The Welcome Pack Report Template

This page contains:

The Welcome Pack Word template

The Word Report Template: dradis_welcome_template-xyz-.v0.#.docm is a custom Dradis report template. Findings are organized by CVSSv3 base score and Notes contain your project-specific details. Two charts display Issues by Risk Rating (based on CVSSv3 score) and Location (Internal vs External).

Issues are mapped to Risk Ratings based on the following CVSSv3 base score ranges:

  • CVSSv3 9.0 to 10.0 = Critical

  • CVSSv3 7.0 to 8.9 = High

  • CVSSv3 4.0 to 6.9 = Medium

  • CVSSv3 0.1 to 3.9 = Low

  • CVSSv3 0.0 = Informational

The Executive Summary Section

The Introduction subsection opens with some static text that is populated with project-specific document properties. The Report Content page in your sample project contains the values that will populate the Project Title (dradis.project), Client (dradis.client), and v1 (dradis.version) placeholders throughout your report template.

The Scope subsection contains a Node content control. When you export your report, this section will contain a bullet point list of all of the affected hosts in your project.

Welcome 06

Welcome 12

The Conclusions and Recommendations subsection contains a Note content control that is going to export the content from the Conclusions and Recommendations Content Block on the Report Content page in your sample project.

When you open up the properties of this Note content control, you'll see that it is being filtered. This means that only Content Blocks with a Type field value of Conclusions are going to export into this section of your report template.

Summary of Findings Section

The Summary of Findings section opens with a block of static text that is populated by IssueCounter content controls to give you a summary of the Issues in your project.

The Summary of Findings table displays every Issue in the project and is organized first by Risk Rating (based on the CVSSv3 score ranges), then by location (Internal / External). The Affected Hosts column will display a comma-separated list of all of the host that the specific Issue affects.

Welcome 07

Welcome 08

The first chart in this report is a bar chart that shows the number of Issues by Risk Rating. After you first export a report, this chart will still contain the placeholder data that you see here. Make sure to run the obnoxious-on-purpose macro button beneath the Table of Contents to update the chart with the correct data from the table below it.

The second chart in this report is a pie chart that shows the number of Issues by location. Again, make sure to run the obnoxious-on-purpose macro button beneath the Table of Contents so that this chart is also updated with the correct data from the table below it.

Welcome 09

Detailed Internal and External Findings

The Internal and External findings are separated into two sections.

Each starts with a summary table that shows just the Issues in that location, organized by Risk Rating.

Below, the detailed findings are exported in the same order they appear in the summary table. The full details for each Issue will export here including the Description, Solution, and the Location and Output for each instance of Evidence associated with the Issue.

Welcome 10

Welcome 11

If you open the properties of the Issue content control, you can see that the Issues in this project are being filtered by both CVSSv3.BaseScore and Type. In this case, only the Issues with a CVSSv3.BaseScore field value of from 9.0 to 10.0 as well as a Type field value of Internal will populate this specific Issue content control.

Methodology Tasks Completed

Your sample project contains the OWASPv4 Testing Methodology.

The table in your report template will contain the Methodology name, plus the name, Details, and Results fields from each of the tasks in the Done list (tasks in the Pending list will not export into your report template.

Welcome 13

Export your Welcome Pack Report

Check out a preview of what you're about to create (complete with YOUR branding):

Welcome 01

Next help article: Document properties →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.