New in Dradis Pro v3.3

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you deliver the results of security assessments, in a fraction of the time without the time-wasting frustration of creating manual reports.

What’s new in Dradis Pro v3.3

Auto-Save

There are few things more frustrating than losing work in progress when your connection drops, browser crashes, or you close the wrong tab. Dradis now automatically saves your changes every few seconds to help avoid this problem. When you return to work, and auto-saved data is available, restore your work from the browser’s cached version.

Configuration Kits

Get started with Dradis Pro with a click of a button using kits. Use a Dradis kit to set up an instance tailored to your needs just by uploading a single file. A single kit zip file can quickly import and configure a project, report, issue, and evidence templates and properties, Rules Engine rules, methodologies, and sample projects. Admins can still tweak and configure Dradis manually; kits offer a simple way to jumpstart setup.

Azure DevOps / VSTS

Send any issue from a Dradis project to Azure DevOps (formerly Visual Studio Team Services / Team Foundation Server) to create a Work Item. Once sent, the Issue in Dradis displays the state of Work Item so you can keep track of remediation activities without leaving Dradis.

Ready to upgrade to v3.3?

Release Notes

  • Fix column overflow on Issues / IssueLib entries table
  • Allow report content management even without an RTP
  • Fix content blocks sorting in the sidebar
  • REST/JSON API:
    • Add-ons can inject Project attributes
    • BI custom fields included in Projects API endpoint
    • BI custom fields included in Teams API endpoint
    • Project Scheduler add-on includes :start and :end date in Projects endpoint
  • Fix sorting for issues under nodes on export
  • Add ability to upload configuration kits via web
  • Add screenshot validator
  • Projects are created with a background job
  • Two-step Contributor login

Not using Dradis Pro on your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features or what our users are saying.

New in Dradis Pro v3.2

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you deliver the results of security assessments, in a fraction of the time without the time-wasting frustration of creating manual reports.

What’s new in Dradis Pro v3.2

Here is Rachael with a quick video summary of what’s new in this release:

Integrated CVSSv3 Calculator

Quickly generate a CVSSv3 Risk score for an individual issue directly in Dradis. The CVSSv3 score calculator is now included as a tab on each issue for handy access. Edit the values on the calculator to populate the issue’s CVSSv3 details, including a valid vector string, with no need to copy and paste!

Animation showing the CVSSv3 calculator populating the base score and vector for a security issue.

IssueLibrary ships with Dradis Pro

Ever wish that the IssueLibrary wasn’t a separate installation and upgrade process from Dradis Pro? Wish no more! IssueLibrary is now bundled with Dradis Pro.

If you haven’t been using IssueLibrary, now is your pain-free opportunity to give it a spin. Cultivate a collection of your finest vulnerability descriptions to reuse across your Dradis Pro projects.

Already have vulnerability descriptions in another format outside of Dradis? Reach out to our support team and they can set you up to easily migrate them into IssueLibrary.

Upgrading from an earlier version of the IssueLibrary?
You must first remove IssueLibrary before applying the DUP by deleting the IssueLibrary line from /opt/dradispro/dradispro/current/Gemfile.plugins.

IssueLibrary API endpoints

The IssueLibrary is the newest API endpoint to be added to Dradis Pro. Use this new endpoint to create, update, retrieve and delete IssueLibrary entries. Check out the IssueLibrary API guide for examples to get started.

Ready to upgrade to v3.2?

Release Notes

  • Use ajax in comments
  • Fix nodes sidebar header margin
  • Add bold font to improve bold text visibilit
  • Fix links display in Textile fields
  • Fix redirection destinations after edit/delete evidence
  • Refactor cache keys in pages with comments
  • Disable turbolinks cache when displaying flash messages
  • Sort attachments in alphabetical ASCII order
  • Fix methodology checklist edit error
  • Add contributors and contributors management
  • Add IssueLibrary to the main app – no manual upgrades!
  • Fix export error caused by whitespace between newlines
  • Fix auto-linking export error for non-latin characters, dashes, and parenthesis
  • Fix multiple permissions added to a project when created via API
  • Add default tags to new project templates
  • Fix the bug that caused project to disappear when an author updates a project
  • Add seeds for the rules engine
  • Fix user count in teams list
  • Add contributor management view hooks for the Teams and Users pages
  • Allow deletion of teams with users
  • Show project Custom Properties in Business Intelligence – Trend Analysis
  • Fix XSS vulnerability when uploading svg attachments
  • Fix XSS vulnerability when evidence were sent to Trash
  • REST/JSON API:
    • New endpoint: IssueLibrary entries
  • Add-on enhancements:
    • CVSS calculator: embed CVSSv3 calculator in Issue page
    • Acunetix: Resolve create_node errors that appeared with URLs wo/ “http”
    • Burp: Make `issue.detail` available at the Evidence level
    • Netsparker: Change alphabetical lists to bullet lists

Not using Dradis Pro on your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features or what our users are saying.

New Kid On The Block

Leave a reply

The blog title gives it away but I’m the new guy over at Security Roots working on Dradis. My name is Matt and I love to explore the world. I was born in Poland, grew up in Canada and I am currently hanging out in one of the most tech savvy capitals, Shenzhen, China. Since I am the new guy I wanted to introduce myself, give you some inside scoop, my experience working with the team and a little bit about my first assignment. 👋

Over many years I have worked on a number of web design and development projects. I pride myself in being a designer with a creative edge and although I have extensive knowledge and experience with design concepts, HTML/CSS/JS, Photoshop, Illustrator, Xd and more, I strive to continuously expand my knowledge with all the ever changing technologies. Currently, as a result of joining Security Roots, I am learning Ruby and Ruby on Rails which, I have quickly realized, it’s quite different from Python and Django. I also enjoy video production/editing using Final Cut Pro X and I have my eyes on a DJI Mavic 2 Pro. 👀

Now let me tell you a little bit about my first month at Security Roots. Initially I was drawn to the job posting because it really resonated with me and I was thrilled when I got an email from Daniel (he’s the big cheese over here if you aren’t sure who I’m talking about) and we discussed the opportunity and by the end of it, all of my needs and wants had been checked off for my dream job. I did a small test assignment, which apparently went well since I’m here, and I got to meet the team. I was a bit nervous about this since I knew everyone had been working together for a few years now and are already in the groove of things. I had all kinds of thoughts going through my mind but I was very excited to join the team. All the nervous feelings were put to rest moments after I joined the workspace as I was welcomed with (virtual) open arms by everyone. With the warm welcome I could feel there was excitement and enthusiasm from everyone that a designer has joined the team. I quickly learned that everyone is friendly, very helpful and extremely knowledgable and skilled in their roles. The work environment at Security Roots is very different from anything I have experienced before but is also the most interesting and effective one in comparison! Everyone works independently on their assignments but at the same time is always collaborating and communicating with each other. Every week there is a new topic that everyone answers in a video and posts it to share with the team. This is a great way to get to know the people on the team and promotes more of a social vibe in a work environment. Curious about what the office looks like? Where is it located? Who has the best parking spot or the prime corner view? Well this is actually one of the MANY perks of being part of the Security Roots team. We all work 100% remotely all over the world, so the office can be anything from a home office to a co-working space, or even a boat! Another great feature of being on the team is consistent personal development. Daniel is constantly encouraging us to grow and develop! Whether you want to learn something new within the industry, take a course or read a book, we have it covered. I love to learn so being part of a company that promotes personal development was very important to me. Security Roots really knows how to treat their employees! ✅

I could go on and on about the perks and first impressions but let’s move on to something you will get to see and experience first hand. The first thing I tackled during my first month on the team was a redesign and update of the user profile page. When I am presented with a new feature that needs to be designed, or a current view that needs to be redesigned, I like to make a list of objectives and goals for the design. I want understand how it will be integrated into the overall project. I do background research on the feature, and use a variety of tools to come up with a few variations of a design, then decide on the best one to continue to develop and finalize. In the case of the profile page redesign, I looked at the current design and identified what the issues were with the flow. We also decided to update to the most current version of the HTML/CSS/JS framework incorporated into the project. There was quite a bit of work to be done to make the view work in the current layout regarding HTML structure and CSS class names. I got the view into something that could be navigated and jumped over to Adobe Xd and made mock ups to see how I could make the page flow better and be more visually appealing. I decided to incorporate a 2-column view which focused on arranging the fields in a way that made more sense. I opt-ed to make the left column show the avatar and API token reset and moved all the text fields into the right column and arranged them in a natural order of flow. Once the front end components were arranged, I added some validation styling and magic to make it all work and BOOM! My first project was completed with better flow and a more user friendly experience. 💣

As a team we truly hope that the new designs are beneficial to you and look forward to any feedback from users on the new designs that will be coming soon to Dradis CE & Pro!

Matt,
Designer.

New in Dradis Pro v3.1

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create reports, in a fraction of the time.

For this release, we’ve squashed some pesky bugs and updated the system and its add-ons with new features that will make your team’s life easier.

The highlights of Dradis Pro v3.1

  • Added comments, subscriptions and notifications to notes
  • Added comments, subscriptions and notifications to evidence
  • Added comments, subscriptions and notifications to methodology cards
  • Pre-flight tool upload validator
  • Fix default tags creation bug
  • Allow numeric fields to be 0 when validating
  • Fix BI engine load error (hook into model load and not ActiveRecord load)
  • Fix overflow bug when editing report templates (issue sorting tab)
  • Updated how add-ons hook into the main menu
  • Fix error pages
  • Renamed clients to teams in the backend
  • Fix blockcode characters displaying incorrectly
  • Fix red dot still being displayed on the first visit to the page that caused the single unread notification
  • Fix wrong ‘There are no comments’ message
  • Escape HTML in comments
  • Track activities when multiple-creating evidence
  • Fix BI custom project properties
  • Better engine manifest hooks
  • Keep lists and cards order when exporting as XML
  • When errors found validating evidence, report with evidence id
  • Add-on enhancements:
    • Note and evidence comments in export/import in dradis-projects
    • Fix usage of set_property to use set_service in Nexpose plugin
    • Netsparker: Update cleanup_html to format content + add new fields
A quick video summary of what’s new in this release:

Comments for methodology cards, evidence, and notes

Comments, notifications, and subscriptions introduced in Dradis v3.0 have been extended to include methodology cards, notes, and evidence in projects. You can leave a comment tagging another user, subscribe to be notified of comments and receive notifications for cards, notes, evidence, and issues. All comments are included during project import/export with dradis-project.

Checking for empty fields

Dradis will check for empty fields when saving a field required by your template and when validating your project before exporting a report. Catching and correcting these empty fields before generating your report will help prevent the dreaded ambiguous cell mapping Word error.

Pre-flight tool upload validator

While uploading output from a tool into a project, Dradis will check your Plugin Manager configuration against your report template configuration. If your template is configured to require a “Recommendations” field but no #[recommendation]# field is defined in the Plugin Manager for this output file type, Dradis will throw a warning.

Showing the preflight validation

Ready to upgrade to v3.1?

Not using Dradis Pro on your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features or what our users are saying.

New in Dradis Pro v3.0

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this release, we’ve squashed some pesky bugs and updated the system and its add-ons with new features that will make your team’s life easier.

The highlights of Dradis Pro v3.0

  • Add comments for issues
  • Add notifications for comments
  • Add subscriptions for issues in a project
  • Nest the dradis elements under the project scope
  • Add ‘Send to…’ menu for issues
  • Add better handling of the Services table
  • Use puma for the development and test server
  • Remove resque dependency
  • Improve redirect on Evidence#edit
  • Alphabetically sort ContentBlocks
  • Validate empty fields
  • Fix exporting with bc.. prepended with a newline
  • Fix password reset thor task
  • Fix cookie overflow
  • Fix license redirection
  • Fix missing lists bug
  • Add-on enhancements:
    • Add references and vulnerability_classifications fields in the Burp plugin
    • Fix formatting errors and hostname Node property in the Burp plugin
    • Fix vertical buttons for the CVSS calculator
    • Fix issue sorting in HTML export
    • Split services data in the Metasploit, Nessus, Nmap plugin
    • Update fields template in Nessus plugin
    • Add CVSS fields for the Netsparker plugin
    • Resolve nested duplicate content in Paragraph tags in the Nexpose plugin
    • Better handle finding `id`s in Nikto plugin
    • Smart table header for the IssueLibrary
  • Bugs fixed: #102, #118, #321
The IssueLibrary must be updated after you upgrade! Contact support for the files.
A quick video summary of what’s new in this release:

Comments, notifications, and subscriptions

You can now comment on issues within projects.  You can also tag other members of your team in a comment, or subscribe to a conversation.

If a team member is tagged in a comment or subscribed to a conversation that has received a comment, they will see a notification when they open their project.

One project per tab

You may now have multiple projects open in several tabs of your browser.  You are now able to switch freely between projects and tabs altering their content in any order – a boon for multitaskers!

API endpoints for Content Blocks and Document Properties

For users of our REST API, we have now added endpoints for Content Blocks and Document Properties. Now you may create, update, retrieve, and delete Content Blocks and Document Properties through the API.

Ready to upgrade to v3.0?

Still not using Dradis in your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Comments, notifications, & subscriptions

Leave a reply

Efficiently collaborate with your team using comments, notifications, and subscriptions inside of Dradis.

We heard you. There are times that you need to discuss a Dradis project with your team. Gone are the days of jumping on Slack or sending an email with a question or request for edits. Instead, leave a comment! Keep all of your Dradis talk inside Dradis.

Comments, notifications, and subscriptions are brand new in Dradis Community Edition (CE) v3.10 (and coming in the next release of Dradis Pro!).

Let’s jump straight into an example of how these new features improve team collaboration:

I’m working on Dradis CE (username rachkor) and have a question for another team member (username daniel). He wrote up a new Issue, but I think that the solution needs expanding. Instead of writing an email or finding him on chat, I scroll to the comment form at the bottom of the Issue:

Add comments to your Dradis Issues

Not only can I comment on the Issue, but I can also mention @daniel by name:

Mention other Dradis users in your comments

The next time Daniel logs in to Dradis, he’ll be greeted by a notification from me:

Get notifications from any mentions in Dradis comments

Comments are included in the Recent activity feed so that you can keep up with your team as a whole, even if you aren’t involved in a specific conversation.

When you comment on an Issue or a teammate mentions you in a comment, you’ll be automatically subscribed to that Issue. If you need to subscribe (or unsubscribe!) from notifications on a specific Issue, click the subscribe/unsubscribe button:

Subscribe or unsubscribe from comment notifications

We’re excited to unveil this new phase of collaboration within Dradis and can’t wait to hear what you think! Want to check it out? Grab the latest version of Dradis CE from GitHub with these instructions and test out the comments, notifications, and subscriptions. These new features will ship in the next release of Dradis Pro. If you’re a Pro user, stay tuned for a release notice soon!

Not using Dradis yet? Learn more about the Dradis Framework and all the time you could save.

New in Dradis Pro v2.9

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this release, we’ve squashed some pesky bugs and updated the system and its add-ons with new features that will make your team’s life easier.

The highlights of Dradis Pro v2.9

  • Added bulk view (and multi delete) for a node’s notes and evidences.
  • Added the trash functionality to content blocks
  • Added the Methodology tasks and content blocks to the search
  • Added report content attachments
  • Added validation for block groups with empty names
  • Fixed nested lists in exported reports
  • Fixed the multi-deletion of issues
  • Fixed the ghost nodes issue
  • Fixed the project import and export with missing users
  • Add-on enhancements:
    • Added trend analysis for the Business Intelligence add-on
    • Added node properties to the Acunetix and Qualys plugin
    • Added metric-specific fields to the CVSS calculator
    • Fixed the encoding error for the Burp upload plugin
    • Fixed the export errors for the HTML export plugin
  • Bugs fixed: #173#349, #354

A quick video summary of what’s new in this release:

List View for Notes and Evidences

You can now view the evidences of a node as a list. This comes with the bonus of being able to delete them in bulk!

The same goes for the notes in a node!

Business Intelligence Trend Analysis

With the addition of trend analysis to the Business Intelligence add-on, you can now compare 2 or more projects so you can easily visualize the ongoing trends between them.

Report Content Attachments

Just like attachments for nodes, you can now add attachments for your content blocks!

Ready to upgrade to v2.9?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

New in Dradis Pro v2.8

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this zippy release, we’ve added a few features and fixed a few bugs to make your reporting life easier.

The highlights of Dradis Pro v2.8

  • Added the content blocks feature
  • Added delete option for document properties
  • Added Excel export through the command line
  • Allow .xlsx and .xlsm templates.
  • Added “Default for template” in Evidence multi-add form.
  • New add-on:
    • Netsparker upload
  • Add-on enhancements:
    • Update Nessus plugin to include CVSSv3 fields
    • Added HTTPS Support for the Mediawiki plugin
    • Added content blocks service in dradis-plugins
  • Bugs fixed: #150#157, #332.

A quick video summary of what’s new in this release:

 

Content Blocks

The new content blocks feature makes adding notes to your report a lot easier. Gone are the days when you have to tediously add a node, add a note to it then set a category, only for you to forget it a few days later.

Document Property Deletion

We’ve added a way for teams to be able to delete unused document properties from their projects. You won’t have to worry about them cluttering your project anymore!

Ready to upgrade to v2.8?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

New in Dradis Pro v2.7

Leave a reply

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this release, we’ve added shiny new features to make reporting and collaborating with your team much easier.

The highlights of Dradis Pro v2.7

  • New Excel exporter
  • New Report Content page for custom document properties
  • v2 Methodology Admin templates
  • Methodology actions included in the activity feed
  • Independent scrolling for Methodology Lists
  • User profile image in the navbar
  • Word reports:
    • IssueCounters nested in Nodes work as expected.
    • New EvidenceCounter content controls.
    • Fixed handling of array properties
  • Add-on enhancements:
    • Improved the Qualys plugin data representation
    • Updated the Nexpose plugin with Evidence templates
    • Improved the Nexpose plugin parsing issues
    • Added mouseover details to the CVSSv3 calculator
    • Improved to the Dradis Plugins Content Service
    • Fixed Dradis Plugins import for extremely long descriptions
  • Fix plugin upload and export thor task errors
  • Bugs fixed: #119, #347

A quick video summary of what’s new in this release:

Excel Exporter

You can now export your projects to Excel! If you ever need to manipulate data and/or perform calculations for your exports, you can do this with customized formulas in Excel. How cool is that?

Here’s a sample of what your Excel report could look like:

Document Properties

With the new Report Content section, you can now define Document Properties for your project. No need to look for that misplaced properties note that you made ages ago!

New Methodologies Templates

To augment the improvements to the Methodology from the previous release, we’re adding the ability to add Methodology templates with the new Lists and Tasks. Go brethren! You are now free from the shackles of Pending and Done!

Ready to upgrade to v2.7?

Still not using Dradis in your team?

These are some of the benefits you’re missing out:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Attachments API using ruby

Leave a reply

One of the latest additions in Dradis Pro release 2.6.0 was the attachments API. Until now that was only available using the web interface:

Web interface attachments widget, instead of attachments api new endpoint

Web interface attachments widget

As documented here that new API endpoint allows to manipulate node attachments via REST requests. Here there are a couple of examples, using curl.

Read attachments associated to a specific node:

curl \
 -H 'Authorization: Token token="iOEFCQDR-miTHNTjiBxObjWC"' \
 -H 'Dradis-Project-Id: 8' \
 http://dradis.ip/pro/api/nodes/18/attachments

The response to this request is a JSON list of attachments in that node:

[
  {
    "filename": "burp.xml",
    "link": "/nodes/18/attachments/burp.xml"
  },
  {
    "filename": "screenshot.png",
    "link": "/nodes/18/attachments/screenshot.png"
  }
]

This is a request to attach some other files to that node:

curl \
 -H 'Authorization: Token token="iOEFCQDR-miTHNTjiBxObjWC"' \
 -H 'Dradis-Project-Id: 8' \
 -X POST \
 -F 'files[]=@/your/local/path/image1.png' -F 'files[]=@/your/local/path/image2.png' \
 http://dradis.ip/pro/api/nodes/18/attachments

The response to this request is a JSON list containing the new attachments info:

[
  {
    "filename": "image1.png",
    "link": "/nodes/18/attachments/image1.png"
  },
  {
    "filename": "image2.png",
    "link": "/nodes/18/attachments/image2.png"
  }
]

In addition in this post we would like to extend that documentation providing examples on how to do that using a programming language. Since Dradis is implemented in ruby, here is how we could do that in ruby.

Using ruby there are many libraries that allow us to perform http requests, from the basic
already included ‘net/http‘ to more high level options like ‘rest_client‘, ‘faraday‘, etc…

We will show basic examples using these three mentioned options.
For each option we provide two examples:

  1. a request to get all attachments in a node
  2. a requests to upload a couple of files to a node (in the attachments endpoint many files can be uploaded with a single request).

If you intend to use the examples below, remember that you should use your virtual appliance IP instead of ‘dradis.ip‘. Also change the token, project id and node id in the examples to your own values.

Attachments API using ‘rest-client’ ruby gem:

First of all we will need to install the ‘rest-client’ ruby gem. It can be installed with:

gem install rest-client

Read attachments associated to a specific node:

require 'rest_client'
RestClient.get(
  'http://dradis.ip/pro/api/nodes/18/attachments',
  {
    'Authorization' => 'Token token="iOEFCQDR-miTHNTjiBxObjWC"',
    'Dradis-Project-Id' => '8'
  }
)

Attach some other files to that node:

require 'rest_client'
RestClient.post(
  'http://dradis.ip/pro/api/nodes/18/attachments',
  {
    'files' => [
      File.new("/your/local/path/image1.png", 'rb'),
      File.new("/your/local/path/image2.png", 'rb')
    ]
  },
  {
    'Authorization' => 'Token token="iOEFCQDR-miTHNTjiBxObjWC"',
    'Dradis-Project-Id' => '8'
  }
)

Attachments API using ‘faraday’ ruby gem:

To install faraday:

gem install faraday

In this case we are trying to reuse the same connection, probably useful when building a script that sends many requests to the same endpoint.

require 'faraday'

# Establish connection
conn = Faraday.new(
  url: 'http://dradis.ip/pro/api/nodes/18/attachments',
  headers: {
    'Authorization' => 'Token token="iOEFCQDR-miTHNTjiBxObjWC"',
    'Dradis-Project-Id' => '8'
  }
) do |faraday|
  faraday.request :multipart
  faraday.adapter :net_http
end

# Read attachments associated to a specific node:
get = conn.get
puts get.body

# Attach some other files to that node
post = conn.post(
  nil,
  {
    'files' => [
      Faraday::UploadIO.new("/your/local/path/image1.png", 'image/png'),
      Faraday::UploadIO.new("/your/local/path/image2.png", 'image/png')
    ]
  }
)
puts post.body

Attachments API using ruby ‘net/http’:

‘net/http’ is part of the ruby standard library, so if you already have ruby nothing else should be installed to run this script. As a counterpart this option works at a lower level than the previous ones, therefore the code looks a bit more complex.

require 'net/http'

uri = URI('http://dradis.ip/pro/api/nodes/18/attachments')

Net::HTTP.start(uri.host, uri.port) do |http|
 
  # Read attachments associated to a specific node:
  get_request = Net::HTTP::Get.new uri
  get_request['Authorization'] = 'Token token="iOEFCQDR-miTHNTjiBxObjWC"'
  get_request['Dradis-Project-Id'] = '8'
  get_response = http.request(get_request)
  puts get_response.body

  # Attach some other files to that node:
  BOUNDARY = "AaB03x"
  file1 = '/your/local/path/image1.png'
  file2 = '/your/local/path/image2.png'

  post_body = []

  post_body << "--#{BOUNDARY}\r\n"

  post_body << "Content-Disposition: form-data; name=\"files[]\"; filename=\"#{File.basename(file1)}\"\r\n"
  post_body << "Content-Type: image/png\r\n"
  post_body << "\r\n"
  post_body << File.read(file1)

  post_body << "\r\n--#{BOUNDARY}\r\n"

  post_body << "Content-Disposition: form-data; name=\"files[]\"; filename=\"#{File.basename(file2)}\"\r\n"
  post_body << "Content-Type: image/png\r\n"
  post_body << "\r\n"
  post_body << File.read(file2)

  post_body << "\r\n--#{BOUNDARY}--\r\n"

  post_request = Net::HTTP::Post.new uri
  post_request['Authorization'] = 'Token token="iOEFCQDR-miTHNTjiBxObjWC"'
  post_request['Dradis-Project-Id'] = '8'
  post_request.body = post_body.join
  post_request["Content-Type"] = "multipart/form-data, boundary=#{BOUNDARY}"

  post_response = http.request(post_request)
  puts post_response.body
end

Final thoughts

In conclusion, sending requests to the API should be easy enough from any programming language. In the ruby case, using a specialized gem seems like the best choice.