Several years ago, Robin\u2019s workflow involved using a basic text editor to log his clients\u2019 vulnerability issues. He would then use those notes to produce his final reports. He did not use a structured or dedicated system or software platform.<\/p>\n
Robin tested primarily web applications. This meant that the issues he discovered were pretty diverse from project to project. This project diversity was the major reason Robin felt that standardization of his project management would be difficult to implement.<\/p>\n
He did recognize that his process had shortcomings. For one thing, he was often \u201creinventing the wheel\u201d \u2013 writing about vulnerabilities that were similar to ones he\u2019d written about before. He didn\u2019t have an organized way to compare issues and easily re-use that content.<\/p>\n
But, by and large, Robin\u2019s process was \u201cgood enough\u201d \u2013 it worked for him and he was doing fine. Mainly he felt that it would be too difficult and time consuming for him to switch to a new way of doing things.<\/p>\n
![\"Security](\"https:\/\/dradisframework.com\/blog\/wp-content\/uploads\/2020\/03\/Dradisquote.png\")
<\/a><\/h2>\nEnter Dradis Pro<\/h2>\n
A few years ago, Robin found himself working with an InfoSec company that was using Dradis Pro<\/em> for logging issues and creating reports. At first he didn\u2019t believe that learning the new software was worth the trouble. At any rate, he did it because it was part of the company\u2019s process.<\/p>\nAfter getting used to using Dradis, though, Robin realized that his speed and efficiency had increased substantially. He continued to use Dradis from that point onward, even when he left that company and went to work for himself.<\/p>\n
As Robin put it, \u201cThe problem is that you think, \u2018My process works as it is, so I don\u2019t have the time to put more effort into it. I\u2019ll just use what I have.\u2019 Then you\u2019ll improve something and find a better way of doing it, and think, \u2018Why didn\u2019t I do this six months ago? Why didn\u2019t I do this a year ago?\u2019\u201d<\/p>\n
We\u2019ll look at some of the ways in which Dradis Pro has helped improve Robin\u2019s workflow and his clients\u2019 experiences with the security assessment process.<\/p>\n
Greater Project Structure and Organization<\/h3>\n
Even though Robin\u2019s clients and projects are diverse, Dradis Pro has allowed him to standardize his project management. Dradis gives him a consistent way to do everything associated with a project: use and update methodologies, organize an assessment, take notes, and include screenshots and other evidence.<\/p>\n
\u201cAll my stuff is in a nice place where I know where it is, and it\u2019s all recorded in a constant fashion. The organization is the same every time.\u201d<\/p>\n
Easier Report Creation<\/h3>\n
Dradis can be connected to a library of vulnerability descriptions. Robin connects Dradis to MediaWiki (free, open-source software) to create his own library of preferred descriptions that can be easily edited and reused as he sees fit.<\/p>\n
\u201cIt makes such a big difference. In every test you do, you think, \u2018I know I\u2019ve written that one up before.\u2019 And before, I\u2019d have to dig through all the reports, going, \u2018How did I write that up before? I know I did a good description of this at some point.\u2019 With the issue library, I write a good description and I put it in the library and it\u2019s always there for me. I don\u2019t have to reinvent the wheel. It saves so much time and effort.\u201d<\/p>\n
The library is always growing and always improving.<\/p>\n
\u201cYou don\u2019t put in an issue and forget about it. It\u2019s always getting better over time. Whenever I find something I don\u2019t understand or think I can improve, I go back in and improve it and that goes back in the library. It might even be minor improvements, like the odd typo or spelling mistake. So even in small ways, the client is getting a win out of it.\u201d<\/p>\n
![\"Dradis](\"https:\/\/dradisframework.com\/blog\/wp-content\/uploads\/2020\/03\/dradisreports.png\")
<\/a><\/p>\nEasier Report Customization<\/h3>\n
Dradis helps Robin even for his clients whose findings and reports require customization. In fact, with Dradis you can have multiple types of templates for different types of jobs. Once you have all of your project data in one place, you can export it in a variety of formats, such as Word, Excel, and HTML.<\/p>\n
\u201cI don\u2019t use the same template for everyone because everyone is not the same. But I don\u2019t want to be rewriting the same thing over again, either. So I just go in, take what I\u2019ve got, and edit it to be bespoke for that customer, and that goes in the report. Even for the more rare or obscure issues, I still have a template that I can start with, instead of redoing it.\u201d<\/p>\n
Long-Term Storage and Retrieval<\/h3>\n
Dradis allows encrypted storage of projects, which makes it easy to keep projects secure and to revisit past projects.<\/p>\n
\u201cI had a client get in touch yesterday. Their test took place six months ago and they had questions about it. I can easily pull the archive, decrypt it, and I have all the data for them. It\u2019s just there, ready to go.\u201d<\/p>\n
Improved Client Perception<\/h3>\n
Additionally, Dradis Pro has been key in helping Robin organize his projects as well as his clients\u2019 perceptions of his work when he does on-site assessments.<\/p>\n
\u201cA client can come and sit down beside me while I\u2019m on a site, and I can walk through each issue with them. There\u2019s a nice display on screen with a full list of issues. I can click on them, show them the descriptions, and there\u2019s a graph that shows how many high, medium, and low risks. If you tried to do that with a basic text file, obviously that doesn\u2019t look as good.\u201d<\/p>\n
Improved Client Results<\/h3>\n
Improved project organization doesn\u2019t just help Robin; most importantly, it improves his clients\u2019 results.<\/p>\n
\u201cMy clients really do get value out of it. They are getting more detailed and more time-tested descriptions. This makes it easier for them to understand what\u2019s going on and makes it easier for them to remediate issues.\u201d<\/p>\n
New Features and Updates<\/h2>\n
Regularly, Dradis Pro adds and updates features in response to customer feedback and ideas.<\/p>\n
\u201cThere are new versions and new features coming out frequently. It\u2019s nice to be able to offload a technical issue to someone else. Unsurprisingly, [the Dradis team is] responsive to requests for features.\u201d<\/p>\n
Check out our newest edition release<\/a>.\u00a0<\/p>\nA Necessary Tool<\/h2>\n
Dradis Pro has proven to be an indispensable part of Robin\u2019s workflow.
We asked Robin, considering the many strengths of Dradis Pro, why isn\u2019t everyone in InfoSec using something like it?<\/p>\n
\u201cIt can seem like a lot of effort to learn a new security assessment process. I think that might put some people off. But like I did, you start small and just slowly build up into it. And at each step, you realize that you\u2019ve made a big jump up and improved your efficiency and quality. It\u2019s definitely worth the effort.\u201d<\/p>\n
Try Dradis for 30 Days<\/h2>\n
We are confident that Dradis Pro will improve your InfoSec workflow as it did for Robin\u2019s. Conversely, if you try Dradis Pro for 30 days and don\u2019t believe you\u2019ve gotten your money\u2019s worth, just let us know and we\u2019ll give you your money back. Check out our straightforward plans here.<\/a><\/p>\n
After getting used to using Dradis, though, Robin realized that his speed and efficiency had increased substantially. He continued to use Dradis from that point onward, even when he left that company and went to work for himself.<\/p>\n
As Robin put it, \u201cThe problem is that you think, \u2018My process works as it is, so I don\u2019t have the time to put more effort into it. I\u2019ll just use what I have.\u2019 Then you\u2019ll improve something and find a better way of doing it, and think, \u2018Why didn\u2019t I do this six months ago? Why didn\u2019t I do this a year ago?\u2019\u201d<\/p>\n
We\u2019ll look at some of the ways in which Dradis Pro has helped improve Robin\u2019s workflow and his clients\u2019 experiences with the security assessment process.<\/p>\n
Greater Project Structure and Organization<\/h3>\n
Even though Robin\u2019s clients and projects are diverse, Dradis Pro has allowed him to standardize his project management. Dradis gives him a consistent way to do everything associated with a project: use and update methodologies, organize an assessment, take notes, and include screenshots and other evidence.<\/p>\n
\u201cAll my stuff is in a nice place where I know where it is, and it\u2019s all recorded in a constant fashion. The organization is the same every time.\u201d<\/p>\n
Easier Report Creation<\/h3>\n
Dradis can be connected to a library of vulnerability descriptions. Robin connects Dradis to MediaWiki (free, open-source software) to create his own library of preferred descriptions that can be easily edited and reused as he sees fit.<\/p>\n
\u201cIt makes such a big difference. In every test you do, you think, \u2018I know I\u2019ve written that one up before.\u2019 And before, I\u2019d have to dig through all the reports, going, \u2018How did I write that up before? I know I did a good description of this at some point.\u2019 With the issue library, I write a good description and I put it in the library and it\u2019s always there for me. I don\u2019t have to reinvent the wheel. It saves so much time and effort.\u201d<\/p>\n
The library is always growing and always improving.<\/p>\n
\u201cYou don\u2019t put in an issue and forget about it. It\u2019s always getting better over time. Whenever I find something I don\u2019t understand or think I can improve, I go back in and improve it and that goes back in the library. It might even be minor improvements, like the odd typo or spelling mistake. So even in small ways, the client is getting a win out of it.\u201d<\/p>\n
Dradis helps Robin even for his clients whose findings and reports require customization. In fact, with Dradis you can have multiple types of templates for different types of jobs. Once you have all of your project data in one place, you can export it in a variety of formats, such as Word, Excel, and HTML.<\/p>\n \u201cI don\u2019t use the same template for everyone because everyone is not the same. But I don\u2019t want to be rewriting the same thing over again, either. So I just go in, take what I\u2019ve got, and edit it to be bespoke for that customer, and that goes in the report. Even for the more rare or obscure issues, I still have a template that I can start with, instead of redoing it.\u201d<\/p>\n Dradis allows encrypted storage of projects, which makes it easy to keep projects secure and to revisit past projects.<\/p>\n \u201cI had a client get in touch yesterday. Their test took place six months ago and they had questions about it. I can easily pull the archive, decrypt it, and I have all the data for them. It\u2019s just there, ready to go.\u201d<\/p>\n Additionally, Dradis Pro has been key in helping Robin organize his projects as well as his clients\u2019 perceptions of his work when he does on-site assessments.<\/p>\n \u201cA client can come and sit down beside me while I\u2019m on a site, and I can walk through each issue with them. There\u2019s a nice display on screen with a full list of issues. I can click on them, show them the descriptions, and there\u2019s a graph that shows how many high, medium, and low risks. If you tried to do that with a basic text file, obviously that doesn\u2019t look as good.\u201d<\/p>\n Improved project organization doesn\u2019t just help Robin; most importantly, it improves his clients\u2019 results.<\/p>\n \u201cMy clients really do get value out of it. They are getting more detailed and more time-tested descriptions. This makes it easier for them to understand what\u2019s going on and makes it easier for them to remediate issues.\u201d<\/p>\n Regularly, Dradis Pro adds and updates features in response to customer feedback and ideas.<\/p>\n \u201cThere are new versions and new features coming out frequently. It\u2019s nice to be able to offload a technical issue to someone else. Unsurprisingly, [the Dradis team is] responsive to requests for features.\u201d<\/p>\n Check out our newest edition release<\/a>.\u00a0<\/p>\n Dradis Pro has proven to be an indispensable part of Robin\u2019s workflow. \u201cIt can seem like a lot of effort to learn a new security assessment process. I think that might put some people off. But like I did, you start small and just slowly build up into it. And at each step, you realize that you\u2019ve made a big jump up and improved your efficiency and quality. It\u2019s definitely worth the effort.\u201d<\/p>\n We are confident that Dradis Pro will improve your InfoSec workflow as it did for Robin\u2019s. Conversely, if you try Dradis Pro for 30 days and don\u2019t believe you\u2019ve gotten your money\u2019s worth, just let us know and we\u2019ll give you your money back. Check out our straightforward plans here.<\/a><\/p>\n<\/a><\/p>\nEasier Report Customization<\/h3>\n
Long-Term Storage and Retrieval<\/h3>\n
Improved Client Perception<\/h3>\n
Improved Client Results<\/h3>\n
New Features and Updates<\/h2>\n
A Necessary Tool<\/h2>\n
We asked Robin, considering the many strengths of Dradis Pro, why isn\u2019t everyone in InfoSec using something like it?<\/p>\nTry Dradis for 30 Days<\/h2>\n