Dradis Course: Lesson 3

Save yourself time by using templates

Save yourself time by using templates

Congratulations! You made it to the mid-way point in your training journey. Three more lessons to go and you'll have all the knowledge you need to minimize the time you spend doing repetitive reporting tasks on every project. Let's get started with today's Dispatch.

When you start a new assignment, you'll create an empty project within Dradis. After a few engagements, you'll settle on a particular way of doing things. Maybe you'll like creating separate folders for "scope" and "conclusions". Maybe you'll decide that you want to use the OWASP testing methodology for webapps or the PTES checklist for infrastructure. The specifics are up to you!

If you had to manually create folders, add methodologies, etc. every time you started a new project, we'd be doing you a disservice. We promised to help you cut the time you spend doing busy work and we take our promises very seriously here at fleet HQ!

Instead of starting your project from scratch every time, you can pre-load your projects with baseline data by using a few different types of templates:

  • Note templates
  • Project templates
  • Testing methodologies (we'll leave these for Lesson 4)

Note templates

Note templates provide an easy way to create Issues, Evidence, and Notes that are pre-populated with all the fields you need for your report.

Note templates are just plain text files that contain some default content you want Dradis to prefill your Issue, Evidence, or Note with. For example, an Issue template might look like this:

Image

Where to store them:

./templates/notes/

How to use them

When adding an Issue, Evidence, or Note, select the correct template from the list in the dropdown that appears when you click on the "+" sign:

Image

Project templates

You can kickstart your projects with Note templates, testing methodologies, placeholder content like Notes, and a default folder structure using a project template.

How to create them:

  1. Start with a new, empty project.
  2. Create the folder structure you'd like to share across projects (e.g. "scope", "hosts", "conclusions", etc.).
  3. Add any default Notes (e.g. a "Accounts and URLs" note to store a webapp's URL and valid testing accounts)
  4. Add any testing methodologies you need.
  5. Click "Export results" in the header.
  6. Select the "Save and restore project information" tab.
  7. Choose "Template" and click the "Export" button.

The exported XML contains all the information from the project structure you just created. Feel free to open the file and explore (you can also customize the Tags and colors used by default).

Where to store them:

./templates/projects/

How to use them:

After creating a new empty project:

  1. Click "Upload output from tool" in the header.
  2. Select "Dradis::Plugins::Projects::Upload::Template"
  3. Select the project template file (dradis-template.xml) from your local system.

In the previous lesson, we started thinking about how to work smarter and faster by focusing on improving the quality of your deliverables.

Today, we're chipping away at more inefficiencies by creating templates that will save you time on every project. In the next few lessons, we'll cover more techniques to further reduce busy work and inefficiencies.

Let's keep that momentum up — here's your next homework assignment :-)

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.