Projects 101

Team and permissions

Activity feed and revision history

The Project Scheduler

Comments, Notifications, & Subscriptions

Using Nodes to structure the project

Node properties

Working with Notes

The Report Content page

Adding issues and evidence

Liquid Dynamic Content

Combine multiple Issues

Bulk-update Issues

CVSS, DREAD, and MITRE ATT&CK calculators

Add attachments

Tagging issues

Using methodologies

Project templates

Upload and work with tool output

Upload and work with CSV files

Search your project

Restore deleted content with the Trash feature

Quality Assurance View

Generate your report

Importing and exporting projects

Performing a retest

The Administrator role

Managing users

Enabling / disabling sign ups

Working with teams

Working with projects

The Instance-wide Trash

Integration and Tool Manager

Project Scheduler

The Business Intelligence Dashboard

The Remediation Tracker

The Mappings Manager

The Rules Engine

The IssueLibrary

Report templates

Report template properties

Note templates

Project templates

Methodology templates

Kit Uploads

System settings

White labeling Dradis

Upgrading the app

API basics

Teams endpoint

Users endpoint

Projects endpoint

Nodes endpoint

Issues endpoint

Evidence endpoint

Content Blocks endpoint

Notes endpoint

Attachments endpoint

Document Properties endpoint

Methodologies endpoint

IssueLibrary endpoint

Intro to the Command Line Interface

User's guide to the Dradis Console

Upload tool output from the command line

[scripting] Find projects with XSS issues

[scripting] Find Issues added in the past 24 hours

[scripting] Statistics on Issues and Projects

[scripting] From Nessus output to custom report

[scripting] Update your IssueLibrary entries

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. Customization
  4. Restricting Image Domains with Rails CSP

Restricting Image Domains with Rails CSP

You may need to restrict where images are fetched in your content to prevent cases such as NTLM hash stealing.

To add a domain restriction, perform the following steps:

  1. ssh to your instance as the dradispro user.
  2. Open the content_security_policy.rb file found in the /opt/dradispro/dradispro/current/config/initializers directory

  3. Update the following line from:

    policy.img_src     :self, :https, :data

    To:

    policy.img_src     :self, :data, 'https://example.com', 'https://anotherdomain.com'

    Where https://example.com and https://anotherdomain.com are the domains you're allowing your <img> tags to be fetched from. In case you need to allow more domains, you can add more to the line separated with a comma

  4. Save the file
  5. Restart the server with 
    $ god load /etc/god.d/dradispro-puma.god
$ god restart

Images fetched from your instance should now be restricted!

Next help article: Change default CIC password →

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.