Turn Your Pentests Into Insights: The New Business Intelligence Dashboard

Leave a reply

Remember when we shared a “Year in Review” script that could pull basic stats from your Dradis instance? Well, we heard your feedback loud and clear. You wanted more than a command-line script. You wanted insights that were easy to access, customizable to your needs, and powerful enough to help you make real business decisions.

Today, I’m excited to walk you through what we’ve built: a full-fledged Business Intelligence Dashboard that turns your Dradis data into actionable intelligence.

The Journey from Script to Dashboard

That original Year in Review script was simple but effective. It could tell you how many projects you created, count your Issues by severity, and show you the most commonly found vulnerabilities. But it had limitations. You had to SSH into your instance, run commands, and parse text output. And while it gave you a snapshot of your year, it couldn’t help you understand the why behind the numbers.

The Business Intelligence Dashboard takes that concept and expands it into something much more powerful. Instead of running scripts, you can now log into Dradis and immediately see:

  • Activity summaries comparing this year to last year for Projects, Issues, Teams, and Contributors
  • The most common Issues found across all your projects by Title, filtered by Tag
  • Custom metrics and trends based on your team and project properties

Custom Properties: The Foundation for Better Insights

The real power of the Business Intelligence Dashboard comes from custom properties. These let you tag and categorize your work in ways that matter to your business.

Team Properties

Want to know which industries you serve most? Or which types of clients are most profitable? Team properties let you define custom fields for your clients. You can create:

  • Integer fields for numerical data (revenue, number of employees, etc.)
  • String fields for text data (client contact information, notes)
  • List fields for categorical data (industry, region, client tier)

For example, you might create an “Industry” property with options like Healthcare, Finance, Retail, and Technology. Once defined, every time you create a new team, you’ll be able to select from these options.

Project Properties

Project properties work the same way, but let you categorize individual engagements. This is where you can track things like:

  • Project type (webapp, infrastructure, mobile, cloud)
  • Whether a project was under-scoped or over-scoped
  • Complexity level
  • Testing methodology used

These properties become the basis for answering critical business questions.

Existing Business Intelligence Features

Dradis has other Business Intelligence features beyond those we highlighted above. Once you’ve been collecting data through custom properties, the Dashboard transforms that information into visual insights and searchable metrics.

Automated Overview Charts

Every List property you define automatically generates a visual overview chart. These charts give you an at-a-glance understanding of your business composition. See instantly what percentage of your projects are webapp versus infrastructure, or which industries make up the majority of your client base.

Data Analysis Queries

The Data Analysis sidebar lets you drill down into specific questions. Want to see all teams in the Healthcare industry? Or find every webapp project from the last quarter? Just select the property you want to search, enter your criteria, and get instant results.

The results come back in a customizable table where you can toggle columns on and off to focus on exactly what matters. Each result shows not just the projects or teams that match your criteria, but also their associated Issues and other relevant data.

Trend Analysis: Compare and Learn

The Business Intelligence’s Trend Analysis feature lets you select multiple projects and compare them side-by-side to identify patterns and differences.

To use it:

  1. Click “+ Trend analysis” in the sidebar
  2. Select the projects you want to compare (use the filter to narrow your options)
  3. Click “Compare!”

The comparison shows you:

  • A graph of Issues based on tags across all selected projects
  • A project analysis table with Issue counts by tag
  • Issue analysis showing which Issues affect which Nodes in each project
  • Node analysis displaying Issue counts by tag for each Node

This is invaluable for understanding how similar projects differ, identifying trends over time, or comparing repeat/retest projects.

Answering the Questions That Matter

With the Business Intelligence Dashboard, you can now answer:

What types of projects are you running? Define a “Project Type” property and instantly see the breakdown in your overview charts.

What types of team industries are you serving? Create an “Industry” team property and use Data Analysis to explore the distribution.

Which types of teams are most profitable? Combine revenue properties with industry properties to identify patterns.

What percentage of your projects are under-scoped or over-scoped? Add a “Scope Accuracy” project property and let the Dashboard show you the numbers.

But it doesn’t stop there. The flexibility of custom properties means you can answer questions specific to your business that we never could have anticipated. That’s the beauty of this approach—you’re not limited to our assumptions about what matters. You define what success looks like, and the Dashboard helps you measure it.

What This Means for Your Team

The Business Intelligence Dashboard isn’t just about pretty charts. It’s about making better decisions:

  • Resource allocation: Understand which project types require more time and adjust your scoping accordingly.
  • Client focus: Identify which industries or client types align best with your expertise and business goals.
  • Quality improvement: Track Issue trends across projects to understand where your team excels and where there’s room for improvement.
  • Business growth: Use data to make informed decisions about which services to expand, which clients to pursue, and how to position your team in the market.

Getting Started

The new and improved Business Intelligence Dashboard is available now in Dradis Pro v4.19.0 and later. If you’re already using Dradis, navigate Tools > Business Intelligence to start defining your custom properties. If you’re new to Dradis, check out our complete documentation to learn more.

We’ve come a long way from that simple Year in Review script. But the journey isn’t over. We’re continuing to enhance the Business Intelligence Dashboard based on your feedback. What insights matter most to your team? What questions are you trying to answer? We’d love to hear from you.

Want to learn more about the Business Intelligence Dashboard? Check out our support guide for step-by-step instructions.

ICYMI: What we shipped in 2025 🚀

Leave a reply

2025 has been a busy and productive year for the entire Dradis team. While we shipped a lot of cool stuff, there are some features that really stand out as we look back over the year. We hope you’ve been making as much use of these as we have.

Our top features and improvements in 2025 include:

  • Business Intelligence Analytics
  • Echo: Context-aware Automation for Dradis
  • Gateway Services and Questionnaires
  • Whitelabling
  • Docker Deployments
  • Hera: Our New Layout
  • Webhooks
  • Issue Library CSV imports
  • Dradis OTP
  • Project QA
  • Audit Logging
  • API Improvements

Read on for a roundup of our favorite features that you may have missed.

Business Intelligence Analytics

We had a lot of requests around a Business Intelligence Dashboard, and now the first version is ready! You can see year-over-year trends of projects, issues, teams, contributors, and custom properties, along with lists of your most common issues across projects.

Get a clearer look at progress over time.

Echo: Context-aware Automation for Dradis

Improve Issue write-ups, summarize raw scanner output, rewrite tester notes into executive language, enhance remediation advice, and more! With Dradis Echo, you can deploy your preferred LLM locally, with no external connections at all. Your data always stays local to uphold data sovereignty.

This is still in a Beta Release, but if you’d like to test this out or be an early adopter, you can read more about Echo and how to install it.

Gateway Services and Questionnaires

As we continue to improve the features and possibilities of Dradis Gateway, we have built a Services section of the portal where you can create questionnaires to send to Gateway Contributors.

For example, you could use a questionnaire to establish the scope and goals of a penetration test before starting a Dradis project. Based on the responses, you can create a new project for the team right from the questionnaire results.

Teams are also creating post-engagement questionnaires, re-test request questionnaires, and much more!

Whitelabling

Admins can now add a custom logo and brand color to Dradis. Contributors will see this logo and color when logging in and throughout the Dradis UI, providing a white-labeled experience that reflects your team’s brand identity.

Docker Deployments

We are now offering new deployment options for Dradis CE (Pro coming soon!). Releases are now available on Docker Hub and we have a new command-line interface that streamlines deployment on a remote server. See https://dradis.new/ for more!

Hera: Our New Layout

Dradis has been a trusted tool in the pentesting world for over 15 years. Many changes, features, and components have been added during that period, and as the platform evolved, the growing number of links and navigation layers made the layout feel more complex than we’d like. That’s why we’ve decided it’s time for a refresh.

Our main goal was to make Dradis easier to navigate, give it a fresh look, and create a unified layout that feels consistent and intuitive.

The most significant change is the new navigation architecture, introducing a main navigation bar, a secondary navigation bar, as well as a left and right sidebar.

  • The main nav gives you everything you need to stay on top of your tasks. Projects, tools, settings, and more can be found in the main navigation bar.
  • The secondary nav has everything you need that is section-related. Whether you’re working on a project or using a tool, you can find all the related links here. Available as needed.
  • The left sidebar is available in projects and is dedicated to Nodes, allowing you to easily navigate through them, while the right sidebar contains secondary content that you may need to get the job done.

If you’re wondering about the name, Hera Agathon is a character in the Battlestar Galactica universe. She was the first human-Cylon hybrid to exist, also known as “the shape of things to come” before her birth. Hera symbolizes a new era, the future, a way of moving forward, making it the perfect name for Dradis’ new updated layout!

Webhooks

You can now use Webhooks to carry out actions based on events in Gateway. Contributor requests, remediation progress, and project completions can trigger automated actions across your security stack. For example, kick off an onboarding flow when a client submits a project request through Gateway, post Slack updates on new events in Gateway projects, or sync your ticket status across Jira, Azure DevOps, or ServiceNow.

While only Gateway webhooks are supported today, we plan to support other types of events in the very near future!

Issue Library CSV imports

Have an existing library of Issues that you’d like to use in Dradis? You can now upload CSV files to the Issue Library to bulk-import your own set of custom issues. No more tedious copy/pasting or re-formatting. Our support team is still available to help with more complex imports with our concierge service.

Dradis OTP

We have created our own multi-factor authentication integration, Dradis OTP. You are no longer limited to using DuoWeb for MFA. With Dradis OTP, you can create and scan a QR code to use for MFA in whichever authenticator app you use.

Project QA

Many teams love our in-project QA flow for Issues and Content Block, and it’s sparked a good amount of feedback to bring something like this to the project level. Teams want to know which projects are ready for review without opening each project and going to the QA views.

Projects now have overall States that can be customized in BI to fit your team’s unique workflow requirements. The Project State is actually a custom project propery in BI which enables getting project insights by state.

Audit Logging

By popular request, we have added audit logging to Dradis, which tracks activity on a deeper level than the Recent Activity tabs and gathers it in one place. Your logs for the whole Dradis instance are now easily accessible for your security, compliance, and accountability needs. You can even export them to CSV files!

API Improvements

We added a number of API improvements throughout the year, such as adding an endpoint for exporting and downloading reports, as well as adding Node Properties to the Node endpoint. Save time and boost efficiency with the Dradis API, designed to automate repetitive tasks and fit perfectly into your unique workflow.

Looking Ahead

2025 has been a transformative year for Dradis. From the powerful insights unlocked by our Business Intelligence analytics to the intelligence-driven capabilities of Echo, we’ve focused on building features that don’t just add functionality but fundamentally improve how security teams work. Gateway has opened entirely new collaboration possibilities, bringing your clients directly into the platform and streamlining communication in ways that weren’t possible before.

And we’re not slowing down! Our 2026 drawing board is already packed with innovations that will push Dradis even further. We’re excited about what’s coming, and we can’t wait to share it with you as these features take shape.

Thank you for being part of the Dradis community. Your feedback, feature requests, and real-world use cases continue to drive our development priorities. Here’s to an even more productive 2026. 🚀

New in Dradis Pro v4.19

Leave a reply

Introducing Dradis Echo

Now AI integration is available (and entirely optional!) for Dradis. With Dradis Echo, you can deploy your preferred LLM in Ollama – a framework that lets you run LLMs locally, no external connections at all necessary – to work with Dradis. Use it to summarize raw scanner output, rewrite tester notes into executive language, enhance remediation advice, and more!

Webhooks for Dradis Gateway

You can now use Webhooks to carry out actions based on events in Gateway. Contributor requests, remediation progress, and project completions can trigger automated actions across your security stack. For example, kick off an onboarding flow when a client submits a project through Gateway, post Slack updates on new events in Gateway projects, or sync your ticket status across Jira, Azure DevOps, or ServiceNow.

While only Gateway webhooks are supported in Dradis v4.19, we plan to support other types of events in the future!

IssueLibrary improvements

We have also launched a series of improvements to the IssueLibrary. You can now upload CSV files to the IssueLibrary to bulk-import your own set of custom issues. You can bulk-delete issues in the IssueLibrary view. And finally, now when you go to add an IssueLibrary entry to a project, you can see each entry’s QA status, so you don’t import an unreviewed work-in-progress by accident!

Release Notes

  • Editor:
    • Add inline code and highlight code buttons to the toolbar
  • Layout:
    • Improve primary action visibility for Evidence, Issues, Methodologies, Notes, and Node Properties
  • Navigation:
    • Move Trash and Project Configurations in main navigation bar
  • Contributors:
    • Add a dashboard with Gateway, Remediation Tracker, and Notification widgets
  • Hera:
    • Improve primary action visibility and add view description
  • Projects:
    • Add user select-all functionality in project creation
  • Webhooks:
    • Add event-driven webhook implementation
  • Upgraded gems:
    • faraday, rack, rails, uri
  • Bugs fixes:
    • Editor:
      • Add disabled button styling
    • Datatables:
      • Ensure correct record ordering when applying sorting
    • Kits:
      • Restore the functionality of the ‘Add mappings from kit’ option
    • Notifications:
      • Remove the duplicate breadcrumb link shown in project notifications
    • Sidebar:
      • Prevent the toggle button from being covered by the scrollbar
  • New integrations:
    • Webhooks:
      • react to server-side events in your other systems
  • Integration enhancements:
    • Gateway:
      • Add activities tracking
      • Add event instrumentation for webhooks
  • Issue Library:
    • Add bulk delete action for entries
    • Import entries to the library using a CSV file
    • Import published entries to projects when using QA

Not using Dradis Pro?

New in Dradis Pro v4.18

Leave a reply

Business Intelligence Dashboard updates

We get many feature requests about the Business Intelligence Dashboard, and now the first batch is ready! You can now see year-over-year trends of activities and custom properties, and lists of your most common issues across projects. Get a clearer look at changes over time at a glance.

The Mappings Manager lets you keep multiple different mappings for different templates across tools. Now we have also made it easier to copy existing template mappings to new or updated templates when you upload them. When you upload a new Kit, you can select the mappings to apply or copy:

Copy existing mappings to new templates

When you upload a new template (e.g., when you have updated a template and you want to move to the newer version), you can choose to copy existing mappings or to create new ones:

This will get you up and running with updated templates quickly and easily!

Release Notes

  • Activities:
    • Include methodology name in all methodology actions
  • Business Intelligence:
    • Add Custom Properties view
    • Add Dashboard view with Year-Over-Year insights
    • Add sub-navigation
  • Font:
    • Improve font weight consistency for international characters
  • Layout:
    • Add custom error pages
  • Issuelib:
    • Update entry edit UI to match issue edit UI
  • Mappings:
    • Add an option to copy existing mappings when uploading kits or report templates
  • Rails:
    • Upgrade Rails version to 8.0.2.1
  • Ruby:
    • Upgrade Ruby version to 3.4.4
  • Upgraded gems:
    • resque, rexml, selenium-webdriver, thor
  • Bug fixes:
    • Combobox:
      • Prevent forcing the selection of the first available option for multi-select forms
  • Integration enhancements:
    • Azure DevOps:
      • Replace OAuth with Microsoft Entra ID

Not using Dradis Pro?

New in Dradis Pro v4.17

Leave a reply

White-labeling

Admin testers can now add a custom logo and brand color in the Instance Settings view. Contributors will see this logo and color in the Dradis UI, providing a white-labeled experience that reflects your brand identity.

Simply click on the cogwheel to the top right, click Instance Configuration, then White Labeling, and set your preferred logo and brand colour.

Now your Contributor Login page will be branded with your logo and colour scheme.

MITRE ATT&CK calculator

We have added a new MITRE ATT&CK calculator, based on the MITRE ATT&CK matrices for Enterprise, Mobile, and ICS (more details: https://attack.mitre.org/). You can now add MITRE ATT&CK metrics to Issues from the MITRE tab.

Once you select a Tactic, the calculator will load the associated list of Techniques, followed by Sub-Techniques based on your selection. You can include Enterprise, Mobile, and ICS data all within the same Issue.

Additionally, the calculator is available as a standalone tool from the Tools menu in the top navigation bar.

Kit downloads

Report templates can now be downloaded as a Kit, including report template properties and mappings. This makes it easier to share and reuse report templates while maintaining all of the associated context.

Release Notes

  • Activation:
    • Add offline activation option for when online activation fails
  • Active project cards:
    • Display the most recently updated Methodology
    • Render empty states instead of hiding content
  • Admin settings:
    • Add ability to white label contributor-facing views
    • Update UI to match other settings-related UIs
  • Analyzer:
    • Add support for multi-word fields
  • Calculators:
    • Add MITRE ATT&CK
  • Contributors:
    • Use Contributor login by default
  • Hera:
    • Update brand colors
    • Add sub-navigation icons to improve consistency
  • Jobs:
    • Add /jobs view to view and manage background jobs
  • Logs:
    • Update logs to use string UIDs
  • Mailer:
    • Fix email footer incorrectly redirecting to tester login
  • Profile:
    • Add click-to-reveal functionality for the API token
  • Report Templates:
    • Add option to download a kit for each report template
  • Upgraded gems:
    • nokogiri
  • Bugs fixes:
    • Avatars:
      • Fix avatars disappearing after enabling/disabling an integration
    • Calculators:
      • Render Calculator links in tools menu
    • Quote Selector:
      • Scroll to comment box in Safari after selecting quote content
  • Word:
    • Only process scoped issues in node content controls
    • Don’t create an analytics event when validating the project
  • Integration enhancements:
    • Gateway:
      • Add dynamic project title to Ares theme
    • Issue Library:
      • Update issues import to be more consistent with the table search
    • LDAP:
      • Enable installation and editable configuration through the Tool Manager
    • Nessus:
      • Ignore entries that have blank values
    • SAML:
      • Add name_identifier_format in the config generator and default to ’emailAddress’ instead of ‘unspecified’
  • Reporting enhancements:
    • Adjust the default styles for unordered bulleted lists
    • Excel:
      • Track failed job states using JobTracker
    • Filters:
      • Fix filters with double quotes (“) not catching the correct values
    • Word:
      • Track failed job states using JobTracker
  • REST/JSON API enhancements:
    • Export: Add endpoints for exporting and downloading Word/Excel reports
    • Upload: Add endpoint for uploading tool outputs

    Not using Dradis Pro?

    New in Dradis Pro v4.16

    Leave a reply

    New visual redesign

    Our designers have been working to completely overhaul the application interface to be more modern and integrated. Both the main interface and the individual projects view now use the same visual style, and you have access to all the application’s sections from the project view, so now you can go straight to your mappings or IssueLibrary from your project, rather than having to go through the Dashboard first.

    Gateway Services and Questionnaires

    As we continue to improve the features and possibilities of the Dradis Gateway, we have now created a new Services section of the portal. Here you can create questionnaires, which you can then send to Gateway Contributors. For example, you could use a questionnaire to establish the scope and goals of a penetration test before starting a Dradis project for them. On the basis of their responses, you can create a new project for their team right from the questionnaire results.

    MFA with one-time passcodes

    We have now created our own multi-factor authentication integration, Dradis OTP. You are no longer limited to using DuoWeb for free MFA in Dradis. With Dradis OTP, you can create and scan a QR code to use for MFA in whichever MFA app you prefer.

    Audit logging

    By popular request, we have created the Dradis Audit integration, which tracks activity in Dradis on a deeper level than the Recent Activity tabs and gathers it in one place. Your logs for the whole Dradis instance are now easily accessible for your security, compliance, and accountability needs.

    Release Notes

    • Contributors:
      • Add an intermediate login page to prevent Microsoft Safe Links from consuming the one-time token
      • Add Notification Settings link
    • Forms: Add a combobox for selecting, filtering, and creating options
    • Hera: Add new layout with redesigned navigation
    • Navigation: Replace Turbolinks with Hotwire
    • QA:
      • Add project states and QA stats in the active projects card
      • Add View History link when viewing Issues/Content blocks
      • Add a ‘Reviewer’ role for publishing Issues/Content blocks
      • Automatically go to the next record after reviewing
    • Revisions: Show state changes in the revisions view
    • Usage Tracking: Track the choice of toggling on/off
    • Upgraded gems:
      • capybara, mysql2, net-imap, nokogiri, paper_trail, rack, rails, rails-html-sanitizer, rexml, rspec-rails, selenium-webdriver
    • Bug fixes:
      • Report Templates: Make the uploaded template available in the “copy template properties” select menu for subsequent template uploads
    • New integrations:
      • Dradis Pro OTP: two-factor authentication using OTP
      • Dradis Pro Audit: enable tracking of key actions for improved visibility and compliance
    • Integration enhancements:
      • Azure DevOps: Add support for ‘Iteration Path’ and ‘Tags’ fields
      • Burp: Fix HTML importer associating issues in the wrong node
      • Dradis Plugins: Default to ‘Draft’ state on tool upload
      • Gateway:
        • Add overview of projects using active project cards
        • Services: Implement Services and Questionnaires to initiate a pre-project process
      • Issuelib: Update syntax of default entries
      • Netsparker: Add support for Additional Websites as nodes
      • Nexpose: Fix UnorderedList/OrderedList formatting to work with Textile
      • PDF Export: Add table of contents
    • Reporting enhancements:
      • Export: Default export button to ‘All’ if all records in project are in ‘draft’ state
      • Word: Fix links containing special characters by no longer double escaping
    • REST/JSON API enhancements:
      • Nodes: include Node properties

    Not using Dradis Pro?

    Redesigning Dradis: A Fresh Look for a Better Navigation and Consistency

    Leave a reply

    Dradis has been a trusted tool in the pentesting world for over 15 years. Many changes, features, and components have been added during that period, all with a single goal: 

    Offer the best possible product to our users.

    However, as the platform evolved, the growing number of links and navigation layers made the layout feel more complex than we’d like. That’s why we’ve decided it’s time for a refresh.

    Enter Hera

    Pronounced /ˈhɪərə/, Hera Agathon is a character in the Battlestar Galactica universe. She was the first human-Cylon hybrid to exist, also known as “Shape of things to come” before her birth. Hera symbolizes a new era, the future, a way of moving forward, making it the perfect name for Dradis’ new updated layout!

    Our main goal with this: make Dradis easier to navigate, give it a fresh look, and ensure a unified layout that feels consistent and intuitive.

    The New Navigation Architecture

    Navigation should be effortless and intuitive. You shouldn’t have to dig through menus or search for the pages you need. Everything important should be visible and easily accessible. That’s why the navigation system was the first thing we looked into. The new architecture brings cohesion and structure, making it easier to focus on your tasks. That said, Dradis is a sophisticated, and powerful platform, and as Tesler’s Law reminds us:

    “For any system there is a certain amount of complexity that cannot be reduced.”

    So as it was impossible to narrow down everything into a single navigation bar, we split the main navigation system into two horizontal menus, and two fully collapsible sidebars; because we know you need the space!

    • Main navigation: everything you need to stay on top of your tasks. From projects, to tools, to settings, can be found in the main navigation bar. Can be accessed from all pages.
    • Secondary navigation: everything you need that is section-related. Whether you’re working on a project, or using a tool, you can find all the related links here. Available as needed!
    • Left sidebar: dedicated to Nodes, allowing you to easily navigate through them.
    • Right sidebar: secondary sidebar for all your, well, secondary content. Everything that you could additionally need, but not necessarily.
    Main and Secondary navigation (project)
    Main and Secondary navigation (Gateway)
    Sidebars open
    Sidebars closed

    A Fresh, Modern Look

    Goodbye Grey, Hello White

    We’ve also given Dradis a visual refresh to match its improved functionality. The new design is clean, modern, and easy on the eyes. Dradis now has a single unified layout that allows you to effortlessly navigate through all its sections, without feeling like you’re using two different applications.

    Dradis Pro: Project overview
    Dradis Pro: Projects
    Dradis CE: Upload
    Dradis CE: Issue

    What’s Next?

    While the navigation and visual updates are exciting, we’re not stopping there!

    We’re also focusing on streamlining the editing experience to reduce friction and make content editing faster and easier. We’re looking into your feedback to design workflows tailored to specific tasks, so you can complete your work more efficiently. And – we’re doing all that while focusing on continuously improving usability.

    Dradis is continuously evolving to meet your needs, with a focus on functionality, consistency, and usability.

    Whether you’re a pentester, a manager, or anyone using Dradis for that matter, these updates are designed to help you do your job faster and with less frustration.

    We can’t wait for you to experience the new Dradis. Let us know what you think!

    What We’re Watching at Black Hat Asia 2025 (And Where to Find Dradis)

    Leave a reply

    We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

    Catch us here:

    🧪 Dradis @ Black Hat Arsenal  
    Business Hall – Arsenal Station 3
    📅 April 3, 10:05am-11:20am

    Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

    📍 See our Arsenal session

    When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

    🔐 Briefings We’re Watching

    🚗 DriveThru Car Hacking: Fast Food, Faster Data Breach

    Speakers: Alina Tan, George Chen, et al
    Tracks: Privacy, Network Security
    A real-world case study of how a popular drive-thru system was compromised—leading to credential theft, data exfiltration, and a full system takeover. (Search the schedule page for the talk title)

    Link: https://www.blackhat.com/asia-25/briefings/schedule/#drivethru-car-hacking-fast-food-faster-data-breach-43514

    🧠 Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots

    Speaker: Allyn Stott
    Tracks: AI, Threat Hunting
    Learn how to detect and respond to attacks on GenAI chatbots, including jailbreaks, prompt leaks, and advanced threat scenarios targeting language model behaviors.

    Link: https://www.blackhat.com/asia-25/briefings/schedule/#tinker-tailor-llm-spy-investigate–respond-to-attacks-on-genai-chatbots-44556

    ☁️ The Illusion of Isolation: How Isolation Failures in CI/CD Servers Lead to RCE

    Speakers: Tian Zhou, Yiwen Wang
    Tracks: Enterprise Security, Application Security
    Demonstrates real-world RCE attacks exploiting shared resources in CI/CD environments. Focuses on sandbox bypasses, namespace collisions, and cross-tenant abuse.

    Link: https://www.blackhat.com/asia-25/briefings/schedule/#the-illusion-of-isolation-how-isolation-failures-in-cicd-servers-lead-to-rce-and-privacy-risks-43618

    🚀 Unveiling the Mysteries of Qualcomm’s QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering

    Speaker: Alisa Esage
    Track: Reverse Engineering
    An advanced reverse engineering walkthrough using QDSP6 JTAG on Qualcomm SoCs. Details undocumented memory regions, interface access, and mobile firmware analysis.

    Link: https://www.blackhat.com/asia-25/briefings/schedule/#unveiling-the-mysteries-of-qualcomms-qdsp-jtag-a-journey-into-advanced-theoretical-reverse-engineering-44550

    📱 Watch Your Phone: USB-Based File Access Attacks Against Mobile Devices

    Speakers: Florian Draschbacher, Lukas Maar
    Tracks: Mobile, Exploit Dev
    A look at how attackers can access sensitive data on Android phones simply by connecting over USB—even when locked. Includes analysis of newly discovered file access vectors.

    Link: https://www.blackhat.com/asia-25/briefings/schedule/#watch-your-phone-novel-usb-based-file-access-attacks-against-mobile-devices-43262

    🔥 One Bug to Rule Them All: Preauth RCE on Windows Server 2025

    Speakers: Zhiniang Peng, Lewis Lee
    Tracks: Exploit Dev, Platform Security
    Explores a novel pre-auth remote code execution vulnerability affecting Windows Server 2025, with a reliable exploitation chain and working proof of concept.

    Link: https://www.blackhat.com/asia-25/briefings/schedule/#one-bug-to-rule-them-all-stably-exploiting-a-preauth-rce-vulnerability-on-windows-server–44144

    🎓 Trainings Worth Highlighting

    🧬 A Complete Practical Approach to Malware Analysis and Threat Hunting Using Memory Forensics (Online)

    Trainers: Monnappa K A & Sajan Shetty
    Great for anyone bridging DFIR and reverse engineering in incident response.

    Link: https://www.blackhat.com/asia-25/training/schedule/index.html#a-complete-practical-approach-to-malware-analysis-and-threat-hunting-using-memory-forensics—-edition-online–42806

    🔐 Advanced Infrastructure Hacking

    Trainer: NotSoSecure / Tiago Carvalho
    Packed with practical labs for seasoned pentesters focusing on modern networks.

    Link: https://www.blackhat.com/asia-25/training/schedule/index.html#advanced-infrastructure-hacking–42864

    🤖 AI Red Teaming in Practice

    Trainers: Gary Lopez, Dr. Amanda Minnich (Microsoft AI Red Team)
    Learn how real AI systems get attacked—and how Microsoft red teams fight back.

    Link: https://www.blackhat.com/asia-25/training/schedule/index.html#ai-red-teaming-in-practice–43046

    🧑‍💼 From the Executive Summit

    🧠 Accelerating ML SecOps: Breaking Barriers, Fueling Innovation

    Speaker: Andrew Chen
    The opening keynote for the AI Summit—and a great signal on where the field is heading.

    Link: https://www.blackhat.com/asia-25/summit-sessions/schedule/index.html#opening-keynote–accelerating-ml-secops-breaking-barriers-fueling-innovation-44566

    💸 The War Against State Actors: Bleeding Edge Techniques Targeting Financial Services

    Speaker: Vivek Ramachandran
    If you’re defending high-value financial infrastructure, don’t miss this.

    Link: https://www.blackhat.com/asia-25/summit-sessions/schedule/index.html#the-war-against-state-actors-bleeding-edge-techniques-targeting-financial-services-44898

    🤖 LLM Firewalls: Are They the Future of AI Security?

    Speakers: Matthias Chin, Xiaojun Jia
    Fireside chat on securing AI models with perimeter-style defenses—what works, what’s hype?

    Link: https://www.blackhat.com/asia-25/summit-sessions/schedule/index.html#fireside-chat–llm-firewalls-are-they-the-future-of-ai-security-44576

    👋 Come say ‘Hi’

    If your team is tired of copying and pasting findings, fighting with Word templates, or working in silos—come see how Dradis makes reporting and collaboration painless.

    📍 Dradis @ Arsenal
    📅 Thursday, April 3 | 10:05am-11:20am
    🔗 Event link

    New in Dradis Pro v4.15

    Leave a reply

    We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

    Catch us here:

    🧪 Dradis @ Black Hat Arsenal  
    Business Hall – Arsenal Station 3
    📅 April 3, 10:05am-11:20am

    Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

    📍 See our Arsenal session

    When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

    Cross-references in Word reports

    A frequent report template request is being able to cross-reference Issues, so that you can have a summary table of issues in one part of the finished report that links to each full Issue description later in the report. Previously we have implemented this using VBA macros; now you can do it right in the Word template using content controls, no VBA needed!

    You can create links in summary tables, or even refer to specific issues in other blocks of text (such as Content Blocks) with links directly to each individual issue you want to reference. For example, maybe you have a “Most urgent issues” content block? Now you can refer to those individual issues with links in text.

    Reach out to us if you would like us to implement cross-referencing in your Word report templates, or if you currently have a VBA macro implementation of cross-referencing that you want to replace with the built-in cross-referencing feature.

    Custom Tag Order

    You have been able to customise tags in Dradis for a while; now you can sort them dynamically as well. For example, maybe you have your own custom “Resolved” tag as well as your typical High/Medium/Low tags, and you want Resolved issues sorted first. Now you can do that! Change your mind and want to see High issues first? Re-order the tags and you’re done.

    Kit Updates

    We refreshed our built-in Kits with updated templates for reports, projects, issues, and more. We also included integration mappings and rules, along with an OWASP Top 10 methodology update.

    Kits can be deployed immediately on an instance (no upload required) and can be used immediately with some tool output for which mappings are included. Other tweaks like CVSSv4 support are also included.

    Release Notes

    • Projects: Add `Owner` column to projects data table
    • Tags: Add custom ordering
    • Welcome Kit:
      • Add HTML report template
      • Add issue and evidence templates
      • Add integration mappings
      • Add project template
      • Add rules for Rules Engine
      • Update OWASP Top 10 methodology to latest version (2021)
      • Update report templates
    • Upgraded gems: net-scp, net-ssh, rexml
    • Bug fixes:
      • Dashboard: refresh cache on recent project changes
      • Word export: allow charts to be edited post-export
    • Integration enhancements:
      • Gateway: Process Liquid in content block, evidence, issue and note text by default when rendering template
      • SAML: Bump ruby-saml dependency to 1.17
    • Reporting enhancements:
      • Word:
        • Add support for cross-references
        • Add support for mismatched nested lists
    • Security Fixes:
      • High: Authenticated (author) persistent cross-site scripting

    Not using Dradis Pro?

    A Year of Updates [2024] – Dradis Pro

    Leave a reply

    Dradis exists to give pentesting teams more time to do what they do best, cutting the busywork from cybersecurity projects by automating pentest reporting and streamlining collaboration.

    To achieve this, we’re continually improving the product. Fixing bugs and adding/improving features. 

    Let’s look back on the updates that shaped Dradis Pro in 2024. From major feature rollouts to smaller, user-requested enhancements, our focus remained on delivering tools that help streamline workflows and improve reporting efficiency.

    v4.12: Enhanced Mappings Manager and CVSSv4 Support

    Released in May 2024

    • Overhauled Mappings Manager: We’ve revamped the Mappings Manager to associate configurations directly with specific report templates and their properties. This change allows for distinct plugin mappings tailored to each report template, streamlining your reporting process.
    • CVSSv4 Calculator Integration: Responding to user feedback, we’ve integrated a CVSSv4 calculator into Dradis Pro. You can now assess vulnerabilities using CVSSv4, with the flexibility to include outputs from multiple calculator versions within the same issue.
    • API Enhancements for Attachments: The API now provides additional functionalities for attachments, including access to size, creation date, and direct download links, enhancing automation and integration capabilities.
    • Official AWS and Azure Support: Our Dradis images for AWS and Azure have transitioned from beta to officially supported status, ensuring reliable deployments when following our documented methods.

    v4.13: Advanced Liquid Support and Scheduler Integration

    Released in August 2024

    • Expanded Liquid Functionality: We’ve broadened Liquid support, making Liquid drops available at more levels. This enhancement enables dynamic content generation, such as auto-generated executive summaries that summarize recommendations based on issue severity and evidence locations.
    • Project Scheduler Calendar Integration: The Project Scheduler now offers secure links to .ics files, facilitating integration with third-party calendar applications like Outlook, Thunderbird, and Apple Calendar. This feature ensures seamless scheduling and project management across platforms.
    • Auto-Detection of Word Report Template Properties: To simplify template configuration, Dradis Pro can now auto-detect report template properties upon template upload. This automation reduces manual setup, ensuring accurate project generation, validation, and export.

    v4.14: Issue Library Synchronization and Quality Assurance

    Released in October 2024

    • Synchronized Issues and Issue Library Entries: We’ve introduced synchronization between project issues and Issue Library entries. This feature allows for real-time updates and consistency, enabling you to sync content between associated issues and library entries seamlessly.
    • Quality Assurance for Issue Library: A new QA view for the Issue Library lets you review, edit, and manage entries with version history tracking. This addition ensures that reusable issues maintain high quality and consistency across projects.
    • Liquid Support for Issue Sorting Fields: We’ve added Liquid support for issue sorting fields, allowing you to use Liquid code within sorting fields without affecting the sort order. The evaluated result of the Liquid code determines the sorting, providing dynamic and customized report organization.

    v4.15 – the latest release

    We’ve continued releasing updates in 2025, here’s an overview of our latest release:

    🔑 What’s New in v4.15:

    • Cross-Reference Links: Automatically generate links in Word reports for better navigation.
    • Custom Tag Sorting: Sort Issues by Tags in a custom order to prioritize what matters most.
    • Updated Built-In Kits: Access refreshed templates for reports, projects, issues, and more.

    Check out the full release notes.

    Not using Dradis Pro?