Collaboration tool aimed at standardizing and streamlining the security testing process
AttackForge is a pen test management and collaboration platform created to facilitate security testing across large and small organizations.
At Black Hat Europe today, which has held virtually due to the coronavirus outbreak, creators of the tool demonstrated how a free-to-use version can help with pen test exercises, automated reporting, and tracking vulnerabilities.
While there were already “great products” on the market, co-founder Fil Filiposki said the collaboration features included with AttackForge set the platform apart from other products which “focus mainly on report generation or aggregating vulnerability data from different scanners”.
Filiposki told The Daily Swig: “AttackForge.com is our free to use platform. It is aimed at students or aspiring pentesters looking to learn the trade and prepare portfolios which could be used to get their foot in the door, as well as small boutique consultancy teams providing pentesting services, and freelance pentesters.”
Such features include the capability to create a centralized, standardized, and consistent security testing protocol, and analytics and trends trackers to help users better understand the root cause of issues and where an organization needs to focus resources and effort.
Fil Filiposki offered an overview of AttackForge at Black Hat Europe 2020
The platform also enables improved collaboration and knowledge sharing between business, technology, and security teams, said co-founder Stas Filshtinskiy.
“This helps build knowledge about vulnerabilities, their impact, and effective remediation strategies,” Filshtinskiy told The Daily Swig.
AttackForge includes a pre-populated vulnerability library built on the Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC) frameworks, both of which are community taxonomies under the MITRE organization.
The library contains around 1,300 different vulnerabilities, though users can also create custom entries in their own library which can be referenced in any project.
The web edition of AttackForge is also often used by budding pen testers, some of whom have used the product to help gain employment, Filiposki said.
“We have had feedback from people who had used AttackForge.com to help kick start their careers by creating a portfolio of pentest projects, then sharing this with their recruiters or potential employers,” he explained.