{"id":186,"date":"2013-05-07T15:31:54","date_gmt":"2013-05-07T15:31:54","guid":{"rendered":"http:\/\/securityroots.com\/blog\/?p=186"},"modified":"2013-05-07T15:31:54","modified_gmt":"2013-05-07T15:31:54","slug":"upcoming-in-dradis-pro-v1-7-issues-and-evidence","status":"publish","type":"post","link":"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/","title":{"rendered":"Upcoming in Dradis Pro v1.7: Issues and Evidence"},"content":{"rendered":"<p>A new release of <a href=\"http:\/\/securityroots.com\/dradispro\/\">Dradis Pro<\/a> is in the making: <strong>Dradis Pro v1.7<\/strong>. We continue to evolve our solution based of <a href=\"http:\/\/securityroots.com\/dradispro\/#testimonials\">the feedback<\/a> we receive from our users.<\/p>\n<p>Starting in <strong>Dradis Pro v1.7<\/strong> we have introduced two new concepts:<\/p>\n<ul>\n<li><strong>Issues<\/strong>: these are findings or vulnerabilities. An example would be: &#8220;<em>Cross-site scripting<\/em>&#8220;.<\/li>\n<li><strong>Evidence<\/strong>: this is where you provide the concrete information \/ proof-of-concept data for a given instance of the Issue.<\/li>\n<\/ul>\n<p>For example:<\/p>\n<ul>\n<li>The &#8216;Hackme bank&#8217; application is vulnerable to <em>Cross-site scripting<\/em> (Issue). There are 7 instances of this issue and here is the information about them (Evidence).<\/li>\n<li>The HTTP service in tcp\/443 of the 10.0.0.1 host is affected by the <em>Out-of-date Apache Tomcat<\/em> issue and so is the tcp\/8080 service in 10.0.0.2<\/li>\n<\/ul>\n<p>As you can see, the main benefit of this approach is that you get to describe the Issue once and reuse that description.<\/p>\n<p>To continue with our example, we&#8217;d have to create the following project structure:<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/securityroots.com\/dradispro\/support\/guides\/images\/dradisreports_byhost\/byhost-02.png\" \/><\/p>\n<p>Here we would add the <em>Out-of-date Apache Tomcat<\/em> Issue to the <strong>all issues<\/strong> node of the project, and then the Evidence for each host will be added in the corresponding node.<\/p>\n<p>By segregating core vulnerability information from the evidence associated with each instance of the issue, we can start doing some powerful things.<\/p>\n<h2>Reporting by host, reporting by issue<\/h2>\n<p>On the one hand, some penetration testing firms like to structure their reports by finding. They go through the list of issues identified, providing description, mitigation advice, references, etc. and including all the hosts affected by the issue in each instance.<\/p>\n<p style=\"text-align: center\">\n<p><a href=\"http:\/\/securityroots.com\/blog\/wp-content\/uploads\/2013\/04\/byhost-20.png\"><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/securityroots.com\/blog\/wp-content\/uploads\/2013\/04\/byhost-20.png\" alt=\"byhost-20\" width=\"575\" height=\"287\" class=\"aligncenter size-full wp-image-199\" \/><\/a><\/p>\n<p>On the other hand, some prefer to structure their report by host. They list all the hosts in-scope for the engagement and describe each issue that affects them.<\/p>\n<p style=\"text-align: center\"><a href=\"http:\/\/securityroots.com\/dradispro\/support\/guides\/images\/dradisreports_byhost\/byhost-05.png\"><img decoding=\"async\" src=\"http:\/\/securityroots.com\/dradispro\/support\/guides\/images\/dradisreports_byhost\/byhost-05_small.png\" \/><\/a><\/p>\n<p>Of course there are others that provide these two options in the same report. A section where all the issues are described in detail followed by a host summary where you can quickly see a list of issues affecting a given host.<\/p>\n<p style=\"text-align: center\"><a href=\"http:\/\/securityroots.com\/dradispro\/support\/guides\/images\/dradisreports_byhost\/byhost-01.png\"><img decoding=\"async\" src=\"http:\/\/securityroots.com\/dradispro\/support\/guides\/images\/dradisreports_byhost\/byhost-01_small.png\" \/><\/a><\/p>\n<p>In order to provide this level of flexibility there needs to be a segregation between the issue details and the instance information.<\/p>\n<p>With the introduction of Issues\/Evidence in v1.7, we have just opened the door to all this flexibility.<\/p>\n<h2>More information<\/h2>\n<p>If you are an existing <a href=\"http:\/\/securityroots.com\/dradispro\/\">Dradis Pro<\/a> user, you can already take advantage of all this features <a href=\"https:\/\/groups.google.com\/forum\/?fromgroups=#!topic\/dradis-pro\/0g7a0gxwYP8\">without having to wait<\/a> until the release of v1.7. We have also prepared a step-by-step reporting guide for you:<\/p>\n<p><a href=\"http:\/\/securityroots.com\/dradispro\/support\/guides\/dradisreports_byhost.html\">Reporting by host, reporting by issue<\/a><\/p>\n<p>If you are not a user yet, you can read more about <a href=\"http:\/\/securityroots.com\/dradispro\/painless_reporting.html\">cutting your reporting time<\/a>, <a href=\"http:\/\/securityroots.com\/dradispro\/plugin_manager.html\">putting external tools to work for you<\/a> (and not against you) and <a href=\"http:\/\/securityroots.com\/dradispro\/testing_methodologies.html\">delivering consistent results<\/a> with our tool. <a href=\"http:\/\/securityroots.com\/dradispro\/pricing.html\">Get a license<\/a> and start <a href=\"http:\/\/securityroots.com\/dradispro\/#testimonials\">saving yourself some time<\/a> today.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new release of Dradis Pro is in the making: Dradis Pro v1.7. We continue to evolve our solution based of the feedback we receive from our users. Starting in Dradis Pro v1.7 we have introduced two new concepts: Issues: these are findings or vulnerabilities. An example would be: &#8220;Cross-site scripting&#8220;. Evidence: this is where [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":[]},"categories":[3],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Dradis Pro v1.7 - Issues \/ Evidence - flexible reporting<\/title>\n<meta name=\"description\" content=\"In order to provide even more flexible reporting options, Dradis Pro v1.7 introduces the concept of Issues and Evidence. Report by host or by finding\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dradis Pro v1.7 - Issues \/ Evidence - flexible reporting\" \/>\n<meta property=\"og:description\" content=\"In order to provide even more flexible reporting options, Dradis Pro v1.7 introduces the concept of Issues and Evidence. Report by host or by finding\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/\" \/>\n<meta property=\"og:site_name\" content=\"Dradis Framework Blog\" \/>\n<meta property=\"article:published_time\" content=\"2013-05-07T15:31:54+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/securityroots.com\/dradispro\/support\/guides\/images\/dradisreports_byhost\/byhost-02.png\" \/>\n<meta name=\"author\" content=\"Daniel Martin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dradisfw\" \/>\n<meta name=\"twitter:site\" content=\"@dradisfw\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Martin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/\",\"url\":\"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/\",\"name\":\"Dradis Pro v1.7 - Issues \/ Evidence - flexible reporting\",\"isPartOf\":{\"@id\":\"https:\/\/dradis.com\/blog\/#website\"},\"datePublished\":\"2013-05-07T15:31:54+00:00\",\"dateModified\":\"2013-05-07T15:31:54+00:00\",\"author\":{\"@id\":\"https:\/\/dradis.com\/blog\/#\/schema\/person\/0d7332083eed49c91ddf883f46f0dc52\"},\"description\":\"In order to provide even more flexible reporting options, Dradis Pro v1.7 introduces the concept of Issues and Evidence. Report by host or by finding\",\"breadcrumb\":{\"@id\":\"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dradis.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Upcoming in Dradis Pro v1.7: Issues and Evidence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dradis.com\/blog\/#website\",\"url\":\"https:\/\/dradis.com\/blog\/\",\"name\":\"Dradis Framework Blog\",\"description\":\"Information management for security teams\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dradis.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/dradis.com\/blog\/#\/schema\/person\/0d7332083eed49c91ddf883f46f0dc52\",\"name\":\"Daniel Martin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dradis.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0810040b4df4564381531b4d4a79a05?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0810040b4df4564381531b4d4a79a05?s=96&d=mm&r=g\",\"caption\":\"Daniel Martin\"},\"sameAs\":[\"http:\/\/securityroots.com\/story.html\"],\"url\":\"https:\/\/dradis.com\/blog\/author\/etd\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dradis Pro v1.7 - Issues \/ Evidence - flexible reporting","description":"In order to provide even more flexible reporting options, Dradis Pro v1.7 introduces the concept of Issues and Evidence. Report by host or by finding","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/","og_locale":"en_US","og_type":"article","og_title":"Dradis Pro v1.7 - Issues \/ Evidence - flexible reporting","og_description":"In order to provide even more flexible reporting options, Dradis Pro v1.7 introduces the concept of Issues and Evidence. Report by host or by finding","og_url":"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/","og_site_name":"Dradis Framework Blog","article_published_time":"2013-05-07T15:31:54+00:00","og_image":[{"url":"http:\/\/securityroots.com\/dradispro\/support\/guides\/images\/dradisreports_byhost\/byhost-02.png"}],"author":"Daniel Martin","twitter_card":"summary_large_image","twitter_creator":"@dradisfw","twitter_site":"@dradisfw","twitter_misc":{"Written by":"Daniel Martin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/","url":"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/","name":"Dradis Pro v1.7 - Issues \/ Evidence - flexible reporting","isPartOf":{"@id":"https:\/\/dradis.com\/blog\/#website"},"datePublished":"2013-05-07T15:31:54+00:00","dateModified":"2013-05-07T15:31:54+00:00","author":{"@id":"https:\/\/dradis.com\/blog\/#\/schema\/person\/0d7332083eed49c91ddf883f46f0dc52"},"description":"In order to provide even more flexible reporting options, Dradis Pro v1.7 introduces the concept of Issues and Evidence. Report by host or by finding","breadcrumb":{"@id":"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dradis.com\/blog\/2013\/05\/upcoming-in-dradis-pro-v1-7-issues-and-evidence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dradis.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Upcoming in Dradis Pro v1.7: Issues and Evidence"}]},{"@type":"WebSite","@id":"https:\/\/dradis.com\/blog\/#website","url":"https:\/\/dradis.com\/blog\/","name":"Dradis Framework Blog","description":"Information management for security teams","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dradis.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/dradis.com\/blog\/#\/schema\/person\/0d7332083eed49c91ddf883f46f0dc52","name":"Daniel Martin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dradis.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0810040b4df4564381531b4d4a79a05?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0810040b4df4564381531b4d4a79a05?s=96&d=mm&r=g","caption":"Daniel Martin"},"sameAs":["http:\/\/securityroots.com\/story.html"],"url":"https:\/\/dradis.com\/blog\/author\/etd\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p3ijVs-30","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":294,"url":"https:\/\/dradis.com\/blog\/2013\/06\/new-in-dradis-pro-v17\/","url_meta":{"origin":186,"position":0},"title":"New in Dradis Pro v1.7","date":"June 18, 2013","format":false,"excerpt":"Today we have pushed a new version of Dradis Professional Edition: Dradis Pro v1.7. This is the result of eight months of hard work, a bit longer than usual, but the release is packed with lots of handy improvements. Here are some changes: New Issue\/Evidence architecture: read about why this\u2026","rel":"","context":"In &quot;Dradis_Pro&quot;","img":{"alt_text":"A screenshot showing note contents, issues and attachments in one page","src":"https:\/\/i0.wp.com\/securityroots.com\/blog\/wp-content\/uploads\/2013\/05\/dradispro_v1.7-02.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2443,"url":"https:\/\/dradis.com\/blog\/2025\/01\/new-in-dradis-pro-v4-15\/","url_meta":{"origin":186,"position":1},"title":"New in Dradis Pro v4.15","date":"January 7, 2025","format":false,"excerpt":"Dradis v4.15.0 includes automatic cross-references, custom tag ordering, and kit updates.","rel":"","context":"In &quot;Dradis_Pro&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/dradis.com\/blog\/wp-content\/uploads\/2024\/12\/reports-203.webp?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":2247,"url":"https:\/\/dradis.com\/blog\/2023\/04\/new-in-dradis-pro-v4-8\/","url_meta":{"origin":186,"position":2},"title":"New in Dradis Pro v4.8","date":"April 18, 2023","format":false,"excerpt":"Dradis version 4.8.0 includes a QA view so that you can review\/approve Issues and Content Blocks before including them in reports and better tester management for locked users.","rel":"","context":"In &quot;Dradis_Pro&quot;","img":{"alt_text":"Dradis v4.8.0 has a Quality Assurance feature to approve Issues and Content Blocks before reporting","src":"https:\/\/i0.wp.com\/dradis.com\/blog\/wp-content\/uploads\/2023\/04\/Screen-Shot-2023-04-17-at-1.26.51-PM.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1372,"url":"https:\/\/dradis.com\/blog\/2020\/06\/new-in-dradis-pro-v3-7\/","url_meta":{"origin":186,"position":3},"title":"New in Dradis Pro v3.7","date":"June 4, 2020","format":false,"excerpt":"https:\/\/www.youtube.com\/watch?v=d8T6GsCIc8E Formatting Toolbar Formatting text is even easier now with the editor toolbar. The toolbar makes it simple to enter and format text in an issue, evidence, notes, comments, and methodologies without needing to use Textile markup. The live preview updates with your formatting changes as you work. Form Editor\u2026","rel":"","context":"In &quot;Dradis_Pro&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/dradis.com\/blog\/wp-content\/uploads\/2020\/06\/formattingtoolbar.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1546,"url":"https:\/\/dradis.com\/blog\/2021\/02\/new-in-dradis-pro-v3-11\/","url_meta":{"origin":186,"position":4},"title":"New in Dradis Pro v3.11","date":"February 16, 2021","format":false,"excerpt":"https:\/\/youtu.be\/fPMJj-FfhLo JIRA Sync Details added to JIRA tickets will now sync back to Dradis Issues and Remediation Tracker tickets making it easier to keep all of the project details together to speed up remediation tasks. Ruby 2.7.2 and Rails 6.1.1 Sometimes we have to roll up our sleeves and take\u2026","rel":"","context":"In &quot;Dradis_Pro&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/dradis.com\/blog\/wp-content\/uploads\/2021\/02\/jira-sync.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":101,"url":"https:\/\/dradis.com\/blog\/2013\/03\/dradis-pro-report-templates-and-methodologies\/","url_meta":{"origin":186,"position":5},"title":"Dradis Pro report templates and testing methodologies for download","date":"March 15, 2013","format":false,"excerpt":"Ever wanted to create your own Dradis Pro report templates but didn't know where to start? Wait no more! A few days ago we introduced the Extras page. From there you can download report templates and testing methodologies. The idea is to showcase all the possibilities supported by our reporting\u2026","rel":"","context":"In &quot;Dradis_Pro&quot;","img":{"alt_text":"Dradis Pro Advanced report template: a screenshot showing the advanced word report","src":"https:\/\/i0.wp.com\/securityroots.com\/blog\/wp-content\/uploads\/2013\/03\/dradisreports_advancedreporting.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/posts\/186"}],"collection":[{"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/comments?post=186"}],"version-history":[{"count":0,"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/posts\/186\/revisions"}],"wp:attachment":[{"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/media?parent=186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/categories?post=186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dradis.com\/blog\/wp-json\/wp\/v2\/tags?post=186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}