Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this release, we’ve squashed some pesky bugs and updated the system and its add-ons with new features that will make your team’s life easier.

The highlights of Dradis Pro v2.9

• Added bulk view (and multi delete) for a node’s notes and evidences.
• Added the trash functionality to content blocks
• Added the Methodology tasks and content blocks to the search
• Added report content attachments
• Added validation for block groups with empty names
• Fixed nested lists in exported reports
• Fixed the multi-deletion of issues
• Fixed the ghost nodes issue
• Fixed the project import and export with missing users
• Add-on enhancements:
  • Added trend analysis for the Business Intelligence add-on
  • Added node properties to the Acunetix and Qualys plugin
  • Added metric-specific fields to the CVSS calculator
  • Fixed the encoding error for the Burp upload plugin
  • Fixed the export errors for the HTML export plugin
• Bugs fixed: #173, #349, #354

A quick video summary of what’s new in this release:

List View for Notes and Evidences

You can now view the evidences of a node as a list. This comes with the bonus of being able to delete them in bulk!

The same goes for the notes in a node!

Business Intelligence Trend Analysis

With the addition of trend analysis to the Business Intelligence add-on, you can now compare 2 or more projects so you can easily visualize the ongoing trends between them.

Report Content Attachments

Just like attachments for nodes, you can now add attachments for your content blocks!

Ready to upgrade to v2.9?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this zippy release, we’ve added a few features and fixed a few bugs to make your reporting life easier.

The highlights of Dradis Pro v2.8

• Added the content blocks feature
• Added delete option for document properties
• Added Excel export through the command line
• Allow .xlsx and .xlsm templates.
• Added “Default for template” in Evidence multi-add form.
• New add-on:
  • Netsparker upload
• Add-on enhancements:
  • Update Nessus plugin to include CVSSv3 fields
  • Added HTTPS Support for the Mediawiki plugin
  • Added content blocks service in dradis-plugins
• Bugs fixed: #150, #157, #332.

A quick video summary of what’s new in this release:

Content Blocks

The new content blocks feature makes adding notes to your report a lot easier. Gone are the days when you have to tediously add a node, add a note to it then set a category, only for you to forget it a few days later.

Document Property Deletion

We’ve added a way for teams to be able to delete unused document properties from their projects. You won’t have to worry about them cluttering your project anymore!

Ready to upgrade to v2.8?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this release, we’ve added shiny new features to make reporting and collaborating with your team much easier.

The highlights of Dradis Pro v2.7

• New Excel exporter
• New Report Content page for custom document properties
• v2 Methodology Admin templates
• Methodology actions included in the activity feed
• Independent scrolling for Methodology Lists
• User profile image in the navbar
• Word reports:
  • IssueCounters nested in Nodes work as expected.
  • New EvidenceCounter content controls.
  • Fixed handling of array properties
• Add-on enhancements:
  • Improved the Qualys plugin data representation
  • Updated the Nexpose plugin with Evidence templates
  • Improved the Nexpose plugin parsing issues
  • Added mouseover details to the CVSSv3 calculator
  • Improved to the Dradis Plugins Content Service
  • Fixed Dradis Plugins import for extremely long descriptions
• Fix plugin upload and export thor task errors
• Bugs fixed: #119, #347

A quick video summary of what’s new in this release:

Excel Exporter

You can now export your projects to Excel! If you ever need to manipulate data and/or perform calculations for your exports, you can do this with customized formulas in Excel. How cool is that?

Here’s a sample of what your Excel report could look like:

Document Properties

With the new Report Content section, you can now define Document Properties for your project. No need to look for that misplaced properties note that you made ages ago!

New Methodologies Templates

To augment the improvements to the Methodology from the previous release, we’re adding the ability to add Methodology templates with the new Lists and Tasks. Go brethren! You are now free from the shackles of Pending and Done!

Ready to upgrade to v2.7?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

Our first 2017 release, Dradis Pro v2.6 is loaded with some very interesting features to coordinate your team and generate better reports, faster.

The highlights of Dradis Pro v2.6

• Better support for security testing methodologies (see below)
  • Organize tasks in a Kanban board (we ❤️ Trello too!)
  • Provide additional context, gather results, or set a due date for each task.
  • Assign tasks to different team members.
  • Keep Notes and information on each task.
  • Export Methodology details into your reports.
• Merge multiple Issues in your project (see below)
• Local Profile Pics (not just Gravatars!)
• Redesigned error pages with the data you need for troubleshooting.
• Edit / delete links for Evidence, Issues, and Notes from the sidebar.
• Attachments HTTP API endpoint.
• Validate Evidence fields.
• Automatically generated Evidence Template.
• Add-on enhancements:
  • Updated Nessus Plugin to support files that are missing a plugin_output tag.
  • Updated Qualys Plugin to better handle tags in report content.
  • Updated Burp Plugin to detect non-base64 encoded files and binary request/response data.
  • Updated the Burp-Dradis connector to correct HTTPS errors.
• Word reports:
  • Methodology and Task content controls let you provide fine-grained information about your testing methodology as part of your deliverables.
• Fix XSS in Issues diff view.
• Bugs fixed: #84, #104, #164, #206, #280, #316

A quick video summary of what’s new in this release:

Methodologies becomes a 1st class citizen of the framework

Methodologies now contain Lists and Tasks. Create custom Lists, add Tasks to the Lists, and move the cards from one List to the next.

You can also set due dates, assign cards to team members, and create fields within Task descriptions that can export into your reports.

Combine issues

Combine multiple Issues using our new merge feature. Just find and select the Issues that you want to combine:

You can combine them into a brand new Issue or into one of the existing Issues.

Ready to upgrade to v2.6?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

Before the end of 2016, we’re excited to bring you Dradis Pro v2.5 with updates and upgrades across the product.

The highlights of Dradis Pro v2.5

• Trash feature to restore deleted content (see below)
• Hide expand button in Nodes tree when Node has no children
• Add multiple Nodes at the same time (see below)
• Automatically generated Issue template from Report Template Properties (see below)
• Improved Project Validation error messages
• Performance upgrades (Russian doll caching)
• Add-on enhancements:
  • Include CVSSv3 scores in the Acunetix plugin
  • Accommodate Severity Recasting in the Nessus plugin
  • Update Nmap plugin Services table and NSE data
• New add-ons:
  • Zed Attack Proxy (ZAP) upload
• Word reports:
  • Filter Evidence content controls
• Bugs fixed: #215, #256, #268, #327, #334, #336, #337, #338, #340

A quick video summary of what’s new in this release:

Trash Feature

Use the trash feature to recover your deleted content and restore. You can filter the Trash contents to find that one Issue that you need to restore. Then, add it back into your project with a single click.

Multi-add Nodes

No more adding one Node at a time. Now you can use the new “Add multiple” option when you’re creating Nodes. Just paste in a list of Nodes to create all of them at the same time.

Issue template from Report Template Properties

You’re already using the Report Template Properties for automatic validation, right? We’ve extended the Issue fields even further to help make your life easier. First, define the Issue fields in your Report Template Properties:

Then, when you manually create an Issue, you’ll notice a new option in the dropdown. Select Default for template and Dradis will automatically pull in the Issue fields from your Report Template Properties to create your Issue template.

If you specified values for your text field, they’ll even appear in a list so that you can be sure that your Issue has the fields and values that your report template is looking for.

Ready to upgrade to v2.5?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

This month we’re pleased to bring you Dradis Pro v2.4 with some long-requested improvements.

The highlights of Dradis Pro v2.4

• Project-wide search (see below)
• UI improvements (see below)
  • I18n support for tags (thanks @kulisu)
  • Validate on save
  • Optimistic locking
  • Evidence multi-add
• Copying of Report Template Properties
• Word reports
  • Better file extension handling in Windows
• Minor bug fixing.

A quick video summary of what’s new in this release:

Project search

It is now possible to perform a project-wide full-text search against Evidence, Issues, Nodes and Notes:

UI improvements

Dradis is used by over 270 teams in 33 countries around the world. When people are using your platform to edit and generate content in languages as varied as Simplified Chinese, Slovenian or Turkish, it becomes very easy to spot and squash internationalisation and character encoding bugs.

With this release we’ve made sure that Tags fully support names encoded in UTF-8:

Evidence multi-add

It is not uncommon to need to link the same Issue to a number of hosts in your project. We’ve redesigned the UI to make this task a lot simpler:

• Select the Evidence template you need (or start with a blank slate).
• Tick off the relevant items from the Existing Hosts list.
• If needed, paste list of new IP addresses that will be added to the project and also associated with your Issues.

Validate on save

Teams working with Dradis normally need to use a number of different report templates (e.g. one for vulnerability assessments and one for social engineering). To make it easy for users to remember what information they need to provide on each template we’re now validating the contents supplied by the user against the individual template requirements so we can present a warning if the content doesn’t match the template’s expectations:

Optimistic locking

Have you ever been in a situation where just after updating an Issue or Note, you find out that one of your team mates was also editing that feature? From now on, Dradis will warn you when someone else has been modifying the content you were busy with, so you have the peace of mind to know you’re always working on the latest version of the content:

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

This month we’re pleased to bring you Dradis Pro v2.3 with some interesting additions.

The highlights of Dradis Pro v2.3

• Smart issues table (see below):
  • Filter / search contents
  • Custom columns
  • Show / hide columns
• Tabbed view for: Issues, Notes and Evidence (see below)
• Admin > Templates > Reports improvements
• Admin > Templates > Projects improvements
• Redesign of empty views: project, issues, methodologies
• Add-on enhancements
  • Acunetix: better code / syntax parsing
  • OpenVAS: bug fixing
  • – Project export: improve SQL efficiency
• Methodologies module
  • Fix task status handler (tasks w/ special chars)
  • Progressive design enhancements
• REST/JSON API:
  • New coverage: Notes, Evidence
  • Track API actions in Activity Feed
• Word reports
  • Image captions (see below)
  • Fix bug w/ special chars in Node labels
• Security fixes
• Bugs fixed: #324, #325

Smart issues table

Dradis is used by over 270 teams in 33 countries around the world. Each team has a very different way of structuring their findings. With the new smart issues table, each user can decide what information should be presented on the screen for each project:

UI improvements

A few screenshots of the recent redesigns:

Word image captions in action

You can now specify the caption associated with your screenshots so it appears in your reports:

Hover the image to show the associated caption:

And select a custom Caption style for your Word image captions:

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will cut your reporting time in half.

Two short months after the release of Dradis Pro v2.1 in February we’re pleased to bring you Dradis Pro v2.2 which is focused around connectivity and performance.

The highlights of Dradis Pro v2.2

• Full REST/JSON API coverage (documentation)
• Performance improvements: Rails 4.2, Ruby 2.2, memory monitoring.
• Fix bug in Activity Feed of project templates.
• Add-on enhancements:
  • CSV: export evidence data, fix CLI integration
  • HTML: fix CLI integration
• Bugs fixed: #204, #319

The REST API

Through the new HTTP JSON APPI you can securely access all of the application entities including:

• Clients
• Projects
• Issues
• Nodes / Evidence and Notes

Perform CRUD operations on all application objects through an easy-to-use JSON interface.

Use your favorite language to interact with the data contained in your Dradis environment.

Performance boost: faster, more responsive interface

Dradis Pro v2.2 also comes with a new version of the Rails framework and a modern version of Ruby. Both of these upgrades should have a significant impact in the overall performance and snappiness of the app and also bring some interesting security features out of the box. Strong parameters and DB performance come to mind on the Rails front and garbage collection (GC) of symbols on the Ruby front are some of the notable changes.

For the nitty gritty details please see the Rails 4.2 release notes and the Ruby 2.2 announcements.

Still not a Dradis user?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will cut your reporting time in half.

Throughout 2016 we’re aiming to shorten our release cycle, and we’re pleased to bring you Dradis Pro v2.1 with a collection of enhancements that will make your day-to-day life a little bit easier.

The highlights:

• DB performance improvements.
• Session timeouts.
• New add-ons
  • CVSSv3 score calculator.
  • DREAD score calculator.
• Add-on enhancements:
  • Nessus: add support for compliance checks.
  • Nessus: use Node properties.
  • IssueLibrary: tagging of findings + UI improvements.
  • Rules Engine: rule sorting + UI improvements.

A few screenshots of the release

Tag entries in your IssueLibrary

Drag and drop rules to re-order them

Calculate CVSSv3 scores and vectors from within Dradis

We can parse and export to your report Nessus’ compliance data.

How to upgrade to Dradis Pro v2.1?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/latest

Still not a Dradis user?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.