AttackForge.com

Made For Pentesters


AttackForge.com will help pentesters reduce wasted effort and focus on breaking stuff. It’s the first dedicated client-facing collaboration platform for pentesting – unlike other tools which focus on scan output aggregation or report generation only.

Save Time

High-quality customisable reports, on-demand and at the click of a button.

Save Effort

Integrated, Centralised & Rich Issue Library. Stop re-inventing the wheel.

Save Money

Tools and workflows to reduce project overheads and costs by up to 40%.

Team Collaboration

Collaborate with your team, client and developers.

Methodology

Pre-loaded with industry benchmarks and methodologies, out of the box.

AttackChains

See the attack from hacker's perspective. Chain vulnerabilities together.

Still interested? Try AttackForge.com

Benefits


Automated Reports

High-Quality Automated Reports

On-demand reporting at the click of a button, whenever you or the client needs it. Reports can be customised and includes templates for Executives, Risk Managers, Third-Parties such as Auditors, and Developers. All reports can be downloaded in PDF, DOCX and CSV.

Vulnerability Library

Rich Issue Library With Over 1300 Vulnerabilities

Immediately access every CWE, CAPEC and other industry standard vulnerability definitions, or create your own. Save time on reporting - it takes on average less than 30 seconds to add a vulnerability to your pentest. No traditional report writing required.

Teams

Build Up Your Team and Collaborate

Connect with People to build your dream team and share your vulnerability libraries and test suites. Combine your hard work and avoid reinventing the wheel. Intended for small pentest teams or collaborative groups of freelancers.

Case Study

SMALL BOUTIQUE CONSULTANCY


Client

The client is a small security company in Europe, providing penetration testing services to clients within Europe and North America.

Problems

Client has to compete for work with big and medium sized security companies and therefore relies on their ability to be fast and efficient with time and resources. Client also competes for talent as it is hard to find and even harder to retain good penetration testers.
The problems for this client were:

  1. Significant time (and therefore cost) spent by the most senior people on penetration testing logistics - scheduling, scoping, collecting necessary information, and doing quality assurance over the reports.
  2. Language barrier – most of their customers expected reports in English, and a lot of their pentesters come from a non-English speaking background.
  3. Pentesters being burned out by writing reports.

As the client’s Managing Consultant put it: “If I have to spend my time chasing clients, collecting testing credentials, reviewing reports, and saying goodbye to my best pentesters - who is going to do business development?”.

Solution: AttackForge.com

AttackForge.com's main purpose is help small security companies and freelancers. It provides proven methodologies, comprehensive vulnerability and issue library, and a secure method of communication with customers.

Client had tried AttackForge.com with a testing project and then introduced it to the principal pentesting team. The first full pentest was executed in February 2019. Customers’ representatives were invited for the third project.

Results

1. After several projects, the time spent on logistics went down by 50%. Quality assurance (such as peer and tech reviews of the reports) was reduced by 90%.

2. The language issues went away entirely as AttackForge.com provided the most word heavy components such as vulnerability definitions out-of-the-box.

3. Pentesters are happier as they do not need to write reports any more.

4. The clients' customers reported that the use of AttackForge.com helped them to track and fix vulnerabilities faster, saving time and money. AttackForge.com paid for itself after the second project. One day of wages saved on writing reports is more than annual Pro subscription fees.

Will It Work For You?

If you are concerned with having your pentesters happy, and keeping your overheads and costs low – go for AttackForge.com. Try it for free. If your deliver more than 30 projects then go for AttackForge Enterprise.

Case Study

FREELANCE PENETRATION TESTER


Client

This freelance penetration tester is based in the United States and had come across AttackForge.com from a Reddit post. He had been conducting pentesting professionally for over 5 years, with the last year working as a freelancer. Before freelancing, he was working for a large retail bank in the US. The bank had built it's own internal reporting capability which helped pentesters significantly. All other processes were mostly manual, such as email communications for interactions with clients / internal business units and their related technology teams.

Problems

Since leaving the bank, he had set up his own legal entity, insurances, background checks, purchased all standard commercial tools which are typically used during professional engagements, and was ready to start working as a freelancer. However there were a number of challenges that he faced:

  1. No Report templates. Freelancer had no intellectual property rights over previous report templates used at the bank, and needed to create a new report template to use with own clients.
  2. Reputation, Trust and Pipeline. As he was only new to this type of work and sales - it was difficult to win work and convince people to go with him, and why he's a better choice than cheaper offshore alternatives.
  3. Visibility and Maturity. It was difficult for this freelancer to demonstrate that his methodology and testing coverage would be aligned with client's expectations. The lack of visibility until a report was produced at end of testing meant that he was having to manually write daily status updates each day so that the client could have visbility over testing progress, and what was being covered off daily.

This created additional overheads and stress for this freelancer, which was especially difficult as he was also learning how to run a small business for the first time. As he had put it "I needed something to keep client's happy and coming back".

Solution: AttackForge.com

AttackForge.com is a full collaboration platform which bring's pentesters and their clients together in one place. For the first handful of projects using AttackForge.com - he had not invited clients directly to AttackForge.com project workspaces. Instead he had indicated to them that he was using a tool to help him with tracking and reporting. He was adding his findings daily using the in-built Vulnerability and Issue Library, and ticking off test cases as he went along. At the end of each day, he downloaded the report and sent this to the client.

After getting used to AttackForge.com - he started to invite client's directly to their project workspaces. This meant that he no longer needed to send them daily updates and that they could log in and see progress for themselves, and download reports when they needed it.

The feedback he had recieved from client's was mostly positive, and importantly helped him to build trust and pipeline as they could see exactly what was being tested (scope), when it was tested (timestamps), how it was tested (test cases), upload details directly to the workspace when needed, and all evidence to help them understand the issue and how to fix it.

Eventually, few of his clients who had got used to AttackForge.com had requested that he gives access to developers directly so they could see the findings and start actioning them, without the client having to be a bottleneck. This meant that client spent less time and effort managing logistics and communication, which freed up a lot of their time.

Some of the regular clients who were using AttackForge.com had also started managing their remediation testing through AttackForge.com. The clients developers' were selecting which issues were ready for retest and requesting a retest round, and the freelancer was able to perform this swiftly and invoice client for the retesting performed.

Results

1. Freelancer no longer needed to worry about maintaining his own report template as customers were happy with the results produced from AttackForge.com as it was sufficient for developers to understand the issues and how to fix them.

2. Freelancer was able to show new prospective clients his sanitised/de-identified projects to help give him a competitive advantage when bidding for new work. Prospective client's could see that industry standard methodologies were being used and detailed information for findings was being produced. This helped to build trust and win more clients and work.

3. Freelancer was able to create 'stickiness' with his regular clients, as they were now using his AttackForge.com projects as their defect management tool for penetration testing findings, providing him with regular income and helping him to build his pipeline.

Will It Work For You?

If you are a freelance penetration tester and you need a tool to help take some pressure off you and keep your clients happy - AttackForge.com is for you. It is free to sign up and start using immediately. However if your client's requirement is to have their data isolated and not stored in a multi-tenant solution, then AttackForge.com is not for you.

Features & Pricing


Do more with AttackForge.com

Our prices are very easy to understand. There's no extra or hidden fees. You just pay what is listed here. You can cancel at any time.

Free

Monthly

$0

/ user /

Create Pentesting Projects
Invite People to Your Projects
Automated & On-Demand Reports (PDF / DOCX / CSV)
Custom Vulnerability Library - Preloaded 1300+ Vulnerabilities
JIRA & Slack Integration
Remediation Tracking
Free Forever!
All amounts are in US Dollars


Pro

Monthly

$50

/ user /

Everything in Free
Unlimited Projects
Customise Your Reports
Unlimited Invitations To Your Projects
Create Teams To Share Knowledge
Access Powerful Analytics
Custom Test Suites
Unlimited Project Scope & Uploads
Priority Support
All amounts are in US Dollars


Free

Pro

Vulnerabilities

Global Dashboard For All Your Vulnerabilities
View & Search Vulnerabilities by Project, Asset, Priority and Status
Track by Open, Closed and Ready For Retest
Analytics & Trends Discovery
Create Attack Chains
Import Vulnerabilities Into Your JIRA Project
Detailed Vulnerability Information
Upload and Store Vulnerability Evidence & Artefacts
Audit Logs For Life of Vulnerability
Access & Manage Vulnerability Library (1300+ Vulnerabilities)
Share Vulnerability Library with Team

Projects

Global Dashboard For All Your Projects
Create & Manage Projects (Limited)
Daily Notifications on Start/Stop Testing
Project Overview & Dashboard
Secure Workspace For File Uploads (Limited)
View & Action Test Cases
Access Test Suites & Methodologies From OWASP, NIST, PCI, OSSTMM & Others
Create Your Own Test Suites & Methodologies
Share Custom Test Suites & Methodologies with Team
Storage For Testing Logs (Limited)
User Access Management

Collaboration

User Profiles
Invite People To Collaborate on Your Projects
Scheduling & Calendar
Private Slack Channels For Communication
Request, Track and Perform Remediation Testing
Invite People To Your Team

Reporting

Automated & On-Demand Reporting
Detailed Vulnerability Reports (PDF, DOCX & CSV)
Customise Executive Summary
Templates for Executives, Auditors, 3rd Parties, Developers
Customise Your Reports
Rebrand DOCX For Your Own Needs

Security

Mandatory Two-Factor Authentication
Encrypted Communications & Storage

Support

Email Support
Priority Email Support
Security

For Peace of Mind


Two-Factor Authentication

Access to AttackForge and all administrative interfaces have mandatory two-factor authentication (2FA) enforced.

Data Location

All data is stored encrypted in Microsoft Azure, Australia.

Encryption

All data is encrypted in transit and at rest.

Backups

Data is backed up daily and stored for up to three (3) years. All backups are stored encrypted.

Passwords

All passwords are stored hashed and salted using security best practices.