AttackForge helps you to track your security testing performed on any assessment or project. This is achieved using Test Cases which are assigned to a project, and can be further assigned to individual testers and/or scope assets.
Every Test Case on the project can help to guide you on what needs to be tested, how it should be tested, and help you to store and capture testing evidence and artefacts.
A Test Suite is made up of a collection of Test Cases which are relevent to the Test Suite.
For example, a Test Suite might be "Web Application Pentest" and a Test Case on this Test Suite might be "Verify that request throttling is in place to prevent automated attacks against common authentication attacks such as brute force attacks or denial of service attacks."
AttackForge already comes pre-loaded with many Test Suites from industry methodologies such as OWASP, OSSTMM, NIST and more.
This repository provides additional industry methodologies you can import into your AttackForge tenant. The following methodologies are supported:
- MITRE ATT&CK Enterprise Version 16.1 - see recommended mapping
- MITRE ATT&CK Mobile Version 16.1 - see recommended mapping
- MITRE ATT&CK ICS Version 16.1 - see recommended mapping
- OSSTMM Version 3 - Human Security Testing
- OSSTMM Version 3 - Physical Security Testing
- MITRE ATLAS Version 4.8.0
- OWASP AI Testing Guide 2026
- OWASP Top 10 for Large Language Model Applications 2025
- OWASP Web Security Testing Guide Version 4.2
- OWASP Application Security Verification Standard (ASVS) Version 4 - Level 1
- OWASP Application Security Verification Standard (ASVS) Version 4 - Level 2
- OWASP Application Security Verification Standard (ASVS) Version 4 - Level 3
- OWASP Web Application Security Top 10 2021
- OWASP API Security Top 10 2023
- OWASP Mobile Application Security Testing Guide (MASTG) Version 2 2025
- OWASP Mobile Top 10 2024
- MITRE ATT&CK Mobile Version 16.1 - see recommended mapping
- OSSTMM Version 3 - Telecommunications Security Testing
- OSSTMM Version 3 - Data Networks Security Testing
- OSSTMM Version 3 - Wireless Security Testing
- MITRE ATT&CK ICS Version 16.1 - see recommended mapping
- CIS Amazon Web Services Foundation v1.2.0
- CIS Microsoft Azure Foundation v1.2.0
- CIS Google Cloud Platform Foundation v1.1.0
- Oracle Cloud Infrastructure
- Kubernetes Infrastructure
You can load additional testing methodologies in the form of Test Cases which can be imported on your Test Suites using the import options on Test Cases:
