Adding issues and evidence

This page contains:

One of the key concepts in any security assessment is the vulnerability, weakness or finding.

We separate the information about each finding in two concepts:

The Issue
Contains general information about the problem, such as: Title, Description, Recommendation, CVEs, Reference URLs, etc.
The Evidence
Details that change from one instance of the problem to the next: port number, specific versions, output of tools (e.g. the list of SSL ciphers, etc.)
Projects 13

Find / add Issues and Evidence:

  • All the Issues in the project can be found under the All issues link near the top of the sidebar.
  • Each piece of Evidence can be found in the corresponding node of the tree.

Fields

You can use the #[ ... ]# syntax to define fields in your content. For example, the content below has Title and Description fields.

Projects 10

You're free to use any fields you want. Fields are useful to structure your content, and they will be useful when generating a report (see the Export results section).

Rich text, the right way

You can use some Textile markup in your content. Switch between the Write and Preview modes of the editor to check what the rendered results will look like:

Projects 11

There are also Inline help and Full-screen mode buttons in the editor toolbar:

Projects 12

A concrete example

Say you find an Out-of-date Apache vulnerability that affects 2 different hosts (port tcp/80 in host 10.0.0.1 and ports tcp/80 and tcp/443 in 10.0.0.2).

You will have one Issue describing that an outdated version of Apache was found, and three pieces of Evidence with the details of each instance of the problem.

Add the Issue

First lets add the Issue. Click on All issues on the sidebar, and on the + sign to add a new issue:

Projects 14

Provide the issue details:

Projects 15

Now create the nodes that will represent the affected servers:

Projects 16

Add the Evidence from the Node

Next, the evidence. We start with 10.0.0.1:

Projects 17

And provide some content. Make sure you select the right Issue from the drop down:

Projects 18

Repeat the same process to add the evidence for 10.0.0.2. Remember that you'll need to add two pieces of evidence:

  • One for tcp/80
  • One for tcp/443

When you go back to All issues, you can now see all the information about the vulnerability along with the specifics for the three different instances identified:

Projects 19

Add Evidence from the Issue

We've already seen how to add Evidence from the affected host. You can also add Evidence directly from the Issue instead. Open the Evidence tab on any Issue in your project and click add new to open our multi-add form.

In the left hand column you can select any Note template to pre-populate your Evidence with fields or default content. Use the middle column to select multiple existing Nodes on your project and create multiple instances of Evidence at the same time. Or, copy/paste a list of hosts (each on a separate line) into the right hand column to create new Nodes in your project, each with an instance of Evidence tied to this Issue.

Projects 51

Final note about Issue / Evidence separation

Over the years, we've found this is the most general way to report your findings. But, as with everything else in Dradis, this is up to you.

You are free to split information in Issue / Evidence, or you can include all the information in your Issue. It depends on how you want to present the results in your report.

For example, if the scope of the test is a single host, you may not want to bother with splitting Issue from Evidence.

Next help article: Combine multiple Issues →

InfoSec project delivery 5-day crash course

Learn innovative, actionable techniques and approaches for reducing the overhead that drags down InfoSec project delivery. You’ll learn how to optimize:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.