Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Gateway Themes

One of the biggest changes in Dradis Pro v.4.0 is the move from a single HTML Gateway template to Liquid themes. Create a dynamic, info packed, theme to deliver assessment results dynamically in Gateway using Liquid. Multiple Gateway themes means each project can use a different theme that’s appropriate to the engagement. Two new Gateway themes are included with Dradis Pro v4.0 to get you started.

Liquid has a well supported and documented history for creating robust templates. This will make it easier for teams to create and support their own well organized, customized templates.

Are you currently using a customized Gateway HTML template? Reach out to our team with your existing template so we can help convert it to Liquid before you upgrade any production instances.

Downloadable Assets

In addition to reviewing the results of an assessment dynamically in Gateway, contributing users can securely download assets that have been added to their project. Deliver final reports, scope documents, and other assets directly from Gateway keeping everyone out of their inboxes and project details centralized.

Simple Team Setup

Getting started using Dradis Pro is simple. Once deployed to your environment, the super-admin for the instance is created during the first run and can quickly set up the rest of the team through this new guided walk-through.

Maximum Login Attempts

Configure the number of maximum login attempts to help prevent brute-force attacks on your Dradis instance. The default is set to 3 attempts before the account is locked. Admins can increase or decrease the number of attempts to align with their team’s policies.

Release Notes

• Projects:
  • Cleanup the New/Edit view
  • Create and remove the results portal from the Edit view
  • Dashboard: Add Default issue entry to menu when project is empty
  • If there is only one RTP, select it by default
• Setup: new initial Team and User wizard
• Teams: cleanup the New/Edit view
• Users: account gets locked after too many failed sign in attempts
• Upgraded gems: addressable, nokogiri, papertrail, puma
• Bugs fixed:
  • Better support for characters inside textile linked text
  • Display placeholder text for issue sorting dropdown when no field has been selected to remove confusion about default options that are not yet applied
  • Fix issue library entries action buttons not appearing due to caching
  • Fix revisions with “destroy” event not removed from the database after deleting a project
• Integration enhancements:
  • Acunetix:
    • Add support for Acunetix 360
    • Make Request and Response fields available at the Evidence level
  • Gateway 🍾
    • Moved project contributor assignment to Gateway management
    • Deliverable upload management
      • Your contributors can now download assets directly from your results portal!
    • Themes!
      • Gateway now supports theme management and the ability to apply different themes to different projects
  • IssueLib entries#index API now supports pagination
  • Nessus:
    • Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, and threat_sources_last_28 as available Issue fields
  • Nexpose:
    • Update HTML tag cleanup
  • Nipper:
    • Include multiple paragraphs when importing fields.
  • Remediation Tracker
    • Use Datatables for the Tickets#index table
• Reporting enhancements:
  • Word:
    • Add support for template syntax within resources exported in Word reports
    • Fix exporting node labels with links
• REST/JSON API enhancements:
  • Update the API to handle pagination
• Security Fixes:
  • Medium: Authenticated (contributor) information disclosure
    • After a contributor was assigned Gateway access to a project by an admin user they may retain access to the project after the projects team has been changed.

Not using Dradis Pro?

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps, always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Pro is reliable, with over 10 years of history, and has a top-notch dedicated support team.