Made For Security Teams
Core helps security teams increase speed & quality of penetration testing reports. You get a client portal with workflows to unify pentesting across your team and enterprise. You can also measure effectiveness & prove value of your penetration testing program & services.
Save Time
High-quality customisable reports, on-demand and when you need them.
Save Effort
Integrated, Centralised & Rich Write-ups Library. Speak a consistent language.
Save Money
Tools and workflows to reduce project overheads and costs by up to 40%.
Team Collaboration
Business, Technology and Security teams collaborating in one place.
Methodology
Pre-loaded with industry benchmarks - for efficient & auditable testing.
Clearer View
See your organistion's vulnerable areas. Know your real weaknesses.
Still interested? Deploy Your AttackForge in < 2 minutes!
Core
Core is built & optimized for Consultancies & Small-to-Medium Enterprises.
Core will help you deliver penetration testing program and pentesting services to your customers. It has workflows to cover all of your needs.
For consultancies - it gives you a Pentest-As-A-Service (PTaaS) platform out-of-the-box.
Core is a cloud-only, fully-managed solution - hosted on dedicated tenant in any Microsoft Azure region of your choice. You can include your own custom subdomain, logos and personalize your AttackForge user experience.


Custom Reporting
AttackForge ReportGen Is The Easiest-to-Use Pentest Reporting Tool Available!
Create fully customized reports in minutes with no programming required! Based on DOCX templates that you can style. 10x templates are available for free! Reporting is no longer a worry with AttackForge ReportGen!

Analytics
Know Your Security Posture - At Any Time
Track vulnerabilities over time, across customers, organisation or individual business units. Track vulnerabilities by SLAs. Compare against periods of time. Know what are your Top 10 Most Vulnerable Assets, Top 10 Most Common Vulnerabilities and Top 10 Failed Testcases. Measure your Mean-Time-To-Remediate (MTTR). Better plan your investment in training and awareness. Executive and line reporting out of the box.

Methodologies & Runbooks
Industry Standard Benchmarks and Methodologies
Enterprise is loaded with industry benchmarks from OWASP, NIST, PCI, OSSTMM and others. Enforce and Control exactly how you want it tested, every time. Bring standardization and consistency to your pentesting projects & program. Keep your customers & auditors happy.

Libraries
Centralized Libraries. Unified Vulnerability Language.
Create standardized vulnerability definitions and recommendations. Ensure your teams are all speaking the same language. Reduce time & effort on review cycles. Bring vulnerabilites immediately to development teams and engineers - Reduce Time-To-Remediate (TTR).

Scheduling
Schedule and Plan Your Testing Program
Keep on top of your testing program. Let your customers request new projects in a standardized way. Track projects in the pipeline. Availability assistant & detailed planner to help manage resources effectively.

Search
Vulnerability Information When You Need It
Search helps you to find the vulnerability information you need. Search vulnerabilities by asset; discover vulnerabilities within a group; find vulnerabilities by title; or dill-down by tags. Answer the tough questions within a fraction of the time!

Attack Chains
See Attack From Hackers Perspective
Attack Chains help demonstrate exactly what an attacker is doing at every step - in a simple and clear visual story. Understand how vulnerabilities can be grouped together to cause devastating attacks against your organisational assets. Map Attack Chains to MITRE ATT&CK® Framework in minutes!

Import Vulnerabilities
AttackForge Connector Helps You Import Vulnerabilities From Tools, Platforms and Scripts
AttackForge Connector helps you import vulnerabilities to your projects from tools such as Tenable Nessus and Burp Suite Proxy. Or you can use the API for custom imports.

Export Vulnerabilities*
AttackForge Helps You Export Vulnerabilities Into Your Enterprise Ecosystem
AttackForge helps you export vulnerabilities to your enterprise ecosystem and ticketing tools, including JIRA, ServiceNow, Azure DevOps and more. * Priced separately

Retesting
Track Remediation Efforts and Retesting
Know if and when vulnerabilities are remediated or fixed. Transparency and traceability - audit logs & recorded history for every vulnerability. Request, track & perform retesting.

Review Workflows
QA Finally Made Easy!
Efficient workflows to review and QA vulnerabilities with your teams. Communication & notifications to keep your teams updated. You can QA every vulnerability on your pentest from just one screen! How good is that!?

Global Dashboard
Single Pane of Glass Into Your Security
Monitor how your organisation is performing against its security & penetration testing program. Drill-down on key vulnerabilities and projects. Track performance of projects and make more informed decisions.

Group Dashboard
Monitor Your Business Units
Keep on top of your security posture for a business unit, division, subsidiary, 3rd party or team – know which areas in your organisation are doing well or which areas need improvement. Group membership provides easy to manage access controls for your teams.

Project Dashboard
Control Panel For Your Pentests
View testing progress & vulnerabilities for your projects - at a glance. Download reports in multiple formats. Export vulnerabilities into ticketing systems. View daily tracking. Participate in team chats. Create fully custom reports. View attack chains.

Daily Progress Tracking
Easily Track Pentesting Progress
Track how your projects are performing – on a daily basis. Know if issues are being experienced & when they are resolved. Get to know your project team. Daily breakdown of vulnerabilities found & test cases actioned.

Themes
Personalise Your Theme
Enable different themes based on your mood and preference. Discover themes such as Stealth Mode, The Matrix, Lightning, Halloween, RedBack, Neptune, Firestorm, Lost Woods & Amethyst.
Need Help? Check out our Support Site
Pricing
Core
Action Pack
$300
per month
25 Projects Included
$50 / project thereafter
Unlimited Client User Licences
10 Pentester / Admin User Licences
$50 / user / month thereafter
10 Groups
$50 / group / month thereafter
No lock-in Contract.
Monthly billing via credit-card – cancel at any time
Dedicated Tenant in
Microsoft Azure Region of Your Choice
All amounts are in US Dollars
Action Pack |
||||
Deployment |
||||
---|---|---|---|---|
Dedicated Tenant Hosted in Microsoft Azure Region of Your Choice. Fully Managed Service | ||||
Handover SLA | < 2 minutes | |||
Custom Sub-domain on attackforge.io | ||||
Company Logo | ||||
Two-Factor Authentication (2FA) | ||||
Custom Tenant Configurations | * Limited | |||
Licence & Fees |
||||
Monthly Pay-as-you-Go, cancel at any time * billed in US dollars |
$300 | |||
Included Projects |
25 | |||
Additional Projects |
$50 / project | |||
Included Users |
Unlimited Client User Licences 10 Pentester / Admin User Licences |
|||
Additional Users |
$50 / user / month | |||
Assets |
Unlimited | |||
Uploads |
Unlimited | |||
Groups (Teams / Customers / Business Units) |
10 | |||
Additional Groups |
$50 / group / month | |||
Upgrades to Latest Features | ||||
Support |
||||
Priority Email | ||||
Support Centre & Training Videos | ||||
Reporting |
||||
Professional On-Demand Reports (PDF, DOCX, HTML, CSV, JSON) | ||||
Customizable On-Demand Reports (PDF, DOCX, HTML, CSV, JSON) | ||||
AttackForge ReportGen - 10x Starter DOCX Templates with No-Code Required | ||||
Quality Assurance (QA) Workflow & Revision Notes | ||||
Group Reports | ||||
AttackForge ReportGen Offline - For Custom Reports In Your Own Styles, Templates | ||||
AttackForge ReportGen Integrated - For Custom Reports On-Demand | ||||
Vulnerabilities |
||||
Global Dashboard | ||||
Rules-Based Vulnerability SLAs | ||||
Remediation Plans | ||||
Advanced Search | ||||
Attack Chains | ||||
Integration with CI/CD tools - JIRA, ServiceNow, Azure DevOps | * In-app upgrade | |||
Integration with Vulnerability Management Tools | * In-app upgrade | |||
Retest Workflows | ||||
Custom Fields & Forms | ||||
Full Support for CVSS v3.1 | ||||
Projects |
||||
Dashboards & Project Tracking | ||||
Dedicated Secure Workspace for Every Project | ||||
Scheduling & Calendar | ||||
Resource Management | ||||
Roles-Based Access Controls | ||||
Project Request Workflows | ||||
Custom Notifications | ||||
Custom Fields & Forms | ||||
Integration with Collaboration tools - MS Teams, Slack, Discord | ||||
Libraries |
||||
Centralized & Customizable Vulnerability Templates | ||||
Custom Vulnerability Libraries with Access Controls | ||||
Pre-loaded Vulnerability Templates from CWE & CAPEC | ||||
Centralized & Customizable Test Suites & Methodologies/Runbooks | ||||
Execution Flows and Dedicated Test Case Workspaces | ||||
Pre-loaded Test Suites from OWASP, OSSTMM & Others | ||||
Custom Fields & Forms | ||||
Assets |
||||
Asset Management & Register | * In-app upgrade | |||
Groups |
||||
Groups (Teams / Customers / Business Units) | 10 | |||
Group Dashboard & Tracking | ||||
Link Groups to Project, Vulnerabilities, Users | ||||
Analytics |
||||
Analytics Dashboard | ||||
Trend Analysis & Comparison | * In-app upgrade | |||
Personalize Analytics Dashboard | * In-app upgrade | |||
Self-Service API |
||||
100+ Documented RESTful & Events APIs with Examples | * In-app upgrade | |||
Notifications |
||||
Project Event Notifications | ||||
Dashboard-style Time-based Notifications (Daily Updates, SLAs, Overruns, etc.) | * In-app upgrade | |||
Custom Rules-Based Email Engine | * In-app upgrade |
Need help choosing? We've got you covered
For Peace of Mind
As a software security provider, AttackForge is committed to providing highly secure and reliable software for our customers. Check Out Our Full Security Statement