Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

This month we’re pleased to bring you Dradis Pro v2.4 with some long-requested improvements.

The highlights of Dradis Pro v2.4

• Project-wide search (see below)
• UI improvements (see below)
  • I18n support for tags (thanks @kulisu)
  • Validate on save
  • Optimistic locking
  • Evidence multi-add
• Copying of Report Template Properties
• Word reports
  • Better file extension handling in Windows
• Minor bug fixing.

A quick video summary of what’s new in this release:

Project search

It is now possible to perform a project-wide full-text search against Evidence, Issues, Nodes and Notes:

UI improvements

Dradis is used by over 270 teams in 33 countries around the world. When people are using your platform to edit and generate content in languages as varied as Simplified Chinese, Slovenian or Turkish, it becomes very easy to spot and squash internationalisation and character encoding bugs.

With this release we’ve made sure that Tags fully support names encoded in UTF-8:

Evidence multi-add

It is not uncommon to need to link the same Issue to a number of hosts in your project. We’ve redesigned the UI to make this task a lot simpler:

• Select the Evidence template you need (or start with a blank slate).
• Tick off the relevant items from the Existing Hosts list.
• If needed, paste list of new IP addresses that will be added to the project and also associated with your Issues.

Validate on save

Teams working with Dradis normally need to use a number of different report templates (e.g. one for vulnerability assessments and one for social engineering). To make it easy for users to remember what information they need to provide on each template we’re now validating the contents supplied by the user against the individual template requirements so we can present a warning if the content doesn’t match the template’s expectations:

Optimistic locking

Have you ever been in a situation where just after updating an Issue or Note, you find out that one of your team mates was also editing that feature? From now on, Dradis will warn you when someone else has been modifying the content you were busy with, so you have the peace of mind to know you’re always working on the latest version of the content:

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

This month we’re pleased to bring you Dradis Pro v2.3 with some interesting additions.

The highlights of Dradis Pro v2.3

• Smart issues table (see below):
  • Filter / search contents
  • Custom columns
  • Show / hide columns
• Tabbed view for: Issues, Notes and Evidence (see below)
• Admin > Templates > Reports improvements
• Admin > Templates > Projects improvements
• Redesign of empty views: project, issues, methodologies
• Add-on enhancements
  • Acunetix: better code / syntax parsing
  • OpenVAS: bug fixing
  • – Project export: improve SQL efficiency
• Methodologies module
  • Fix task status handler (tasks w/ special chars)
  • Progressive design enhancements
• REST/JSON API:
  • New coverage: Notes, Evidence
  • Track API actions in Activity Feed
• Word reports
  • Image captions (see below)
  • Fix bug w/ special chars in Node labels
• Security fixes
• Bugs fixed: #324, #325

Smart issues table

Dradis is used by over 270 teams in 33 countries around the world. Each team has a very different way of structuring their findings. With the new smart issues table, each user can decide what information should be presented on the screen for each project:

UI improvements

A few screenshots of the recent redesigns:

Word image captions in action

You can now specify the caption associated with your screenshots so it appears in your reports:

Hover the image to show the associated caption:

And select a custom Caption style for your Word image captions:

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will cut your reporting time in half.

Two short months after the release of Dradis Pro v2.1 in February we’re pleased to bring you Dradis Pro v2.2 which is focused around connectivity and performance.

The highlights of Dradis Pro v2.2

• Full REST/JSON API coverage (documentation)
• Performance improvements: Rails 4.2, Ruby 2.2, memory monitoring.
• Fix bug in Activity Feed of project templates.
• Add-on enhancements:
  • CSV: export evidence data, fix CLI integration
  • HTML: fix CLI integration
• Bugs fixed: #204, #319

The REST API

Through the new HTTP JSON APPI you can securely access all of the application entities including:

• Clients
• Projects
• Issues
• Nodes / Evidence and Notes

Perform CRUD operations on all application objects through an easy-to-use JSON interface.

Use your favorite language to interact with the data contained in your Dradis environment.

Performance boost: faster, more responsive interface

Dradis Pro v2.2 also comes with a new version of the Rails framework and a modern version of Ruby. Both of these upgrades should have a significant impact in the overall performance and snappiness of the app and also bring some interesting security features out of the box. Strong parameters and DB performance come to mind on the Rails front and garbage collection (GC) of symbols on the Ruby front are some of the notable changes.

For the nitty gritty details please see the Rails 4.2 release notes and the Ruby 2.2 announcements.

Still not a Dradis user?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will cut your reporting time in half.

Throughout 2016 we’re aiming to shorten our release cycle, and we’re pleased to bring you Dradis Pro v2.1 with a collection of enhancements that will make your day-to-day life a little bit easier.

The highlights:

• DB performance improvements.
• Session timeouts.
• New add-ons
  • CVSSv3 score calculator.
  • DREAD score calculator.
• Add-on enhancements:
  • Nessus: add support for compliance checks.
  • Nessus: use Node properties.
  • IssueLibrary: tagging of findings + UI improvements.
  • Rules Engine: rule sorting + UI improvements.

A few screenshots of the release

Tag entries in your IssueLibrary

Drag and drop rules to re-order them

Calculate CVSSv3 scores and vectors from within Dradis

We can parse and export to your report Nessus’ compliance data.

How to upgrade to Dradis Pro v2.1?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/latest

Still not a Dradis user?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams.

Just in time for the new year a fresh release of Dradis Pro is out of the oven. We’re really excited about Dradis Pro v2.0 as it is going to allow you to have a much better understanding of what is going on in all your security assessments.

The highlights:

• Activity Feed: see what others are doing (see below)
• Content revisions: track and *diff* edits (see below)
• REST API: Clients and Projects
• New Change Value action for the Rules Engine
• Open support ticket from the app
• Better issue Tagging support
• Scheduled DB cleanup
• DB performance enhancements
• New add-ons
  • Brakeman Rails security
  • Metasploit Framework
• Word reports
  • Better handling of screenshots
  • Pre-export validator (see below)
  • Add .docx / .docm support CLI generation
  • Report template properties (see below)
• Plugin enhancements:
  • Acunetix issue identification accuracy
  • LDAP integration
  • NMap CLI bug fixed
  • NTOSpider additional data gathering
  • NTOSpider Plugin Manager bug fix
  • Qualys port and protocol information
• Security fixes

Bugs fixed: #223, #301, #303, #307b

Dradis v2.0 video summary

The most juicy features in a 1m32s video:

The Activity Feed

The new Activity Feed is displayed on every view of the project. It lets you see who has been working on what (and when).

In the Project Summary page, the feed looks like this:

The project activity stream.

There is an Activity Feed for issues, evidence, notes and nodes, so nothing will slip through the cracks.

Versioned content

In addition to knowing who did what and when, we’ve taken it one step further: it is now possible to view and compare the changes that were introduced in any piece of content during the lifetime of the project:

The Activity Feed view from the Project Summary page.

Report template properties and pre-export validator

Finally a handy feature on the reporting front. Since Dradis doesn’t force you to change the way you write your report, we don’t make any assumptions about how you want to work (trivia fact: Dradis has been used by over 200 teams in 32 countries and dozens of languages). As a result some times there is a small discrepancy between the content in your Dradis project and what your report template is expecting.

For example, say you use High, Medium and Low for risk rating. Maybe in one of the issues somebody made a typo and used Hihg instead of the appropriate spelling. Or say that your template is expecting you to define properties for Project name and Client point of contact but your forgot? Fear not, the new pre-export validator is here to help!

The pre-export validator in action.

So far we’ve got the following checks, but we’re already working in the next batch:

• Document Properties validator
• Issue fields and values validator
• Node labels

How to upgrade to Dradis Pro v2.0?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/latest

Still not a Dradis user?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

Today we’re happy to announce a new release of Dradis Professional Edition: Dradis Pro v1.12. Dradis is a collaboration and automated reporting tool for information security teams.

The highlights:

• New Accunetix and NTOSpider connectors
• Updated Burp and OpenVAS connectors
• Business Intelligence add-on (see below)
• Rules Engine add-on (see below)
• Reporting engine enhancements:
  • Pre-export validator
  • Native support for .docx and .docm
  • IssueCounter control
  • Concurrency enhancements
• Bugs fixed and feature requests: #128, #131, #141, #145, #152, #184, #189, #197, #201, #205, #207, #212, #216, #232, #238, #239, #254

Rules Engine add-on

Define rules that kick in when you upload the output of a scanner. Akin to your email client processing rules, the Rules Engine allows you, among other actions, to:

• Tag findings based on their fields (e.g. tag as Critical if CVSSv2 is > 9)
• Merge several findings into a single one (e.g. group all those pesky “missing patches” entries under a single finding)
• Replace the default description with your own. That’s right, every time Burp finds XSS, you will get a finding with your team’s custom Description / Recommendation for this vulnerability class.

Define the rules that will kick in when you upload the output of a scanner.

Sample rule: de-duplicate findings.

Sample rule: use your own descriptions.

Business Intelligence add-on

Most likely you’re running 100s of projects each year. The Business Intelligence add-on helps you make sense of the wealth of information that is at your fingertips but that most likely you haven’t been tracking. These are some of the questions you will be able to start answering:

• What do you know about the types of projects you’re running (what percentage is webapps vs infrastructure)?
• What types of clients are you serving? In what industry?
• How are the most profitable client types?
• What percentage of your projects is under-scoped or over-scoped?
• …

The Business Intelligence dashboard. Define custom properties for Clients and Projects to track business metrics.

New admin layout

Yes, we finally have a layout like it’s 2015 (well maybe 2013), but a great improvement over our bare-bones previous one. Here are just a couple of quick examples:

Project section view.

All users registered in the Dradis Pro instance.

How to upgrade to Dradis Pro v1.12?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/1.12.0

Still not a Dradis user?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from different tools into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features. Or if you want to start from the beginning, read the the 1-page summary.

Today we’re happy to announce a new release of Dradis Professional Edition: Dradis Pro v1.11. Dradis is a collaboration and report generation tool for information security teams.

The community of Dradis users is very passionate about their craft and they rely on us to run their infosec practice. We live to make their lives better by moving out of their lives as much of the grudge work and repetition involved in delivering each project. Part of that effort also consists on creating great documentation to make the most out of Dradis, and we have two new manuals:

• Working with projects: covering every module you will use on a day-to-day basis when running a project with Dradis.
• Custom Word reports: showing you how our flexible reporting engine can be used to adapt your existing report template.

As promised a few months ago, we keep our focus on software quality and continuously raising the bar for ourselves. As a result this release is more about stability, performance, and enhancing existing functionality than it is about introducing flashy new features (not that we’re not working on flashy new features, of course we are, and they’ll blow your socks off when you see them, but they are not part of this release ;)).

Without further ado, the highlights of this release:

• Performance improvements for really large projects. Running internal assessments with 100s of hosts and 1000s of vulnerabilities is completely painless.
• Enhancements to the reporting engine:
  • Filter Issues by tag
  • Better screenshot support
  • Better paragraph / text styling detection
  • Better internal formatting (when inside Word tables)
  • Background report generation
• Onboarding Tour for new users
• In-project methodology editor
• Drop old interface support
• Bugs fixed: #20, #24, #50, #52, #55, #74, #142, #143, #146, #147, #151, #159

How to upgrade to Dradis Pro v1.11?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/1.11.0

Still not a Dradis user?

These are some of the benefits you’re missing out:

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from different tools into a single report.
• Deliver consistent results. Never forget any steps. Always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Professional is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features and pricing. Or if you want to start from the beginning, read the the 1-page summary.

Today we’re happy to announce a new release of Dradis Professional Edition: Dradis Pro v1.10.

March 2014 has been a great month: first we took part in Corelan Team’s 5th Anniversary party then we attended the first edition of the Rooted Warfare event and now we have a fresh release ready for you (yes, yes, technically we’re not in March any more, but it’s close enough!).

It’s been only 3 months since our last release, but this one is full of action:

• A more useful Project Summary view (see below).
• Tag issues and group them by tag.
• New Project Template manager.
• Performance improvements to several plugins (Nmap, Word, etc.)
• Improvements to the management console (see below).
• Several improvements on the UTF-8 and i18n front.
• And of course bug fixes, lots of bug fixes
  (#43, #44, #64, #65, #72, #75, #77, #78, #85,… full list)

Lets get a closer look of some of the most significant enhancements…

Interface improvements

This is what the new Project Summary page looks like:

All in all, the new Project Summary gives you a nice big picture overview of what is going on with the project. This is great for team leaders and technical directors wanting to keep an eye on the projects across the board. And if the client asks for an update, you’ll have all the information you need in a single screen. Nice and easy.

Lets delve into the key components of this new summary view.

Finding tagging

First of all, it is now possible to group and tag your findings. You can define your own categories and colors or you can use the default ones, up to you.

In terms of doing the real assigning, a nice drag-and-drop interface makes it a very straightforward and intuitive process:

Track methodology progress

Testing methodology support was introduced some time ago. However in this release we’re making it a lot easier to keep track of how much progress you and your team have made.

You can of course create your own testing methodologies. But remember that to help you get started there are quite a few already available in the Resources section of our Users Portal:

http://securityroots.com/dradispro/extras.html

Management console improvements

We’ve some good news on the Dradis CIC as well.

There are a few services ticking along in the background to make sure you have a great Dradis Pro experience. Every once in a while however, you may want to restart some of this services (e.g. you developed a new custom plugin, you made a change to your MySQL config, etc.). Before you had to roll up your sleeves and prepare for some good old console goodness. Not any more! From now on, it is possible to check the status of the different services and restart them from the web interface itself:

How to upgrade to Dradis Pro v1.10

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/1.10.0

Still not a Dradis user?

These are some of the benefits you will get:

• Spend less time writing reports, generate custom Word reports with 1 click.
• Merge the output from different tools into a single report.
• Use testing methodologies to guide your testing.
• Everyone on the same page: all information available across the team.
• Pro is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features.

Today we’re happy to announce a new release of Dradis Professional Edition: Dradis Pro v1.9. Start thinking about what you are going to do in 2014 with all the report-writing hours that Dradis will save you from spending 🙂

This release brings new features and improvements at almost every level:

• Redesigned interface (see below).
• New management console and upgrade process (see below).
• A faster, more reliable stack (see below).
• Enhancements to reporting engine:
  – Custom Word tables (read more)
  – Mix Issues as Notes throughout the template
• Drag’n’drop report template manager (read more).
• Add methodologies and checklists to your project templates.
• And of course bug fixes, lots of bug fixes (#7, #22, #26, #33, #34, #46, #47, #51, #59,… )

Lets get a closer look of some of the most significant enhancements…

New interface

Throughout 2013 Dradis Pro has been used by dozens of organizations around the world to manage hundreds of security engagements. Each project is a complex mix of tasks: writing up a vulnerability, processing the output of a tool, uploading a screenshot, etc. We have redesigned the Dradis interface to declutter your project workspace and make it easier to perform those tasks that you need to do several times per day.

Without further ado, the new Dradis Pro v1.9 interface:

A clean layout that lets you focus on what’s important: your findings. It’s also fluid which will help you make the most of your wide screen.

Here are a few additional close-ups, and yes, you can drag’n’drop your attachments or even paste your screenshots directly, without saving them on a file (if your browser supports it).

Management console & upgrade process

From now on upgrading your Dradis Pro install will be even easier. We’ve created a new management console that lets you apply updates without leaving your browser window.

Apart from the new Dradis CIC, we’ve also made significant changes to the base operating system layer of the Dradis Pro virtual appliance, you should upgrade as soon as possible (review the Exporting, importing and backing up your data step-by-step guide).

New stack: Ruby 2.0, Unicorn, and Nginx goodness

With Dradis Pro v1.9 we’re upgrading the base stack that powers the application.

The new stack is significantly faster and more efficient (it’s the same one that people like Github, Airbnb or ZenDesk are using). From the user’s point of view, you’ll just notice better performance under the hood.

We’ve also made some changes to the internals of the appliance paving the road to more advanced CIC operations (like restarting services from the administration console). We’ve also taken steps to make sure that further tweaking the stack will be a painless process, which will make things easier in the long run.

Still not a Dradis Pro user?

These are some of the benefits you are missing out:

• Spend less time writing reports, generate custom Word reports with 1 click.
• Merge the output from different tools into a single report.
• Use testing methodologies to guide your testing.
• Everyone on the same page: all information available across the team.
• Pro is reliable, up-to-date and with comes with quality support

Read more about Dradis Pro’s time-saving features.