Report templates

Screenshot showing the methodology in use in a project

Advanced Word example

Use Dradis notes for your conclusions, sort your findings by severity, make use of document properties for things like project and client name, etc.

References

Advanced reporting: filters, groups and properties (video)

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

A fancy HTML report

Not everything is Word! You can create comprehensive HTML reports with charts and detailed issue descriptions.

Resources

Creating HTML reports

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

A simple report

A really simple, "no frills" report template that covers the basic reporting capabilities.

References

Creating Word reports with DradisReports (video)

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

From Nessus to Word: a hands-on-example

Start from a Nessus XML output file and convert it into a custom Word document with whatever branding you want.

References

From Nessus to Word: a hands-on-example

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

Grouping and filtering

Learn how to group your issues and filter and sort them by priority.

References

DradisReports: note filtering and grouping

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

Reporting by host, reporting by issue

Learn how to create reports where you not only provide a list of findings but also a list of which findings affect what hosts and the evidence associated with each instance.

References

Reporting by host, reporting by issue

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

Tables with custom styles

Learn how to create custom table styles for your reports.

Export your Dradis tables into beautiful Word tables.

References

Tables with custom styles guide

Published by: Security Roots Ltd.

Testing methodology

Screenshot showing the methodology in use in a project

OSSTMM v3

Follow the Open Source Security Testing Methodology Manual in your projects.

Reference

OSSTMM

Published by: Kevin Stagat

Screenshot showing the methodology in use in a project

OWASP Top 10 - 2013 rc

Featuring the latest OWASP Top 10 release candidate list.

References

OWASP Top 10 2013

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

OWASP web testing

A bit of everything, from information gathering to card payments and HTML 5.

References

OWASP: Web Application Security Testing Cheat Sheet

Published by: ScotSTS

Screenshot showing the methodology in use in a project

SANS SWAT checklist

The SWAT Checklist from SANS Securing the App is meant to be the first step toward building a base of secure knowledge around web application security.

References

Securing Web Application Technologies [SWAT] Checklist SANS SWAT poster (.pdf)

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

Web Application Hacker's Handbook Checklist

Straight from the webapp security bible, this is a checklist of the tasks you typically need to perform when carrying out a comprehensive attack against a web application.

References

The Web Application Hacker's Handbook website

Published by: Security Roots Ltd.

Compliance package

Screenshot showing the methodology in use in a project

Penetration Testing Execution Standard (PTES)

It is a standard designed to provide businesses and security service providers with a common language and scope for performing penetration testing.

References

PTES compliance package details

PTES official wiki

Published by: Security Roots Ltd.

Screenshot showing the methodology in use in a project

The OWASP Testing Guide v4

The OWASP testing guide is one of the most commonly used standards for web application penetration testing and testing software throughout the development life cycle.

The testing framework was created to help people understand how, where, when, why, and where to test web applications.


References

The OWASP Testing Guide v4 compliance package details

OWASP Testing Guide official site

Published by: Security Roots Ltd.