Monthly Archives: December 2019

Year in Review – a future Dradis feature

How many Dradis projects did you create this year? How many Issues did you find? Which were the most commonly found Issues? What was the most common severity of the Issues that you found?

Credit for this script idea goes to Marc Ligthart. His teammate reached out via the support inbox to see if we could create a quick “Year in Review” script that would list out the following:

1. Count of Projects created this year
2. Total Critical/High/Medium/Low Issues (by Tag)
3. Top 10 most found Issues (by title)
4. Top 10 most found Critical/High/Medium Issues (by title)

Dradis year in review script output example
Example output from the year in review script

You can already head over to our scripting repo and check out the Year in Review script. To use it:

1. SCP the file you your instance (e.g. to the /tmp folder)

2. Run the following in the command line as “dradispro”:
$ cd /opt/dradispro/dradispro/current/
$ RAILS_ENV=production bundle exec rails runner /tmp/year_in_review.rb

The output will list out the yearly review for all of the projects present on your Dradis instance.

Now, for the fun part? We want your feedback. If you like this idea, you’ll like version 2.0 even better. We want to include this functionality as part of the existing Business Intelligence Dashboard within Dradis. But first, we want to hear from you. What else would you like to see in a summary view like this in the BI Dashboard? What other metrics would be helpful for your team or what isn’t particularly useful about the current output? Please email our support team directly with feedback! We’re excited to continue working with you in 2020 and get you some more valuable insights into your Dradis usage along the way.

Dradis version 3.5

New in Dradis Pro v3.5

Email Notifications

Now you can have your notifications emailed to you when you aren’t working in a Dradis project. Each user can adjust their notification settings to receive them individually as they happen, in a daily digest, or not at all. Get started using email notifications by configuring the mail server on your Dradis Pro instance.

A few @mention enhancements are in this release, including loading an @mentioned user’s profile photo or gravatar so you quickly spot who is in the conversation.

Burp Suite Issue severity

The way that Burp Suite handles severity is different than other integrations. Burp assigns severity to each instance of an issue as evidence and doesn’t assign severity to the issue directly. As a result, this was leading to several pieces of evidence with different severity levels for an issue with no assigned severity in Dradis. Now, Dradis will assign the issue severity using the highest evidence severity level.

Table Sorting

Finding the information you are looking for in a long table is easier with table sorting. Tables in Dradis can be sorted by any column. Click on the column heading of your choice and presto, change-o the table is sorted.

animation of a table of security findings sorting by column heading

Release Notes

  • Email notifications
  • Add notification settings to decide how often to get email notifications
  • Add a smtp.yml config file to handle the SMTP configuration
  • Preserve SMTP configuration on updates
  • Various mention related improvements:
    • Enhance the mentions box in comments to close when it is open and the page is scrolled.
    • Fix bug that prevents the mentions dialog from appearing after navigating through the app.
    • Fix elongated avatar images so they are round once again.
    • Added avatar images to mentions in comments.
    • Load Gravatars for users whose email has been set up with gravatar.
  • Add and update methodology download links to Dradis Portal
  • Enhancement when adding new nodes to copy node label data between the single and multiple node forms.
  • All tables can be sorted by column
  • Bugs fixed:
    • Fix handling of pipe character in node property tables
    • Fix projects count not updating in teams view
    • Fix error on team page when showing primary team
    • Fix overflow issue where the content would expand out of view
    • Fix page jump when issues list is collapsed
    • Fix conflicting version message when updating records with ajax
    • Fix hamburger dropdown menu functionality.
    • Fix node merging bug when `services_extras` properties are present
    • Fix cross-project info rendering
    • Prevent content block group names to be whitespaces only
    • Fix displaying of content blocks with no block groups
    • Limit project name length when viewing a project
    • Removed bullet style in node modals
    • Validate parent node project
  • Integration enhancements:
    • Burp: Make `issue.severity` available at the Issue level
    • Nessus: Fixed bullet points formatting to handle internal text column widths
    • Nexpose: Wrap ciphers in code blocks
    • Netsparker: Fix link parsing of issue.external_references
    • Jira: Loading custom (required) fields from JIRA by IssueType and Project
  • REST/JSON API enhancements:
    • Fix disappearing owner when assigning authors to a Project using the API
    • Set the “by” attribute for item revisions when using the API
  • Security Fixes:
    • Medium: Authenticated author mentioning an existing user outside of the project will subscribe that user to the note/issue/evidence
    • High: Authenticated author was able to access unauthorized projects using the API
    • Upgraded gems: nokogiri (CVE-2019-13117)

Not using Dradis Pro on your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features or what our users are saying.