Author Archives: Rachael Carder

Dradis v4.8.0 has a Quality Assurance feature to approve Issues and Content Blocks before reporting

New in Dradis Pro v4.8

Leave a reply

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Quality Assurance

Review/approve Issues and Content Blocks before including them in reports.

The goal here was to give you a way to differentiate between “I’ve reviewed this issue” and “I haven’t reviewed this issue yet”.

You can use the new QA view to look at your “Ready for review” Issues and Content Blocks and review them before including them in reports.

Then, on the Export page, the default is to export just the Published records. But, you can also export All if that makes more sense for your team’s workflow.

Tester Administration

We’ve also added better in-app tester administration. If a user gets locked out of their account with too many incorrect login attempts, Admin users will now be able to unlock their account with 1 click.

Release Notes

  • Quality Assurance: Review/approve Issues and Content Blocks before including them in reports
  • Tester Administration: Add unlock button to UI for locked Testers
  • Integration enhancements:
    • JIRA: Add support for Jira Data Center v8.4+
  • Upgraded gems:
    • rack, rails, time
  • Bug fixes:
    • Kits: Enable import of kit with no project template
  • Security Fixes:
    • Medium: Authenticated (author) persistent cross-site scripting

Not using Dradis Pro?

New in Dradis Pro v4.7

Leave a reply

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Inline Code Support

We already supported code blocks, but now, you can use @ symbols to create in-line code inside of your Dradis project:

When you export this to a Word report that has a custom InlineCode character style, you’ll get that code styled automatically:

Custom Tag Management

Previously, you could create custom tags by editing the XML of the project template directly. That’s still an option if you happen to enjoy dealing with XML. Otherwise, you can now use the UI for that whole process. There’s even a color picker so that you can get just the right shade for your custom tags.

From the project level, you can also manage your tags and create, edit, or delete them as needed:

Opt-in Usage Analytics

Prior to v4.7, we had no way to receive usage data from your instance other than a ping to our licensing server when you first activate the instance. In v4.7, we have rolled out optional usage analytics that you can share with us. Yes, optional!

For full transparency, you can see exactly what you would be sending to us in the event log. It’s all anonymized data like “someone exported a Word report” or “someone logged in as a contributor” that is designed to help us understand how teams are using Dradis and should not reveal anything sensitive, not even your email address.

Of course, you can always opt out of sharing this data with us if you prefer. We’re excited to have a bit more information about how you’re currently using Dradis so that we can make the product even better for everyone in the future.

Release Notes

  • Configurations: Add usage tracking and sharing
  • Content Blocks:
    • Add auto-caching
    • Add image upload button to source view toolbar
  • Issues: Display the results from importers in a Datatable
  • Rubocop CI:
    • disable EnforcedShorthandSyntax rule under Style/HashSyntax cop
  • Tylium:
    • Add breadcrumbs to Revision History view
    • Add secondary sidebar toggling functionality
    • Remove Recent Activity tabs and add View History link to the dots menu
    • Tags: Add tag management
  • Nginx:
    • Remove support for TLSv1.0 and TLSv1.1
    • Add support for TLSv1.3
  • Integration enhancements:
    • Burp: Add support for large base64 response
    • Nessus: Clean up code tags in description fields
    • Netsparker: Add issue.classification_owasp2021 as a new avaiable field
    • JIRA: Fix configurations page requiring JIRA token
    • Remediation Tracker
    • Add a sidebar with a back link and info pane for contributors
    • Hide ticket actions from other addons for contributors
    • SAML: Fix assets on login for some providers
  • Upgraded gems:
    • nokogiri, rails, rails-html-sanitizer, sanitize, sinatra
  • Bug fixes:
    • Business Intelligence: Prevent tracking of discarded projects/teams in dashboard
    • Issues: Prevent multiple action cable subscriptions when going back to the issues table
    • Project: Pre-select the project template when project creation fails
    • Methodologies: Ensure params are validated when moving list/card
    • Issuelib: Avoid partial matches being found when importing tool output
  • Reporting enhancements:
    • Word:
      • Add support for inline code
      • Ignore character properties inside Code paragraphs
      • Use ‘DradisData’ as sheet name for embedded chars
  • REST/JSON API enhancements:
    • Author: Add author field for content blocks, notes, issues, and evidence

Not using Dradis Pro?

New in Dradis Pro v4.4

Leave a reply

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Plugin Manager Validation

The Plugin Manager has new validation! Previously, you’d need a file like issue.txt to use when configuring the Plugin Manager. Now, you can simply associate the Plugin Manager with one of the report templates on your Dradis instance. You’ll see a validation check on the right that will tell you about any missing fields as you configure.

Rules Engine Population

Remember that after a tool file is uploaded, the data runs through the Plugin Manager, then hits the Rules Engine. So, we’ve also updated the Rules Engine so that when you build out new Rules, the Match Field trigger is populated with a dropdown of fields that matches what you configured in the Plugin Manager. No more double-checking field names, capitalization, or anything else like that.

Duplicate a Project

Want to start over with a copy of one of your existing projects? Previously, we had the project import/export feature that would work for this but the new Duplicate button streamlines the process significantly. For retests or just starting over with a copy of a project, just hit the Duplicate button and a new project will be automatically created that is identical to the old one.

Bulk Update Issues and Evidence fields

Have you ever run into a situation where you wished that you could edit multiple Issues or instances of Evidence at once? You can now! Just select multiple Issues or instances of Evidence:

Release Notes

  • Login View: Design update
  • Plugin Manager: Add ability to validate plugin templates with report templates
  • Projects: Add ability to clone projects
  • Tylium:
    • Implement bulk updating for issues/evidence fields
    • Improve mobile experience
    • Show the resource title in the header when viewing a resource
  • Upgraded gems:
    • nokogiri, rack, sinatra
  • Bugs fixes:
    • Cards: Prevent adding ‘card’ class to card comments
    • Login: Add button styles for 3rd party login addons
  • Integration enhancements:
    • Rules Engine: Matching fields are now based on the fields defined in the Plugin Manager
  • Reporting enhancements:
    • Word: Assign unique Word IDs to each element in the document.

Not using Dradis Pro?

New in Dradis Pro v4.1

Leave a reply

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Move Evidence

Previously, you could only move Notes from one Node to another. Now, we’ve extended this behavior to Evidence as well. Have an instance of Evidence that actually belongs to a different Node? Just open the instance of Evidence, click Move (it’s in the 3 dots icon in the top right of the screen) and move it to the correct Node. That’s it!

Move your Evidence from one Node to another

Download Report Templates

Do you need to make a report template update or send us a copy of the report template? What happens if you didn’t create the report template to begin with or the template is old enough that you don’t even know where your local copy could be hiding? Previously, SCP was your only option to download a copy of a report template on your instance. Now, just head to Templates > Reports in the header and click the download button next to any report template to get your own local copy.

Download report templates via the Dradis UI instead of SCP

IssueLibrary Templates + Comments

IssueLibrary entries are great! But, creating them from scratch can be a pain without a format to work with. Now, when you create your IssueLibrary entries, you can select a Note template. No more blank page paralysis or trying to remember whether that field is called “Recommendation” or “Recommendations”, you can select your Issue template and just populate it with the data that you need.

Apply a Note template the next time you create a new IssueLibrary entry

Then, once your IssueLibrary entries are created, you can use comments to have a conversation with the rest of your team. Ask questions, offer suggestions, or just leave celebratory emoji comments! 🎉

Leave comments on IssueLibrary entries to have a conversation with the rest of your team

Release Notes

  • Contributors:
    • Create a new Team (optionally) when creating a new Contributor
  • Editor:
    • Insert an appropriate single or multiline tag for blockquotes and code blocks
    • Limit the content height for easier access to the Create/Update button
    • Quote text from comments and resource content (cards, evidence, issues, notes, etc)
  • Evidence:
    • Create a new issue (optionally) when creating new evidence
    • Move evidence across nodes
  • Liquid drops:
    • Add available_properties method to DocumentProperties drop
  • Projects:
    • Sort templates by title in project form
  • Project Validation:
    • Add missing attachments validation for Textile screenshots
  • Report templates:
    • Add functionality to download templates
  • Report Template Properties validation
    • Disable bulk validation in Issues and Evidence tables if the “Validation” column is hidden
    • Move bulk validation in Issues and Evidence tables to a background job
  • Tables:
    • Add selector to change the number of records displayed
  • Tylium:
    • Import CSS manifests from addons
    • Remove height restriction from code blocks
  • Upgraded gems:
    • brakeman, nokogiri, puma, rails
  • Bugs fixes:
    • Account Lockout:
      • Send password reset instructions on account lockout
    • Conflict resolver
      • Apply the correct warning when a conflict happens on edit
    • Custom Properties:
      • Remove Custom project properties header in team show
    • Document Properties
      • Allow document properties to have a value and be nested at the same time.
    • Methodologies:
      • Ensure boards don’t nest when the instance has been inactive
    • Nodes:
      • Remove extra HTML tag causing the methodology tab to break after a board is added
    • Tables
      • Prevent columns state from resetting
  • Integration enhancements:
    • CVSS Calculator:
      • Settings: show/hide the calculator in the Issues view
      • Toggle between CVSSv3.0 and CVSSv3.1
    • Dread Calculator:
      • Settings: show/hide the calculator in the Issues view
    • Gateway
      • Deliverables:
        • Allow macro enabled word and excel filetypes
        • Allow the CSV filetype
      • Projects:
        • Add “Created” and “Updated” columns to the Gateway projects table
        • Show theme versions when selecting a project theme
      • Themes:
        • Atlantia:
          • Check for the existence of document properties before rendering the value
          • Remove newlines from issue titles
          • Show untagged issues
          • Wrap text in code blocks
      • Bug fixes:
        • Allow Authors to enable their own projects for Gateway
    • Issue Library:
      • Add comments to entries
      • Add subscriptions to entries
      • Create entry from note templates
      • Notify users of updates
    • Jira:
      • Bugs fixes:
        • Issue form: Prevent app from crashing when submitting without project or issue type
    • Nessus:
      • Add product_coverage & cvss3_impact_score as available Issue fields
    • Nexpose:
      • Update HTML tag cleanup to better cover UnorderedList and URLLink tags in the solution field
    • Qualys:
      • Add dd, dt support
      • Remove orphaned b tags
    • Remediation Tracker: Tickets: Create new categories and states (optionally) when creating new tickets
  • Reporting enhancements:
    • Word:
      • Adds EvidenceCounter controls support to not nested in an Issue controls
      • Fixes exporting with missing attachments
      • Fixes invalid predicate error by escaping control characters in XML attributes
      • Fixes links inside inline controls
      • Fixes numeric values for non-range filters
      • Fixes “frozen string” error when exporting nodes without a services table
      • Move image captions to their own paragraph
  • Security Fixes:
    • High: Authenticated author broken access control: read access to issue content

Not using Dradis Pro?

New in Dradis Pro v3.8

Leave a reply

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Per-Tool Permissions

Before Dradis Pro v3.8.0, Admins had access to everything and Authors had access to a subset of features. Now, you can give specific Author users permission to use the tools they need. And, you can give them just the level of access that they need.

Give each Author tool-specific permissions

Each Author can be given access to specific projects. And, for tools like the IssueLibrary, the Rules Engine, or premium tools like the Remediation Tracker, Authors can be given action-based permissions. Do you only want Author #1 to be able to Read IssueLibrary entries but not create, update, or destroy them? You can do that! Do you want Author #2 to have full control over the Rules Engine? You can do that too!

AffectedCount and AffectedList controls

We’ve had the Affected content control for a long time. The Affected control exports a de-duplicated list of comma-separated Nodes for a specific Issue. But, what about if you needed each de-duplicated Node on a new line or in a bullet list? Or, what if you need to count the number of affected Nodes for your Issue?

We’ve rolled out 2 new content controls: AffectedList and AffectedCount. As you can see in the before/after example below, the AffectedList will export the same data as the old Affected content control, just in a list format. And, the AffectedCount will output the number of unique Nodes that the Issue is associated with.

The AffectedList and AffectedCount content controls can be used in your Word report templates

Do you need help updating your report template to use these new content controls? Email our support team and we’d be happy to help!

Project List table

We’ve also updated the Projects page to help you find that one Project you’re looking for. Your most recent projects will appear at the top of the screen as always. But, at the bottom, there’s now a sortable and filterable table. Click the column headings to sort the table by that field. Click the 2 columns dropdown to display different fields. And, type in a keyword to filter the table and display a subset of Projects.

The Projects Page now contains a sortable and filterable table

Release Notes

  • Add all activity view
  • Give dynamic columns, sorting and filtering to project list table
  • New Per-Tool Permissions
    • Premier the new project permission panel for testers
    • Introduce permission management for Issue Library, Rules Engine, and Remediation Tracker
  • Remove inconsistent content blocks breadcrumb
  • Render markup inside table columns
  • Update top navigation link styles and collapsed menu
  • Upgraded gems: rack, sanitize, sassc
  • Bugs fixed:
    • Comments:
    • Removes the edit link while editing
    • Fixes lingering comment borders after deleting comments
    • Resolves broken OVA and DUP upgrades on VM’s running in ESXi
    • Prevent icon overlap of long headers in secondary sidebar
    • Fixes overflow of long unbroken table cell text
    • Prevent text overflow on to select areas
    • Word report generation no longer errors with extra document properties
  • Integration enhancements:
    • IssueLib: markup rendered in columns
  • Reporting enhancements:
    • Excel: add Tag column
    • Word
      • New AffectedCount content control
      • New AffectedList content control (one host per line)
      • Update exported tables to have 100% width by default

Not using Dradis Pro on your team?

Year in Review – a future Dradis feature

Leave a reply

How many Dradis projects did you create this year? How many Issues did you find? Which were the most commonly found Issues? What was the most common severity of the Issues that you found?

Credit for this script idea goes to Marc Ligthart. His teammate reached out via the support inbox to see if we could create a quick “Year in Review” script that would list out the following:

1. Count of Projects created this year
2. Total Critical/High/Medium/Low Issues (by Tag)
3. Top 10 most found Issues (by title)
4. Top 10 most found Critical/High/Medium Issues (by title)

Dradis year in review script output example
Example output from the year in review script

You can already head over to our scripting repo and check out the Year in Review script. To use it:

1. SCP the file you your instance (e.g. to the /tmp folder)

2. Run the following in the command line as “dradispro”:
$ cd /opt/dradispro/dradispro/current/
$ RAILS_ENV=production bundle exec rails runner /tmp/year_in_review.rb

The output will list out the yearly review for all of the projects present on your Dradis instance.

Now, for the fun part? We want your feedback. If you like this idea, you’ll like version 2.0 even better. We want to include this functionality as part of the existing Business Intelligence Dashboard within Dradis. But first, we want to hear from you. What else would you like to see in a summary view like this in the BI Dashboard? What other metrics would be helpful for your team or what isn’t particularly useful about the current output? Please email our support team directly with feedback! We’re excited to continue working with you in 2020 and get you some more valuable insights into your Dradis usage along the way.

Comments, notifications, & subscriptions

Leave a reply

Efficiently collaborate with your team using comments, notifications, and subscriptions inside of Dradis.

We heard you. There are times that you need to discuss a Dradis project with your team. Gone are the days of jumping on Slack or sending an email with a question or request for edits. Instead, leave a comment! Keep all of your Dradis talk inside Dradis.

Comments, notifications, and subscriptions are brand new in Dradis Community Edition (CE) v3.10 (and coming in the next release of Dradis Pro!).

Let’s jump straight into an example of how these new features improve team collaboration:

I’m working on Dradis CE (username rachkor) and have a question for another team member (username daniel). He wrote up a new Issue, but I think that the solution needs expanding. Instead of writing an email or finding him on chat, I scroll to the comment form at the bottom of the Issue:

Add comments to your Dradis Issues

Not only can I comment on the Issue, but I can also mention @daniel by name:

Mention other Dradis users in your comments

The next time Daniel logs in to Dradis, he’ll be greeted by a notification from me:

Get notifications from any mentions in Dradis comments

Comments are included in the Recent activity feed so that you can keep up with your team as a whole, even if you aren’t involved in a specific conversation.

When you comment on an Issue or a teammate mentions you in a comment, you’ll be automatically subscribed to that Issue. If you need to subscribe (or unsubscribe!) from notifications on a specific Issue, click the subscribe/unsubscribe button:

Subscribe or unsubscribe from comment notifications

We’re excited to unveil this new phase of collaboration within Dradis and can’t wait to hear what you think! Want to check it out? Grab the latest version of Dradis CE from GitHub with these instructions and test out the comments, notifications, and subscriptions. These new features will ship in the next release of Dradis Pro. If you’re a Pro user, stay tuned for a release notice soon!

Not using Dradis yet? Learn more about the Dradis Framework and all the time you could save.

Tales from the Other Side: we survived our first security review

Leave a reply

In a dimly lit room with Doritos and Mountain Dew on my side, I was ready to begin the assessment and be like Hackerman. – Aaron

Recently, the Dradis team was presented with the opportunity to conduct a security review for a funded startup. Our original team comes from a background in security consulting. But, we also have team members who come from the software or support worlds. Basically, some of us (Aaron, Rachael, and Xavi) were n00bs and had never pwned anything before.

As someone who unintentionally adds holes in an application for a living (aka web developer), finding vulnerabilities in an app sounds like a fun activity that could give me a new perspective on my profession. – Aaron

Why did we decide to take on this project? We wanted to experience what you experience every day. The Dradis team doesn’t (usually) deliver security reports, we release software. We exhaustively test new releases and fix the bugs that you report to us. But, we rarely (if ever) get the chance to use Dradis in a real-world scenario. This time, we had a client, the team needed to collaborate despite time zone differences, and there was a deadline looming. Yes, we crossed over to the other side. And, we survived.

What we did:

  • Performed a security review on 3 components of a single web application
  • Drank a lot of coffee and/or mountain dew
  • Followed the WAHH methodology (with some custom checks added in)
  • Found, verified, and reported on roughly 3 dozen Issues
  • Generated a Word report that was organized by Risk Rating (based on the CVSSv3 score) and by affected component
  • Delivered the report to the client, answered their questions, then wished we could celebrate in person as a team

We learned a lot. We delivered a report to our client that we’re proud of and we covered a lot of ground in a short period of time. The technical team did a great job transitioning from their day jobs as Ruby developers and becoming pentesters for a week. Aaron summed up the learning curve perfectly, it was “like a scientist trying to do ballet for the first time.”. Everyone ran into at least a few walls. But, with some teamwork, fantastic resources, coffee, and a little Google, we got it all done. During the process of the security review, we learned about you, we learned about us, and we’re excited to apply these lessons as we continue building Dradis.

 

We learned a lot about you

No, not about you as a person, but we did learn a lot about our customers in the whole “walk a mile in their shoes” sense. By using Dradis to perform a real-world security review, we got insight into how we can make Dradis so much better for you in the future.

Here’s an example:

We’re a remote team. On this project, team members were collaborating between 3 different continents. Team members jumped in and worked during their own daylight hours. After about day 2 of the project, we realized that we were pasting links from the Dradis project into Slack with messages like “Hey, I don’t understand this part, can you clarify?”. Then, the author of the Issue would have to log back into Dradis, edit the content over there, and then update the Slack thread saying “I fixed it! How does that look now?”.

You know what we needed instead? The ability for all of those conversations to take place within Dradis. This wasn’t our only lightbulb moment, but it was one of the biggest. We can’t wait to roll out new features and improvements to give you the features that we were looking for!

 

We learned a lot about reporting (and deadlines)

Dradis is a collaboration and reporting tool. So, learning about reporting and deadlines is really the same as learning about ourselves. Some of us also learned more about our caffeine tolerance during the security review, but you want to hear about Dradis, right?

I (Rachael) spend a whole lot of time with your report templates. I’ve made friends with Microsoft Word (ok, it’s still a rocky relationship sometimes) and can break and fix just about anything you throw at me. But, I’d never experienced generating a report with Dradis while under an external deadline before. This time, I knew that there was a client waiting for me to review the findings and export the report.

We’ve always had a “we will go above and beyond for our customers” approach to support. But, the next time we get an email like “MY REPORT WAS DUE YESTERDAY AND IT’S BROKEN OH GOD PLEASE HELP ME” (not a direct quote), we can understand you even better. That extra understanding of what you’re going through was worth every hour we spent on this security review.

And it’s not just on the support side. We want to take our newfound understanding and help take away even more of the work (and stress) of the reporting process. How? By improving Dradis.

Improvements: Big and Small

We found plenty of small (and big!) improvements that we can’t wait to implement. We quickly identified a few UI tweaks. In some cases, they’re as simple as moving a button or adding different scrolling options. But, if we were internally screaming for them, we think you’ll like them too.

Some of the takeaways were bigger. For example, after going through the QA process ourselves, we feel very strongly that we need a more seamless QA process within Dradis.

Back to the other side

In the end, we all ended the security review with a deeper respect for what you all do every day. Walking the digital equivalent of a mile in your shoes left us with a list of improvements that we think will make the road a little less rocky for you next time. But, we’re ready to head back to the other side (the software development side) and leave the security reviewing to all of you again. You find the vulns, we’ll keep making Dradis better for you. Stay tuned for more Dradis improvements in the coming months!

 

 

Dradis Framework Founder’s Letter – 2017

Leave a reply

Good Software Takes Ten Years. I didn’t know that when we started back in 2007, but I’ve come to terms with that rule since then. A lot can change in 9 years. You can go from the first commit of an internal project released as open-source to a small, independent, self-funded software team that is making a difference for 300+ teams in 34 countries around the world.

Did I have a clue about where we’d get in 9 years when I pushed that first commit? Most definitely not. Was I confident that we’d be working with 1,000s of InfoSec experts every day when I quit my security consulting job over 2 years ago to concentrate my efforts on Dradis Pro full time? Not even close. Do we have a clue about where we’re heading over the next 2 years? We have clues but most likely, we really don’t know. But that’s fine, we’re not alone in this journey. We’re bringing our entire community along with us. And most importantly, we have the freedom to choose where we’re heading.

We don’t have investors so we can keep our users front and center. Were trying to grow as slowly as possible. By focusing on the fundamentals, we’ve managed to get this far. And, we’re sticking to the same approach going forwards: do the work, keep our users happy, and care about their long term success.

A brief history of our project

Just to put things into perspective, here is what working on the same piece of software every single day for 9 years did:

  • Dec 2007: Start working on an internal tool for pentest collaboration.
  • Jan 2008: Release Dradis Framework as open-source.
  • …3,000 code commits.
  • Jul 2011: Launch a side-business offering additional functionality and official support (Dradis Professional announcement).
  • …work with 140 teams, 17 new releases, 2,967 commits.
  • Feb 2014: Make the side-business our main business.
  • …7 new releases, 782 commits.
  • Mar 2015: Welcome Rachael, our second full-time member of the team
  • …13 new releases, 2,503 commits…

The last 12 months

With the growth in the Dradis Pro side of things, we have been able to reinvest a lot of man-hours in Dradis Community Edition. It’s our way to give back to the community that helped us along the way. The code was refreshed and updated. Many of the enhancements that were created for the Pro edition were backported to CE. Plus, the documentation was rewritten, step-by-step guides were created, and screencasts were recorded. We also created and released OWASP, PTES, HIPAA and OSCP compliance packages with testing checklists, report templates and more.

Dradis Community edition GitHub repo commits in 2016

The activity in the Dradis CE repo shows how a lot of this effort was concentrated earlier in the year to sync the CE and Pro code bases (kudos to the GitLab team for the inspiration).

Our community is growing stronger than ever. We’re averaging 400 git clones each week. Plus, we have a thriving Slack channel and dozens of new threads in our community forums.

Dradis community edition is being downloaded an average of 400 times per weekWhat we are going to be focusing on over the next 12 months

Over the last 12 months, we’ve pushed 11 new releases of Dradis Pro. From performance and interface to functionality and stability, we’ve noticeably improved every single aspect of the app. The product today is in a completely different category from where it was 12 months ago. And still,  there is so much room to grow, refine, and improve!

2017 is exciting for us in many ways. We’re now working with over 300+ teams. This is a challenge, but we wouldn’t have it any other way. Plus, this the first time that we have a small team of very talented people working full time on taking care of product development and user experience.

I’m sure that the speed at which we’ll be making progress is going to feel break-neck. I can’t wait to see the things that we’re going to be able to build with you and for you and the rest our community.

To our best year ever,

Daniel

New in Dradis Pro v2.5

Leave a reply

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

Before the end of 2016, we’re excited to bring you Dradis Pro v2.5 with updates and upgrades across the product.

The highlights of Dradis Pro v2.5

  • Trash feature to restore deleted content (see below)
  • Hide expand button in Nodes tree when Node has no children
  • Add multiple Nodes at the same time (see below)
  • Automatically generated Issue template from Report Template Properties (see below)
  • Improved Project Validation error messages
  • Performance upgrades (Russian doll caching)
  • Add-on enhancements:
    • Include CVSSv3 scores in the Acunetix plugin
    • Accommodate Severity Recasting in the Nessus plugin
    • Update Nmap plugin Services table and NSE data
  • New add-ons:
    • Zed Attack Proxy (ZAP) upload
  • Word reports:
    • Filter Evidence content controls
  • Bugs fixed: #215, #256, #268, #327, #334, #336, #337, #338, #340

A quick video summary of what’s new in this release:

Trash Feature

Use the trash feature to recover your deleted content and restore. You can filter the Trash contents to find that one Issue that you need to restore. Then, add it back into your project with a single click.

Recover your deleted content with the trash feature in Dradis Pro v2.5

 

Multi-add Nodes

No more adding one Node at a time. Now you can use the new “Add multiple” option when you’re creating Nodes. Just paste in a list of Nodes to create all of them at the same time.

Add more than one Node at a time in Dradis Pro v2.5

Issue template from Report Template Properties

You’re already using the Report Template Properties for automatic validation, right? We’ve extended the Issue fields even further to help make your life easier. First, define the Issue fields in your Report Template Properties:

Use your report template properties to automatically generate an Issue template in Dradis Pro v2.5

Then, when you manually create an Issue, you’ll notice a new option in the dropdown. Select Default for template and Dradis will automatically pull in the Issue fields from your Report Template Properties to create your Issue template.

Select Default for template to automatically create an Issue template from your report template properties in Dradis v2.5

If you specified values for your text field, they’ll even appear in a list so that you can be sure that your Issue has the fields and values that your report template is looking for.

Your Issue template is automatically created from your report template's Issue Fields in Dradis Pro v2.5
Ready to upgrade to v2.5?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.