Next Steps

This page contains:

You're up and running! You will now be prompted to create your primary team.

Next, create your first user.

The next steps are now up to you. Dive into projects or take some time to get to know the platform.

The Welcome Kit

Your Welcome Kit contains a custom Dradis template and a full Dradis project complete with custom findings that you can import into Dradis and use to generate a report right away. You should have received the Welcome Kit by email. To upload it, follow our Kit Upload guide.

Below you can see what it will look like after the package has been uploaded.

The Project Summary

Your sample project comes pre-populated with everything you need to generate your first automated report.

Click the project name in the top left corner to access the Project Summary page.

Under Issues so far, you can see that the project comes with 7 Issues. The colored tags (e.g. Critical) are applied based on the value of the #[CVSSv3.BaseScore]# field.

Under Methodology progress, you can see that the project also has the OWASPv4 Testing Methodology associated with it.




Methodologies

Click How this Methodology works for a quick overview of how this particular Methodology is set up.

Move a few tasks from the Next to the Done list, then navigate back to the Project Summary page to see your progress.

All Issues

Click All Issues in the left hand sidebar to see a summary of the Issues in your project. Click the columns icon for a dropdown to pick and choose what information the summary will display.

For example, in the screenshot below we have chosen to display the Tags field for each Issue. Remember that the Issue tags are based on the #[CVSSv3.BaseScore]# field value. That's the field that your report template cares about, not the colored tag itself!

#[Title]#


#[CVSSv3.BaseScore]#


#[CVSSv3Vector]#


#[Type]#
Internal | External


#[Description]#


#[Solution]#


#[References]#


Issue fields

Every Issue in your Welcome Pack Project needs to contain the following fields:

  • Title: A friendly title describing the vulnerability.

  • CVSSv3.BaseScore: The CVSSv3 score, mapped to Risk Rating using the following ranges:

    • CVSSv3 9.0 to 10.0 = Critical

    • CVSSv3 7.0 to 8.9 = High

    • CVSSv3 4.0 to 6.9 = Medium

    • CVSSv3 0.1 to 3.9 = Low

    • CVSSv3 0.0 = Informational

  • Type: Issue Location, either Internal or External

  • Description: A long-form description of the problem with screenshots, HTTP snippets, etc.

  • Solution: Long-form mitigation advice.

  • References: Links and locations to find more information on the specific vulnerability.

Evidence fields

Learn more about the difference between Issues and Evidence in Dradis in our Working with Projects guide.

Every instance of Evidence in your Welcome Pack Project needs to contain the following fields:

  • Location: Port/Protocol, Parameter, etc

  • Output: block code, exploit details, screenshots, request/response data, or any other content you want to display in your reports.

#[Location]#


#[Output]#


Content Blocks

Content Blocks hold the sort of project-specific information that isn't related to an Issue/Evidence like an Executive Summary or a Conclusion.

In this project, the Summary of content blocks section of the Report Content page holds the following Content Blocks:

  • Conclusions and Recommendations: the place to write up a summary of the findings in the report. This Note will export into the Executive Summary > Conclusions and Recommendations section of the report template.

  • Example Appendix Content: this is the place to include information from your Dradis project in Appendix B of your report template.

Report Content

Click Report Content in the left hand sidebar and navigate to Summary of document properties to see the Document Properties in your project:

  • dradis.client: the client's company name
  • dradis.project: the report title
  • dradis.version: the document's version number

These are project-specific and are repeated throughout your report template in places like the title page, the header, and inside static text. Learn more about Report Content in the Working with Projects guide.

The Welcome Pack Report Template

Your Welcome Kit includes templates to export Projects into Word, Excel, and HTML reports. The Word Report Template: dradis_welcome_template-xyz-.v0.#.docm is a custom Dradis report template with your branding. Findings are organized by CVSSv3 base score and Notes contain your project-specific details. Two charts display Issues by Risk Rating (based on CVSSv3 score) and Location (Internal vs External). More details about your Welcome Kit's Word report template, which also serves as an introductory guide to custom Word reporting, can be found here.

Generate the report

Now that you have your Welcome template and project set up, you can export your first report. Inside your project, click Export results and select the format you want to export to. For more details, check out our guide in the Working with Projects guide. We also have a video guide here.

Hardening and/or customising your Dradis instance

Your Dradis instance ships with a default volume passkey, default volume encryption key, and default credentials. If your instance is going to be exposed at all to people outside your team, you will want to customise these settings so they are unique. Our customisation section includes guides to do so, such as:

Recommended next steps:

Next help article: Upgrade Dradis Pro →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.