assigned to the project.
A test suite helps:
  • Clients understand exactly what was tested on the project;
  • Developers/Engineers link test cases to vulnerabilities;
  • Pentesters structure their testing in a methodical, consistent & standardized way;
  • Organizations create repeatable, standardized & comparable assessments - independent of who was actually performing the assessment.
Test cases can provide valuable insight into a penetration test or audit. It shows:
  • What was tested
  • When it was tested
  • Who tested it
  • What was the status
  • Supporting evidence
To view the test cases assigned to the project, click on Test Cases from the project menu, or click on Status Dashboard Box (in example below it shows 'Testing').

Updating a Test Case

It is the function of a pentesters (or assessor) on the project to update the test cases, as they work through the assessment. Therefore only users with Edit permissions on the project can update a test case.
Test cases by default are set to Not Tested.
Authorized users can update the status of a test case to any of the following:
  • Not Tested
  • Testing In Progress
  • Tested
  • Not Applicable
You can update a test case by clicking on the status of the test case and selecting an option from the drop-down menu.
You can also update multiple test cases in bulk using the page menu. Select Edit Multiple Test Cases, then select the desired test cases, then using the page menu again - select the desired status e.g. Set As Tested, Set as Not Tested, Set as Testing In Progress or Set as Not Applicable.

Adding a Note / Uploading Supporting Evidence

Each test case can have supporting notes & files which contains the evidence & observations from the pentester or assessor. For example, if the test case required to perform a scan using a tool - the results of the scan can be uploaded.
To add a note or upload a file - select Add Note or Upload Files / Evidence from the actions menu.
All notes & evidence are included in the on-demand reports.

Filtering Test Cases

You can filter test cases using the page menu. The following options are currently available:
  • Filter on Assigned to Me
  • Filter on Not Tested
  • Filter on Tested
  • Filter on Testing in Progress
  • Filter on Not Applicable

Assigning Test Cases to a User

Project Owner can assign test cases to any project team members with Edit permissions on the project, i.e. pentesters or consultants. This helps to delegate tasks to team members to maximise efficiency during testing, as well as accountability for certain tasks.
You can assign a test case to a user by clicking on editable None value in the Assigned To column, and then selecting the user from the list of presented options.
You can also assign multiple test cases in bulk using the page menu. Select Edit Multiple Test Cases, then select the desired test cases, then using the page menu again - select the user to assign the selected test cases.

Assigning Assets to Test Cases

Project Owners can assign assets to test cases. This helps to delegate tasks to individual assets to increase testing coverage and traceability.
You can assign one or more assets to the test case by clicking on editable All value in the Assigned Asset(s) column, and then selecting the assets from the list of presented options. You can multi-select in the field.