Category Archives: Release

New in Dradis Pro v2.8

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this zippy release, we’ve added a few features and fixed a few bugs to make your reporting life easier.

The highlights of Dradis Pro v2.8

  • Added the content blocks feature
  • Added delete option for document properties
  • Added Excel export through the command line
  • Allow .xlsx and .xlsm templates.
  • Added “Default for template” in Evidence multi-add form.
  • New add-on:
    • Netsparker upload
  • Add-on enhancements:
    • Update Nessus plugin to include CVSSv3 fields
    • Added HTTPS Support for the Mediawiki plugin
    • Added content blocks service in dradis-plugins
  • Bugs fixed: #150#157, #332.

A quick video summary of what’s new in this release:

 

Content Blocks

The new content blocks feature makes adding notes to your report a lot easier. Gone are the days when you have to tediously add a node, add a note to it then set a category, only for you to forget it a few days later.

Document Property Deletion

We’ve added a way for teams to be able to delete unused document properties from their projects. You won’t have to worry about them cluttering your project anymore!

Ready to upgrade to v2.8?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

New in Dradis Pro v2.7

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this release, we’ve added shiny new features to make reporting and collaborating with your team much easier.

The highlights of Dradis Pro v2.7

  • New Excel exporter
  • New Report Content page for custom document properties
  • v2 Methodology Admin templates
  • Methodology actions included in the activity feed
  • Independent scrolling for Methodology Lists
  • User profile image in the navbar
  • Word reports:
    • IssueCounters nested in Nodes work as expected.
    • New EvidenceCounter content controls.
    • Fixed handling of array properties
  • Add-on enhancements:
    • Improved the Qualys plugin data representation
    • Updated the Nexpose plugin with Evidence templates
    • Improved the Nexpose plugin parsing issues
    • Added mouseover details to the CVSSv3 calculator
    • Improved to the Dradis Plugins Content Service
    • Fixed Dradis Plugins import for extremely long descriptions
  • Fix plugin upload and export thor task errors
  • Bugs fixed: #119, #347

A quick video summary of what’s new in this release:

Excel Exporter

You can now export your projects to Excel! If you ever need to manipulate data and/or perform calculations for your exports, you can do this with customized formulas in Excel. How cool is that?

Here’s a sample of what your Excel report could look like:

Document Properties

With the new Report Content section, you can now define Document Properties for your project. No need to look for that misplaced properties note that you made ages ago!

New Methodologies Templates

To augment the improvements to the Methodology from the previous release, we’re adding the ability to add Methodology templates with the new Lists and Tasks. Go brethren! You are now free from the shackles of Pending and Done!

Ready to upgrade to v2.7?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

New in Dradis Pro v2.6

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

Our first 2017 release, Dradis Pro v2.6 is loaded with some very interesting features to coordinate your team and generate better reports, faster.

The highlights of Dradis Pro v2.6

  • Better support for security testing methodologies (see below)
    • Organize tasks in a Kanban board (we ❤️ Trello too!)
    • Provide additional context, gather results, or set a due date for each task.
    • Assign tasks to different team members.
    • Keep Notes and information on each task.
    • Export Methodology details into your reports.
  • Merge multiple Issues in your project (see below)
  • Local Profile Pics (not just Gravatars!)
  • Redesigned error pages with the data you need for troubleshooting.
  • Edit / delete links for Evidence, Issues, and Notes from the sidebar.
  • Attachments HTTP API endpoint.
  • Validate Evidence fields.
  • Automatically generated Evidence Template.
  • Add-on enhancements:
    • Updated Nessus Plugin to support files that are missing a plugin_output tag.
    • Updated Qualys Plugin to better handle tags in report content.
    • Updated Burp Plugin to detect non-base64 encoded files and binary request/response data.
    • Updated the Burp-Dradis connector to correct HTTPS errors.
  • Word reports:
    • Methodology and Task content controls let you provide fine-grained information about your testing methodology as part of your deliverables.
  • Fix XSS in Issues diff view.
  • Bugs fixed: #84, #104, #164, #206, #280, #316

A quick video summary of what’s new in this release:

Methodologies becomes a 1st class citizen of the framework

Methodologies now contain Lists and Tasks. Create custom Lists, add Tasks to the Lists, and move the cards from one List to the next.

Dradis Pro v2.6.0 includes an updated Methodologies feature. Move Tasks between lists.

You can also set due dates, assign cards to team members, and create fields within Task descriptions that can export into your reports.

Dradis Pro v2.6.0 includes an updated Methodologies feature. Create detailed Task descriptions, set due dates and assignees

Combine issues

Combine multiple Issues using our new merge feature. Just find and select the Issues that you want to combine:

Dradis Pro v2.6.0 includes a Merge Issues feature

You can combine them into a brand new Issue or into one of the existing Issues.

Dradis Pro v2.6.0 includes a Merge Issues feature. Combine multiple Issues into a new target Issue.

Ready to upgrade to v2.6?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

New in Dradis Pro v2.5

Leave a reply

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

Before the end of 2016, we’re excited to bring you Dradis Pro v2.5 with updates and upgrades across the product.

The highlights of Dradis Pro v2.5

  • Trash feature to restore deleted content (see below)
  • Hide expand button in Nodes tree when Node has no children
  • Add multiple Nodes at the same time (see below)
  • Automatically generated Issue template from Report Template Properties (see below)
  • Improved Project Validation error messages
  • Performance upgrades (Russian doll caching)
  • Add-on enhancements:
    • Include CVSSv3 scores in the Acunetix plugin
    • Accommodate Severity Recasting in the Nessus plugin
    • Update Nmap plugin Services table and NSE data
  • New add-ons:
    • Zed Attack Proxy (ZAP) upload
  • Word reports:
    • Filter Evidence content controls
  • Bugs fixed: #215, #256, #268, #327, #334, #336, #337, #338, #340

A quick video summary of what’s new in this release:

Trash Feature

Use the trash feature to recover your deleted content and restore. You can filter the Trash contents to find that one Issue that you need to restore. Then, add it back into your project with a single click.

Recover your deleted content with the trash feature in Dradis Pro v2.5

 

Multi-add Nodes

No more adding one Node at a time. Now you can use the new “Add multiple” option when you’re creating Nodes. Just paste in a list of Nodes to create all of them at the same time.

Add more than one Node at a time in Dradis Pro v2.5

Issue template from Report Template Properties

You’re already using the Report Template Properties for automatic validation, right? We’ve extended the Issue fields even further to help make your life easier. First, define the Issue fields in your Report Template Properties:

Use your report template properties to automatically generate an Issue template in Dradis Pro v2.5

Then, when you manually create an Issue, you’ll notice a new option in the dropdown. Select Default for template and Dradis will automatically pull in the Issue fields from your Report Template Properties to create your Issue template.

Select Default for template to automatically create an Issue template from your report template properties in Dradis v2.5

If you specified values for your text field, they’ll even appear in a list so that you can be sure that your Issue has the fields and values that your report template is looking for.

Your Issue template is automatically created from your report template's Issue Fields in Dradis Pro v2.5
Ready to upgrade to v2.5?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

New in Dradis Pro v2.4

Leave a reply

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

This month we’re pleased to bring you Dradis Pro v2.4 with some long-requested improvements.

The highlights of Dradis Pro v2.4

  • Project-wide search (see below)
  • UI improvements (see below)
  • Copying of Report Template Properties
  • Word reports
    • Better file extension handling in Windows
  • Minor bug fixing.

A quick video summary of what’s new in this release:

Project search

It is now possible to perform a project-wide full-text search against Evidence, Issues, Nodes and Notes:

A screenshot showing the "All" tab with results for a "DNS" search

A screenshot from the Search results page showing only Node matches

UI improvements

Dradis is used by over 270 teams in 33 countries around the world. When people are using your platform to edit and generate content in languages as varied as Simplified Chinese, Slovenian or Turkish, it becomes very easy to spot and squash internationalisation and character encoding bugs.

With this release we’ve made sure that Tags fully support names encoded in UTF-8:

A screenshot showing a tag in simplified Chinese

Evidence multi-add

It is not uncommon to need to link the same Issue to a number of hosts in your project. We’ve redesigned the UI to make this task a lot simpler:

  • Select the Evidence template you need (or start with a blank slate).
  • Tick off the relevant items from the Existing Hosts list.
  • If needed, paste list of new IP addresses that will be added to the project and also associated with your Issues.

A screenshot showing the new Add Evidence feature that lets you select existing nodes from a list, or paste a list of IP address.

Validate on save

Teams working with Dradis normally need to use a number of different report templates (e.g. one for vulnerability assessments and one for social engineering). To make it easy for users to remember what information they need to provide on each template we’re now validating the contents supplied by the user against the individual template requirements so we can present a warning if the content doesn’t match the template’s expectations:

A screenshot showing warnings about missing fields and mismatched values in a recently created issue.

Optimistic locking

Have you ever been in a situation where just after updating an Issue or Note, you find out that one of your team mates was also editing that feature? From now on, Dradis will warn you when someone else has been modifying the content you were busy with, so you have the peace of mind to know you’re always working on the latest version of the content:

A screenshot showing how Dradis detects a modification to the content you were just trying to edit.

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

New in Dradis Pro v2.3

Leave a reply

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

This month we’re pleased to bring you Dradis Pro v2.3 with some interesting additions.

The highlights of Dradis Pro v2.3

  • Smart issues table (see below):
    • Filter / search contents
    • Custom columns
    • Show / hide columns
  • Tabbed view for: Issues, Notes and Evidence (see below)
  • Admin > Templates > Reports improvements
  • Admin > Templates > Projects improvements
  • Redesign of empty views: project, issues, methodologies
  • Add-on enhancements
    • Acunetix: better code / syntax parsing
    • OpenVAS: bug fixing
    • – Project export: improve SQL efficiency
  • Methodologies module
    • Fix task status handler (tasks w/ special chars)
    • Progressive design enhancements
  • REST/JSON API:
    • New coverage: Notes, Evidence
    • Track API actions in Activity Feed
  • Word reports
    • Image captions (see below)
    • Fix bug w/ special chars in Node labels
  • Security fixes
  • Bugs fixed: #324, #325

Smart issues table

Dradis is used by over 270 teams in 33 countries around the world. Each team has a very different way of structuring their findings. With the new smart issues table, each user can decide what information should be presented on the screen for each project:

UI improvements

A few screenshots of the recent redesigns:

A screenshot of an Issue showing tabs for Information, Evidence and Activity

A screenshot showing the All Issues table with the new controls for filtering and showing/hiding columns.

A screenshot showing the Web Application Hacker's Handbook methodology

Word image captions in action

You can now specify the caption associated with your screenshots so it appears in your reports:

A screenshot showing how to specify the caption for an image

Hover the image to show the associated caption:

A screenshot showing Dradis rendering an image with a caption.

And select a custom Caption style for your Word image captions:

A screenshot showing a Word document with an image and a caption

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

New in Dradis Pro v2.2

Leave a reply

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will cut your reporting time in half.

Two short months after the release of Dradis Pro v2.1 in February we’re pleased to bring you Dradis Pro v2.2 which is focused around connectivity and performance.

The highlights of Dradis Pro v2.2

  • Full REST/JSON API coverage (documentation)
  • Performance improvements: Rails 4.2, Ruby 2.2, memory monitoring.
  • Fix bug in Activity Feed of project templates.
  • Add-on enhancements:
    • CSV: export evidence data, fix CLI integration
    • HTML: fix CLI integration
  • Bugs fixed: #204, #319

The REST API

Through the new HTTP JSON APPI you can securely access all of the application entities including:

Screenshot showing a GET request to the /clients endpoint

Perform CRUD operations on all application objects through an easy-to-use JSON interface.

Screenshot showing a POST request to the /issues endpoint

Use your favorite language to interact with the data contained in your Dradis environment.

Performance boost: faster, more responsive interface

Dradis Pro v2.2 also comes with a new version of the Rails framework and a modern version of Ruby. Both of these upgrades should have a significant impact in the overall performance and snappiness of the app and also bring some interesting security features out of the box. Strong parameters and DB performance come to mind on the Rails front and garbage collection (GC) of symbols on the Ruby front are some of the notable changes.

For the nitty gritty details please see the Rails 4.2 release notes and the Ruby 2.2 announcements.

Still not a Dradis user?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

New in Dradis Pro v2.1

Leave a reply

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams that will cut your reporting time in half.

Throughout 2016 we’re aiming to shorten our release cycle, and we’re pleased to bring you Dradis Pro v2.1 with a collection of enhancements that will make your day-to-day life a little bit easier.

The highlights:

  • DB performance improvements.
  • Session timeouts.
  • New add-ons
    • CVSSv3 score calculator.
    • DREAD score calculator.
  • Add-on enhancements:
    • Nessus: add support for compliance checks.
    • Nessus: use Node properties.
    • IssueLibrary: tagging of findings + UI improvements.
    • Rules Engine: rule sorting + UI improvements.

A few screenshots of the release

Screenshot showing the IssueLibrary entries with a badge showing their tags

Tag entries in your IssueLibrary

A screenshot showing each rule with handle bars for easy dragging / moving.

Drag and drop rules to re-order them

A screenshot showing the interface of the new calculator that lets you generate CVSSv3 by choosing the value for each subscore.

Calculate CVSSv3 scores and vectors from within Dradis

A screenshot of a piece of Evidence in Dradis with the Policy Value, the Actual Value and the Compliance Status of the check.

We can parse and export to your report Nessus’ compliance data.

How to upgrade to Dradis Pro v2.1?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/latest

Still not a Dradis user?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

New in Dradis Pro v2.0

Leave a reply

Dradis Professional Edition is a collaboration and automated reporting tool for information security teams.

Just in time for the new year a fresh release of Dradis Pro is out of the oven. We’re really excited about Dradis Pro v2.0 as it is going to allow you to have a much better understanding of what is going on in all your security assessments.

The highlights:

  • Activity Feed: see what others are doing (see below)
  • Content revisions: track and *diff* edits (see below)
  • REST API: Clients and Projects
  • New Change Value action for the Rules Engine
  • Open support ticket from the app
  • Better issue Tagging support
  • Scheduled DB cleanup
  • DB performance enhancements
  • New add-ons
    • Brakeman Rails security
    • Metasploit Framework
  • Word reports
    • Better handling of screenshots
    • Pre-export validator (see below)
    • Add .docx / .docm support CLI generation
    • Report template properties (see below)
  • Plugin enhancements:
    • Acunetix issue identification accuracy
    • LDAP integration
    • NMap CLI bug fixed
    • NTOSpider additional data gathering
    • NTOSpider Plugin Manager bug fix
    • Qualys port and protocol information
  • Security fixes

Bugs fixed: #223, #301, #303, #307b

Dradis v2.0 video summary

The most juicy features in a 1m32s video:

The Activity Feed

The new Activity Feed is displayed on every view of the project. It lets you see who has been working on what (and when).

In the Project Summary page, the feed looks like this:

creenshot showing different activities with the associated user, and data (e.g. Rachel created a note), along with a link to the activity.

The project activity stream.

There is an Activity Feed for issues, evidence, notes and nodes, so nothing will slip through the cracks.

Versioned content

In addition to knowing who did what and when, we’ve taken it one step further: it is now possible to view and compare the changes that were introduced in any piece of content during the lifetime of the project:

A screenshot showing the view comparing the differences between two revisions of the same content.

The Activity Feed view from the Project Summary page.

Report template properties and pre-export validator

Finally a handy feature on the reporting front. Since Dradis doesn’t force you to change the way you write your report, we don’t make any assumptions about how you want to work (trivia fact: Dradis has been used by over 200 teams in 32 countries and dozens of languages). As a result some times there is a small discrepancy between the content in your Dradis project and what your report template is expecting.

For example, say you use High, Medium and Low for risk rating. Maybe in one of the issues somebody made a typo and used Hihg instead of the appropriate spelling. Or say that your template is expecting you to define properties for Project name and Client point of contact but your forgot? Fear not, the new pre-export validator is here to help!

A screenshot showing the different checks the validator is making.

The pre-export validator in action.

So far we’ve got the following checks, but we’re already working in the next batch:

How to upgrade to Dradis Pro v2.0?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/latest

Still not a Dradis user?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the the 1-page summary.

New in Dradis Pro v1.12

Leave a reply

Today we’re happy to announce a new release of Dradis Professional Edition: Dradis Pro v1.12. Dradis is a collaboration and automated reporting tool for information security teams.

The highlights:

  • New Accunetix and NTOSpider connectors
  • Updated Burp and OpenVAS connectors
  • Business Intelligence add-on (see below)
  • Rules Engine add-on (see below)
  • Reporting engine enhancements:
    • Pre-export validator
    • Native support for .docx and .docm
    • IssueCounter control
    • Concurrency enhancements
  • Bugs fixed and feature requests: #128, #131, #141, #145, #152, #184, #189, #197, #201, #205, #207, #212, #216, #232, #238, #239, #254

Rules Engine add-on

Define rules that kick in when you upload the output of a scanner. Akin to your email client processing rules, the Rules Engine allows you, among other actions, to:

  • Tag findings based on their fields (e.g. tag as Critical if CVSSv2 is > 9)
  • Merge several findings into a single one (e.g. group all those pesky “missing patches” entries under a single finding)
  • Replace the default description with your own. That’s right, every time Burp finds XSS, you will get a finding with your team’s custom Description / Recommendation for this vulnerability class.
A screenshot showing the list of configured rules in this Dradis Pro instance.

Define the rules that will kick in when you upload the output of a scanner.

A screenshot showing a rule definition where two findings (one from Nessus and one from Qualys) will be replaced with the team's own description of the problem.

Sample rule: de-duplicate findings.

A screenshot showing a rule definition where any finding coming from a scanner is replaced with the team's own description in the IssueLibrary

Sample rule: use your own descriptions.

Business Intelligence add-on

Most likely you’re running 100s of projects each year. The Business Intelligence add-on helps you make sense of the wealth of information that is at your fingertips but that most likely you haven’t been tracking. These are some of the questions you will be able to start answering:

  • What do you know about the types of projects you’re running (what percentage is webapps vs infrastructure)?
  • What types of clients are you serving? In what industry?
  • How are the most profitable client types?
  • What percentage of your projects is under-scoped or over-scoped?
A screenshot showing the Business Intelligence view with: a list of custom properties for Clients, for Projects and a search facility.

The Business Intelligence dashboard. Define custom properties for Clients and Projects to track business metrics.

New admin layout

Yes, we finally have a layout like it’s 2015 (well maybe 2013), but a great improvement over our bare-bones previous one. Here are just a couple of quick examples:

A screenshot showing the project selection view inside Dradis Pro.

Project section view.

A screenshot showing the list of users registered in a Dradis Pro instance.

All users registered in the Dradis Pro instance.

How to upgrade to Dradis Pro v1.12?

Just head over to the release page and follow the instructions:

https://portal.securityroots.com/releases/1.12.0

Still not a Dradis user?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features. Or if you want to start from the beginning, read the the 1-page summary.