Dradis Cheat Blatt¶
Überblick¶
Dradis ist eine Open-Source-Kollaboration und Reporting-Plattform für Informationssicherheitsteams. Es bietet einen zentralen Standort für die Speicherung, Organisation und Weitergabe von Sicherheitsbewertungsergebnissen, so dass Teams während Penetrationstests, Sicherheitsbewertungen und Sicherheitsaudits zusammenarbeiten können. Dradis hilft, den Reporting-Prozess zu optimieren, indem es mehreren Teammitgliedern ermöglicht, gleichzeitig Ergebnisse zu erzielen und professionelle Berichte in verschiedenen Formaten zu erstellen. Die Plattform unterstützt die Integration mit beliebten Sicherheitstools und bietet einen strukturierten Ansatz zur Verwaltung von Sicherheitsbewertungsdaten im gesamten Testlebenszyklus.
ZEIT Important: Dradis enthält sensible Sicherheitsinformationen und sollte in einer sicheren Umgebung mit richtigen Zugriffskontrollen, Verschlüsselung und Backup-Prozeduren eingesetzt werden. Befolgen Sie immer die Datenverarbeitungsrichtlinien Ihrer Organisation, wenn Sie Dradis für Sicherheitsbewertungen verwenden.
Installation¶
Docker Installation (empfohlen)¶
Schnellstart mit Docker Compose¶
```bash
Create project directory¶
mkdir dradis-deployment && cd dradis-deployment
Create docker-compose.yml¶
cat > docker-compose.yml << 'EOF' version: '3.8'
services: dradis: image: dradis/dradis-ce:latest ports: - "3000:3000" environment: - RAILS_ENV=production - SECRET_KEY_BASE=your_secret_key_here_change_this - DRADIS_SETUP_PASSWORD=admin123 volumes: - dradis_data:/opt/dradis-ce/shared - dradis_logs:/opt/dradis-ce/log restart: unless-stopped depends_on: - redis - postgres
redis: image: redis:7-alpine volumes: - redis_data:/data restart: unless-stopped
postgres: image: postgres:15-alpine environment: - POSTGRES_DB=dradis_production - POSTGRES_USER=dradis - POSTGRES_PASSWORD=dradis_password_change_this volumes: - postgres_data:/var/lib/postgresql/data restart: unless-stopped
volumes: dradis_data: dradis_logs: redis_data: postgres_data: EOF
Generate secure secret key¶
SECRET_KEY=\((openssl rand -hex 64) sed -i "s/your_secret_key_here_change_this/\)SECRET_KEY/" docker-compose.yml
Start Dradis¶
docker-compose up -d
Check status¶
docker-compose ps
View logs¶
docker-compose logs -f dradis
Access Dradis at http://localhost:3000¶
echo "Dradis is available at: http://localhost:3000" echo "Default credentials: admin / admin123" ```_
Stehende Docker Installation¶
```bash
Pull latest Dradis image¶
docker pull dradis/dradis-ce:latest
Run Dradis with SQLite (development/testing)¶
docker run -d \ --name dradis \ -p 3000:3000 \ -e RAILS_ENV=production \ -e SECRET_KEY_BASE=$(openssl rand -hex 64) \ -e DRADIS_SETUP_PASSWORD=admin123 \ -v dradis_data:/opt/dradis-ce/shared \ dradis/dradis-ce:latest
Check container status¶
docker ps|grep dradis
View container logs¶
docker logs -f dradis
Access container shell¶
docker exec -it dradis bash
Stop and remove container¶
docker stop dradis && docker rm dradis ```_
Manuelle Installation¶
Ubuntu/Debian Installation¶
```bash
Update system¶
sudo apt update && sudo apt upgrade -y
Install dependencies¶
sudo apt install -y git curl build-essential libssl-dev libreadline-dev \ zlib1g-dev libsqlite3-dev libxml2-dev libxslt1-dev libcurl4-openssl-dev \ software-properties-common libffi-dev nodejs npm postgresql postgresql-contrib \ redis-server
Install Ruby via rbenv¶
curl -fsSL https://github.com/rbenv/rbenv-installer/raw/HEAD/bin/rbenv-installer|bash echo 'export PATH="\(HOME/.rbenv/bin:\)PATH"' >> ~/.bashrc echo 'eval "$(rbenv init -)"' >> ~/.bashrc source ~/.bashrc
Install Ruby 3.1.0¶
rbenv install 3.1.0 rbenv global 3.1.0
Verify Ruby installation¶
ruby --version gem --version
Clone Dradis repository¶
git clone https://github.com/dradis/dradis-ce.git cd dradis-ce
Install bundler¶
gem install bundler
Install dependencies¶
bundle install
Setup database¶
bundle exec rake db:setup
Start Dradis¶
bundle exec rails server -b 0.0.0.0 -p 3000
Access Dradis at http://localhost:3000¶
```_
CentOS/RHEL Installation¶
```bash
Install EPEL repository¶
sudo yum install -y epel-release
Install dependencies¶
sudo yum groupinstall -y "Development Tools" sudo yum install -y git curl openssl-devel readline-devel zlib-devel \ sqlite-devel libxml2-devel libxslt-devel libcurl-devel nodejs npm \ postgresql-server postgresql-contrib redis
Initialize PostgreSQL¶
sudo postgresql-setup initdb sudo systemctl enable postgresql redis sudo systemctl start postgresql redis
Install Ruby via rbenv¶
curl -fsSL https://github.com/rbenv/rbenv-installer/raw/HEAD/bin/rbenv-installer|bash echo 'export PATH="\(HOME/.rbenv/bin:\)PATH"' >> ~/.bashrc echo 'eval "$(rbenv init -)"' >> ~/.bashrc source ~/.bashrc
Install Ruby and continue with Dradis setup¶
rbenv install 3.1.0 rbenv global 3.1.0
Clone and setup Dradis (same as Ubuntu)¶
git clone https://github.com/dradis/dradis-ce.git cd dradis-ce gem install bundler bundle install bundle exec rake db:setup bundle exec rails server -b 0.0.0.0 -p 3000 ```_
macOS Installation¶
```bash
Install Homebrew (if not already installed)¶
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Install dependencies¶
brew install git ruby postgresql redis nodejs npm
Start services¶
brew services start postgresql brew services start redis
Clone Dradis repository¶
git clone https://github.com/dradis/dradis-ce.git cd dradis-ce
Install bundler and dependencies¶
gem install bundler bundle install
Setup database¶
bundle exec rake db:setup
Start Dradis¶
bundle exec rails server -b 0.0.0.0 -p 3000 ```_
Produktionsentwicklung¶
Nginx Reverse Proxy Konfiguration¶
```bash
Install Nginx¶
sudo apt install -y nginx
Create Dradis site configuration¶
sudo tee /etc/nginx/sites-available/dradis << 'EOF' upstream dradis \\{ server 127.0.0.1:3000; \\}
server \\{ listen 80; server_name dradis.company.com; return 301 https://\(server_name\)request_uri; \\}
server \\{ listen 443 ssl http2; server_name dradis.company.com;
ssl_certificate /etc/ssl/certs/dradis.crt;
ssl_certificate_key /etc/ssl/private/dradis.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
client_max_body_size 100M;
location / \\\\{
proxy_pass http://dradis;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
\\\\}
location /cable \\\\{
proxy_pass http://dradis;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
\\\\}
\\} EOF
Enable site¶
sudo ln -s /etc/nginx/sites-available/dradis /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx ```_
Systemed Service Konfiguration¶
```bash
Create systemd service file¶
sudo tee /etc/systemd/system/dradis.service << 'EOF' [Unit] Description=Dradis Security Collaboration Platform After=network.target postgresql.service redis.service Requires=postgresql.service redis.service
[Service] Type=simple User=dradis Group=dradis WorkingDirectory=/opt/dradis-ce Environment=RAILS_ENV=production Environment=SECRET_KEY_BASE=your_secret_key_here ExecStart=/home/dradis/.rbenv/shims/bundle exec rails server -b 127.0.0.1 -p 3000 Restart=always RestartSec=10
[Install] WantedBy=multi-user.target EOF
Create dradis user¶
sudo useradd -r -s /bin/bash -d /home/dradis -m dradis
Move Dradis to /opt and set permissions¶
sudo mv dradis-ce /opt/ sudo chown -R dradis:dradis /opt/dradis-ce
Enable and start service¶
sudo systemctl daemon-reload sudo systemctl enable dradis sudo systemctl start dradis
Check service status¶
sudo systemctl status dradis ```_
Basisnutzung¶
Initial Setup und Konfiguration¶
```bash
Access Dradis web interface¶
Navigate to http://localhost:3000¶
First-time setup (via web interface)¶
1. Create admin account¶
2. Configure team settings¶
3. Set up project templates¶
4. Configure integrations¶
Command line setup (alternative)¶
cd /opt/dradis-ce
Create admin user¶
bundle exec rails console
User.create!(email: 'admin@company.com', password: 'secure_password', admin: true) exit
Reset admin password¶
bundle exec rake dradis:reset_password[admin@company.com]
Check application status¶
bundle exec rails runner "puts 'Dradis is running: ' + (Rails.application.initialized? ? 'Yes' : 'No')" ```_
Projektleitung¶
```bash
Create new project (via API)¶
curl -X POST http://localhost:3000/api/projects \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "project": \\{ "name": "Acme Corp Penetration Test", "description": "Annual penetration test for Acme Corporation" \\} \\}'
List projects¶
curl -X GET http://localhost:3000/api/projects \ -H "Authorization: Token YOUR_API_TOKEN"
Export project¶
curl -X GET http://localhost:3000/api/projects/1/export \ -H "Authorization: Token YOUR_API_TOKEN" \ -o project_export.xml
Import project¶
curl -X POST http://localhost:3000/api/projects/import \ -H "Authorization: Token YOUR_API_TOKEN" \ -F "file=@project_export.xml" ```_
Node- und Ausgabemanagement¶
```bash
Create node (target/host)¶
curl -X POST http://localhost:3000/api/projects/1/nodes \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "node": \\{ "label": "Web Server", "type_id": 1, "parent_id": null, "position": 1 \\} \\}'
Create issue¶
curl -X POST http://localhost:3000/api/projects/1/issues \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "issue": \\{ "title": "SQL Injection Vulnerability", "text": "A SQL injection vulnerability was identified in the login form..." \\} \\}'
Create evidence (link issue to node)¶
curl -X POST http://localhost:3000/api/projects/1/nodes/1/evidence \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "evidence": \\{ "issue_id": 1, "content": "Evidence of SQL injection on login form..." \\} \\}'
List issues¶
curl -X GET http://localhost:3000/api/projects/1/issues \ -H "Authorization: Token YOUR_API_TOKEN"
Update issue¶
curl -X PUT http://localhost:3000/api/projects/1/issues/1 \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "issue": \\{ "title": "Critical SQL Injection Vulnerability", "text": "Updated description with additional details..." \\} \\}' ```_
Bericht Generation¶
```bash
Generate HTML report¶
curl -X POST http://localhost:3000/api/projects/1/reports \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "report": \\{ "template": "html_export", "format": "html" \\} \\}' \ -o report.html
Generate PDF report¶
curl -X POST http://localhost:3000/api/projects/1/reports \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "report": \\{ "template": "word_export", "format": "pdf" \\} \\}' \ -o report.pdf
Generate Word document¶
curl -X POST http://localhost:3000/api/projects/1/reports \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "report": \\{ "template": "word_export", "format": "docx" \\} \\}' \ -o report.docx
Generate Excel report¶
curl -X POST http://localhost:3000/api/projects/1/reports \ -H "Content-Type: application/json" \ -H "Authorization: Token YOUR_API_TOKEN" \ -d '\\{ "report": \\{ "template": "excel_export", "format": "xlsx" \\} \\}' \ -o report.xlsx ```_
Erweiterte Konfiguration¶
Benutzerdefinierte Vorlagen¶
```bash
Create custom report template directory¶
mkdir -p /opt/dradis-ce/templates/reports/custom_template
Create template configuration¶
cat > /opt/dradis-ce/templates/reports/custom_template/template.yml << 'EOF' name: Custom Penetration Test Report description: Custom template for penetration testing reports author: Security Team version: 1.0
sections: - executive_summary - methodology - findings - recommendations - appendices
formats: - html - pdf - docx EOF
Create HTML template¶
cat > /opt/dradis-ce/templates/reports/custom_template/template.html.erb << 'EOF'
``<%= @project.name %>``
Security Assessment Report
Generated on: <%= Date.current.strftime("%B %d, %Y") %>
Executive Summary
This report presents the findings of the security assessment conducted for ``<%= @project.name %>``.
Summary of Findings
- Critical: ``<%= @issues.select \\\{|i|i.severity == 'Critical' \\\}.count %>``
- High: ``<%= @issues.select \\\{|i|i.severity == 'High' \\\}.count %>``
- Medium: ``<%= @issues.select \\\{|i|i.severity == 'Medium' \\\}.count %>``
- Low: ``<%= @issues.select \\\{|i|i.severity == 'Low' \\\}.count %>``
Detailed Findings
``<% @issues.each do|issue|%>``<%= issue.title %>
Severity: <%= issue.severity %>
Evidence
<% issue.evidence.each do|evidence|%>Recommendations
Based on the findings, the following recommendations are provided:
- Address all critical and high severity vulnerabilities immediately
- Implement a regular security testing program
- Provide security awareness training to development teams
- Establish secure coding practices and guidelines
EOF
Restart Dradis to load new template¶
sudo systemctl restart dradis ```_
Plugin Konfiguration¶
```bash
Configure Nmap plugin¶
cat > /opt/dradis-ce/config/plugins/nmap.yml << 'EOF' enabled: true settings: default_node_type: "Host" create_services: true create_os_info: true import_screenshots: true EOF
Configure Nessus plugin¶
cat > /opt/dradis-ce/config/plugins/nessus.yml << 'EOF' enabled: true settings: default_node_type: "Host" create_services: true severity_mapping: "Critical": "Critical" "High": "High" "Medium": "Medium" "Low": "Low" "Info": "Info" EOF
Configure Burp Suite plugin¶
cat > /opt/dradis-ce/config/plugins/burp.yml << 'EOF' enabled: true settings: default_node_type: "Web Application" import_requests: true import_responses: true severity_mapping: "High": "High" "Medium": "Medium" "Low": "Low" "Information": "Info" EOF
Restart Dradis to apply plugin configuration¶
sudo systemctl restart dradis ```_
Datenbankkonfiguration¶
```bash
Configure PostgreSQL for production¶
sudo -u postgres psql << 'EOF' CREATE DATABASE dradis_production; CREATE USER dradis WITH PASSWORD 'secure_password'; GRANT ALL PRIVILEGES ON DATABASE dradis_production TO dradis; \q EOF
Update database configuration¶
cat > /opt/dradis-ce/config/database.yml << 'EOF' production: adapter: postgresql encoding: unicode database: dradis_production pool: 5 username: dradis password: secure_password host: localhost port: 5432 EOF
Run database migrations¶
cd /opt/dradis-ce RAILS_ENV=production bundle exec rake db:migrate
Create database backup script¶
cat > /opt/dradis-ce/scripts/backup_database.sh << 'EOF'
!/bin/bash¶
BACKUP_DIR="/opt/dradis-backups" DATE=\((date +%Y%m%d_%H%M%S) BACKUP_FILE="\)BACKUP_DIR/dradis_backup_$DATE.sql"
mkdir -p "$BACKUP_DIR"
pg_dump -h localhost -U dradis -d dradis_production > "$BACKUP_FILE"
Compress backup¶
gzip "$BACKUP_FILE"
Keep only last 30 days of backups¶
find "$BACKUP_DIR" -name "dradis_backup_*.sql.gz" -mtime +30 -delete
echo "Database backup completed: $\\{BACKUP_FILE\\}.gz" EOF
chmod +x /opt/dradis-ce/scripts/backup_database.sh
Schedule daily backups¶
echo "0 2 * * * /opt/dradis-ce/scripts/backup_database.sh"|sudo crontab -u dradis - ```_
Automatisierungsskripte¶
Umfassendes Projekt Setup Script¶
```bash
!/bin/bash¶
Comprehensive Dradis project setup and management script¶
DRADIS_URL="\(\\\\{DRADIS_URL:-http://localhost:3000\\\\}" API_TOKEN="\)1" PROJECT_NAME="\(2" PROJECT_DESCRIPTION="\)3"
if [ -z "\(API_TOKEN" ]||[ -z "\)PROJECT_NAME" ]; then
echo "Usage: $0
Function to make API calls¶
api_call() \\{ local method="\(1" local endpoint="\)2" local data="\(3" local output_file="\)4"
local curl_args=(
-X "$method"
-H "Authorization: Token $API_TOKEN"
-H "Content-Type: application/json"
-s
)
if [ -n "$data" ]; then
curl_args+=(-d "$data")
fi
if [ -n "$output_file" ]; then
curl_args+=(-o "$output_file")
fi
curl "$\\\\{curl_args[@]\\\\}" "$DRADIS_URL$endpoint"
\\}
Function to create project¶
create_project() \\{ local name="\(1" local description="\)2"
echo "[+] Creating project: $name"
local project_data=$(cat ``<< EOF
\{ "project": \{ "name": "\(name", "description": "\)description" \} \} EOF )
local response=$(api_call "POST" "/api/projects" "$project_data")
local project_id=$(echo "$response"|jq -r '.id')
if [ "$project_id" != "null" ] && [ -n "$project_id" ]; then
echo " [+] Project created with ID: $project_id"
echo "$project_id"
else
echo " [-] Failed to create project"
echo " Response: $response"
return 1
fi
\}
Function to create standard node structure¶
create_node_structure() \{ local project_id="$1"
echo "[+] Creating standard node structure"
# Create main categories
local categories=(
"External Network:1"
"Internal Network:2"
"Web Applications:3"
"Wireless Networks:4"
"Physical Security:5"
)
for category in "$\\\{categories[@]\\\}"; do
local name=$(echo "$category"|cut -d':' -f1)
local position=$(echo "$category"|cut -d':' -f2)
local node_data=$(cat << EOF
\{ "node": \{ "label": "$name", "type_id": 1, "parent_id": null, "position": $position \} \} EOF )
local response=$(api_call "POST" "/api/projects/$project_id/nodes" "$node_data")
local node_id=$(echo "$response"|jq -r '.id')
if [ "$node_id" != "null" ] && [ -n "$node_id" ]; then
echo " [+] Created category node: $name (ID: $node_id)"
else
echo " [-] Failed to create category node: $name"
fi
done
\}
Function to create standard issue templates¶
create_issue_templates() \{ local project_id="$1"
echo "[+] Creating standard issue templates"
# Define standard vulnerability templates
local templates=(
"SQL Injection:Critical:A SQL injection vulnerability allows attackers to manipulate database queries..."
"Cross-Site Scripting (XSS):High:A cross-site scripting vulnerability allows attackers to inject malicious scripts..."
"Insecure Direct Object Reference:Medium:The application allows direct access to objects based on user input..."
"Information Disclosure:Low:Sensitive information is disclosed to unauthorized users..."
"Missing Security Headers:Info:Security headers are missing or misconfigured..."
)
for template in "$\\\{templates[@]\\\}"; do
local title=$(echo "$template"|cut -d':' -f1)
local severity=$(echo "$template"|cut -d':' -f2)
local description=$(echo "$template"|cut -d':' -f3)
local issue_data=$(cat << EOF
\{ "issue": \{ "title": "\(title", "text": "## Description\n\n\)description\n\n## Impact\n\n[Describe the potential impact]\n\n## Recommendation\n\n[Provide remediation steps]\n\n## References\n\n[Add relevant references]", "severity": "$severity" \} \} EOF )
local response=$(api_call "POST" "/api/projects/$project_id/issues" "$issue_data")
local issue_id=$(echo "$response"|jq -r '.id')
if [ "$issue_id" != "null" ] && [ -n "$issue_id" ]; then
echo " [+] Created issue template: $title (ID: $issue_id)"
else
echo " [-] Failed to create issue template: $title"
fi
done
\}
Function to import tool results¶
import_tool_results() \{ local project_id="\(1" local tool_type="\)2" local file_path="$3"
echo "[+] Importing $tool_type results from $file_path"
if [ ! -f "$file_path" ]; then
echo " [-] File not found: $file_path"
return 1
fi
# Upload file and import
local response=$(curl -X POST \
-H "Authorization: Token $API_TOKEN" \
-F "file=@$file_path" \
-F "plugin=$tool_type" \
"$DRADIS_URL/api/projects/$project_id/import")
if echo "$response"|grep -q "success"; then
echo " [+] Successfully imported $tool_type results"
else
echo " [-] Failed to import $tool_type results"
echo " Response: $response"
fi
\}
Function to generate reports¶
generate_reports() \{ local project_id="\(1" local output_dir="\)2"
echo "[+] Generating reports"
mkdir -p "$output_dir"
# Generate different report formats
local formats=("html" "pdf" "docx" "xlsx")
for format in "$\\\{formats[@]\\\}"; do
echo " [+] Generating $format report"
local report_data=$(cat << EOF
\{ "report": \{ "template": "default_export", "format": "$format" \} \} EOF )
api_call "POST" "/api/projects/$project_id/reports" "$report_data" "$output_dir/report.$format"
if [ -f "$output_dir/report.$format" ]; then
echo " [+] $format report saved: $output_dir/report.$format"
else
echo " [-] Failed to generate $format report"
fi
done
\}
Function to backup project¶
backup_project() \{ local project_id="\(1" local backup_dir="\)2"
echo "[+] Backing up project"
mkdir -p "$backup_dir"
local backup_file="$backup_dir/project_$\\\{project_id\\\}_backup_$(date +%Y%m%d_%H%M%S).xml"
api_call "GET" "/api/projects/$project_id/export" "" "$backup_file"
if [ -f "$backup_file" ]; then
echo " [+] Project backup saved: $backup_file"
# Compress backup
gzip "$backup_file"
echo " [+] Backup compressed: $\\\{backup_file\\\}.gz"
else
echo " [-] Failed to backup project"
fi
\}
Function to setup team collaboration¶
setup_team_collaboration() \{ local project_id="$1"
echo "[+] Setting up team collaboration"
# Create team roles and assignments (this would typically be done via web interface)
echo " [!] Team collaboration setup should be completed via web interface:"
echo " 1. Navigate to $DRADIS_URL/projects/$project_id/team"
echo " 2. Add team members and assign roles"
echo " 3. Configure notification settings"
echo " 4. Set up review workflows"
\}
Function to create project dashboard¶
create_project_dashboard() \{ local project_id="\(1" local output_file="\)2"
echo "[+] Creating project dashboard"
# Get project statistics
local project_info=$(api_call "GET" "/api/projects/$project_id")
local issues=$(api_call "GET" "/api/projects/$project_id/issues")
local nodes=$(api_call "GET" "/api/projects/$project_id/nodes")
# Generate dashboard HTML
cat >`` "$output_file" << EOF
📊 Project Dashboard
Project: $PROJECT_NAME
Generated: $(date)
Dradis URL: $DRADIS_URL/projects/$project_id
📈 Project Statistics
$(echo "$issues"|jq length)
Total Issues
$(echo "$nodes"|jq length)
Total Nodes
$(echo "$issues"|jq '[.[]|select(.severity == "Critical")]|length')
Critical
$(echo "$issues"|jq '[.[]|select(.severity == "High")]|length')
High
$(echo "$issues"|jq '[.[]|select(.severity == "Medium")]|length')
Medium
$(echo "$issues"|jq '[.[]|select(.severity == "Low")]|length')
Low
🎯 Recent Issues
| Title | Severity | Created |
|---|---|---|
| $title | $severity | $created |
🔗 Quick Links
EOF
echo " [+] Project dashboard created: $output_file"
\\}
Main execution¶
echo "[+] Dradis Project Setup and Management" echo "======================================="
Check if jq is available¶
if ! command -v jq &> /dev/null; then echo "[-] jq is required but not installed. Please install jq." exit 1 fi
Test API connection¶
echo "[+] Testing API connection" response=\((api_call "GET" "/api/projects") if echo "\)response"|jq . &> /dev/null; then echo " [+] API connection successful" else echo " [-] API connection failed" echo " Response: $response" exit 1 fi
Create project¶
PROJECT_ID=\((create_project "\)PROJECT_NAME" "\(PROJECT_DESCRIPTION") if [ -z "\)PROJECT_ID" ]; then echo "[-] Failed to create project. Exiting." exit 1 fi
Setup project structure¶
create_node_structure "\(PROJECT_ID" create_issue_templates "\)PROJECT_ID"
Create output directory¶
OUTPUT_DIR="dradis_project_\(\\\\{PROJECT_ID\\\\}_\)(date +%Y%m%d_%H%M%S)" mkdir -p "$OUTPUT_DIR"
Generate initial reports¶
generate_reports "\(PROJECT_ID" "\)OUTPUT_DIR/reports"
Create project dashboard¶
create_project_dashboard "\(PROJECT_ID" "\)OUTPUT_DIR/dashboard.html"
Backup project¶
backup_project "\(PROJECT_ID" "\)OUTPUT_DIR/backups"
Setup team collaboration¶
setup_team_collaboration "$PROJECT_ID"
echo ""
echo "[+] Project setup completed successfully!"
echo "========================================"
echo "Project ID: $PROJECT_ID"
echo "Project URL: \(DRADIS_URL/projects/\)PROJECT_ID"
echo "Output Directory: $OUTPUT_DIR"
echo "Dashboard: $OUTPUT_DIR/dashboard.html"
echo ""
echo "Next Steps:"
echo "1. Add team members via web interface"
echo "2. Import tool results using: $0 import
Tool Integration Script¶
```bash
!/bin/bash¶
Dradis tool integration and import script¶
DRADIS_URL="\(\\\\{DRADIS_URL:-http://localhost:3000\\\\}" API_TOKEN="\)1" PROJECT_ID="\(2" TOOL_TYPE="\)3" FILE_PATH="$4"
if [ -z "\(API_TOKEN" ]||[ -z "\)PROJECT_ID" ]||[ -z "\(TOOL_TYPE" ]||[ -z "\)FILE_PATH" ]; then
echo "Usage: $0
Function to validate file format¶
validate_file() \\{ local tool="\(1" local file="\)2"
if [ ! -f "$file" ]; then
echo "[-] File not found: $file"
return 1
fi
case "$tool" in
"nmap")
if ! grep -q "nmaprun" "$file"; then
echo "[-] Invalid Nmap XML format"
return 1
fi
;;
"nessus")
if ! grep -q "NessusClientData" "$file"; then
echo "[-] Invalid Nessus format"
return 1
fi
;;
"burp")
if ! grep -q "issues" "$file"; then
echo "[-] Invalid Burp Suite XML format"
return 1
fi
;;
"zap")
if ! grep -q "OWASPZAPReport" "$file"; then
echo "[-] Invalid OWASP ZAP XML format"
return 1
fi
;;
*)
echo "[!] File format validation not implemented for $tool"
;;
esac
echo "[+] File format validation passed"
return 0
\\}
Function to preprocess files¶
preprocess_file() \\{ local tool="\(1" local file="\)2" local output_file="$3"
case "$tool" in
"nmap")
# Clean up Nmap XML for better parsing
sed 's/&/&/g' "$file" > "$output_file"
;;
"nikto")
# Convert Nikto CSV to XML if needed
if grep -q "," "$file"; then
echo "[+] Converting Nikto CSV to XML format"
python3 ``<< EOF
import csv import xml.etree.ElementTree as ET
root = ET.Element("nikto") with open("$file", 'r') as csvfile: reader = csv.DictReader(csvfile) for row in reader: item = ET.SubElement(root, "item") for key, value in row.items(): elem = ET.SubElement(item, key.replace(' ', '_').lower()) elem.text = value
tree = ET.ElementTree(root) tree.write("\(output_file", encoding='utf-8', xml_declaration=True) EOF else cp "\)file" "\(output_file" fi ;; *) cp "\)file" "$output_file" ;; esac \}
Function to import file¶
import_file() \{ local project_id="\(1" local tool="\)2" local file="$3"
echo "[+] Importing $tool results into project $project_id"
local response=$(curl -X POST \
-H "Authorization: Token $API_TOKEN" \
-F "file=@$file" \
-F "plugin=$tool" \
-s \
"$DRADIS_URL/api/projects/$project_id/import")
if echo "$response"|grep -q "success\|imported"; then
echo " [+] Successfully imported $tool results"
# Extract import statistics if available
if command -v jq &>`` /dev/null && echo "$response"|jq . &> /dev/null; then
local nodes_created=$(echo "$response"|jq -r '.nodes_created // 0')
local issues_created=$(echo "$response"|jq -r '.issues_created // 0')
local evidence_created=$(echo "$response"|jq -r '.evidence_created // 0')
echo " - Nodes created: $nodes_created"
echo " - Issues created: $issues_created"
echo " - Evidence created: $evidence_created"
fi
else
echo " [-] Failed to import $tool results"
echo " Response: $response"
return 1
fi
\\}
Function to post-process imported data¶
post_process_import() \\{ local project_id="\(1" local tool="\)2"
echo "[+] Post-processing imported data"
case "$tool" in
"nmap")
# Tag Nmap-imported nodes
echo " [+] Tagging Nmap-imported nodes"
;;
"nessus")
# Categorize Nessus findings by severity
echo " [+] Categorizing Nessus findings"
;;
"burp")
# Group Burp findings by vulnerability type
echo " [+] Grouping Burp findings"
;;
*)
echo " [!] No post-processing defined for $tool"
;;
esac
\\}
Function to generate import summary¶
generate_import_summary() \\{ local project_id="\(1" local tool="\)2" local file="\(3" local output_file="\)4"
echo "[+] Generating import summary"
cat > "$output_file" << EOF
Dradis Import Summary¶
Import Details¶
- Tool: $tool
- Source File: $file
- Project ID: $project_id
- Import Date: $(date)
- File Size: \((du -h "\)file"|cut -f1)
Import Results¶
EOF
# Get current project statistics
local project_info=$(curl -X GET \
-H "Authorization: Token $API_TOKEN" \
-s \
"$DRADIS_URL/api/projects/$project_id")
local issues=$(curl -X GET \
-H "Authorization: Token $API_TOKEN" \
-s \
"$DRADIS_URL/api/projects/$project_id/issues")
local nodes=$(curl -X GET \
-H "Authorization: Token $API_TOKEN" \
-s \
"$DRADIS_URL/api/projects/$project_id/nodes")
if command -v jq &> /dev/null; then
cat >> "$output_file" << EOF
Current Project Statistics¶
- Total Issues: \((echo "\)issues"|jq length)
- Total Nodes: \((echo "\)nodes"|jq length)
- Critical Issues: \((echo "\)issues"|jq '[.[]|select(.severity == "Critical")]|length')
- High Issues: \((echo "\)issues"|jq '[.[]|select(.severity == "High")]|length')
- Medium Issues: \((echo "\)issues"|jq '[.[]|select(.severity == "Medium")]|length')
- Low Issues: \((echo "\)issues"|jq '[.[]|select(.severity == "Low")]|length')
Recent Issues (Last 10)¶
EOF
echo "$issues"|jq -r '.[-10:]|.[]|"- **" + .title + "** (" + .severity + ")"' >> "$output_file"
fi
cat >> "$output_file" << EOF
Next Steps¶
- Review imported findings for accuracy
- Merge duplicate issues if necessary
- Add additional evidence and context
- Assign issues to team members for verification
- Update issue descriptions and recommendations
Links¶
- Project Overview
- Issues
-
Nodes EOF
echo " [+] Import summary generated: $output_file" \\}
Main execution¶
echo "[+] Dradis Tool Integration" echo "==========================="
Validate file¶
if ! validate_file "\(TOOL_TYPE" "\)FILE_PATH"; then exit 1 fi
Create temporary directory for processing¶
TEMP_DIR=\((mktemp -d) PROCESSED_FILE="\)TEMP_DIR/processed_\((basename "\)FILE_PATH")"
Preprocess file¶
preprocess_file "\(TOOL_TYPE" "\)FILE_PATH" "$PROCESSED_FILE"
Import file¶
if import_file "\(PROJECT_ID" "\)TOOL_TYPE" "\(PROCESSED_FILE"; then # Post-process imported data post_process_import "\)PROJECT_ID" "$TOOL_TYPE"
# Generate import summary
SUMMARY_FILE="dradis_import_summary_$(date +%Y%m%d_%H%M%S).md"
generate_import_summary "$PROJECT_ID" "$TOOL_TYPE" "$FILE_PATH" "$SUMMARY_FILE"
echo ""
echo "[+] Import completed successfully!"
echo "================================="
echo "Project URL: $DRADIS_URL/projects/$PROJECT_ID"
echo "Import Summary: $SUMMARY_FILE"
echo ""
echo "Recommended next steps:"
echo "1. Review imported findings in Dradis web interface"
echo "2. Verify and validate imported data"
echo "3. Add additional context and evidence"
echo "4. Assign findings to team members"
else echo "[-] Import failed" exit 1 fi
Cleanup¶
rm -rf "$TEMP_DIR" ```_
Report Automation Script¶
```bash
!/bin/bash¶
Automated report generation and distribution script¶
DRADIS_URL="\(\\\\{DRADIS_URL:-http://localhost:3000\\\\}" API_TOKEN="\)1" PROJECT_ID="\(2" REPORT_TYPE="\)\\{3:-all\\}" OUTPUT_DIR="\(\\\\{4:-reports_\)(date +%Y%m%d_%H%M%S)\\}"
if [ -z "\(API_TOKEN" ]||[ -z "\)PROJECT_ID" ]; then
echo "Usage: $0
Function to generate report¶
generate_report() \\{ local project_id="\(1" local template="\)2" local format="\(3" local output_file="\)4"
echo "[+] Generating $format report with $template template"
local report_data=$(cat << EOF
\\{ "report": \\{ "template": "\(template", "format": "\)format" \\} \\} EOF )
local response=$(curl -X POST \
-H "Authorization: Token $API_TOKEN" \
-H "Content-Type: application/json" \
-d "$report_data" \
-s \
-o "$output_file" \
-w "%\\\\{http_code\\\\}" \
"$DRADIS_URL/api/projects/$project_id/reports")
if [ "$response" = "200" ] && [ -f "$output_file" ] && [ -s "$output_file" ]; then
echo " [+] Report generated successfully: $output_file"
return 0
else
echo " [-] Failed to generate report (HTTP: $response)"
return 1
fi
\\}
Function to customize report content¶
customize_report() \\{ local project_id="\(1" local template_type="\)2" local output_file="$3"
echo "[+] Customizing $template_type report"
# Get project data
local project_info=$(curl -X GET \
-H "Authorization: Token $API_TOKEN" \
-s \
"$DRADIS_URL/api/projects/$project_id")
local issues=$(curl -X GET \
-H "Authorization: Token $API_TOKEN" \
-s \
"$DRADIS_URL/api/projects/$project_id/issues")
if ! command -v jq &> /dev/null; then
echo " [!] jq not available, skipping customization"
return 0
fi
local project_name=$(echo "$project_info"|jq -r '.name')
local total_issues=$(echo "$issues"|jq length)
local critical_count=$(echo "$issues"|jq '[.[]|select(.severity == "Critical")]|length')
local high_count=$(echo "$issues"|jq '[.[]|select(.severity == "High")]|length')
case "$template_type" in
"executive")
# Create executive summary
cat > "$output_file" << EOF
Executive Summary - $project_name¶
Assessment Overview¶
This security assessment identified \(total_issues** total findings, including **\)critical_count critical and $high_count high severity vulnerabilities.
Key Findings¶
\((echo "\)issues"|jq -r '.[]|select(.severity == "Critical" or .severity == "High")|"- " + .title + " (" + .severity + ")"'|head -5)
Risk Assessment¶
\((if [ "\)critical_count" -gt 0 ]; then echo "🔴 CRITICAL RISK - Immediate action required"; elif [ "$high_count" -gt 0 ]; then echo "🟠 HIGH RISK - Action required within 24-48 hours"; else echo "🟡 MODERATE RISK - Address findings in next release cycle"; fi)
Recommendations¶
- Address all critical and high severity vulnerabilities immediately
- Implement security controls to prevent similar issues
- Conduct regular security assessments
- Provide security training to development teams
*Generated on \((date)* EOF ;; "technical") # Create technical details cat > "\)output_file" << EOF
Technical Assessment Report - $project_name¶
Methodology¶
This assessment was conducted using industry-standard penetration testing methodologies.
Detailed Findings¶
EOF echo "\(issues"|jq -r '.[]|"### " + .title + "\n\n**Severity:** " + .severity + "\n\n" + .text + "\n\n---\n"' >> "\)output_file" ;; esac
echo " [+] Custom report created: $output_file"
\\}
Function to add watermarks and branding¶
add_branding() \\{ local file="\(1" local format="\)2"
echo "[+] Adding branding to $format report"
case "$format" in
"pdf")
# Add watermark to PDF (requires pdftk or similar)
if command -v pdftk &> /dev/null; then
echo " [+] Adding PDF watermark"
# pdftk "$file" background watermark.pdf output "$\\\\{file%.pdf\\\\}_branded.pdf"
else
echo " [!] pdftk not available, skipping PDF branding"
fi
;;
"html")
# Add CSS branding to HTML
if [ -f "$file" ]; then
sed -i '/<\/head>/i\
' "$file" echo " [+] HTML branding added" fi ;; esac \\}
Function to encrypt sensitive reports¶
encrypt_report() \\{ local file="\(1" local password="\)2"
echo "[+] Encrypting report: $(basename "$file")"
if command -v gpg &> /dev/null; then
# Encrypt with GPG
gpg --symmetric --cipher-algo AES256 --compress-algo 1 --s2k-mode 3 \
--s2k-digest-algo SHA512 --s2k-count 65536 --quiet \
--passphrase "$password" --batch --yes "$file"
if [ -f "$\\\\{file\\\\}.gpg" ]; then
echo " [+] Report encrypted: $\\\\{file\\\\}.gpg"
rm "$file" # Remove unencrypted version
fi
elif command -v openssl &> /dev/null; then
# Encrypt with OpenSSL
openssl enc -aes-256-cbc -salt -in "$file" -out "$\\\\{file\\\\}.enc" -pass pass:"$password"
if [ -f "$\\\\{file\\\\}.enc" ]; then
echo " [+] Report encrypted: $\\\\{file\\\\}.enc"
rm "$file" # Remove unencrypted version
fi
else
echo " [!] No encryption tools available"
fi
\\}
Function to distribute reports¶
distribute_reports() \\{ local output_dir="\(1" local project_id="\)2"
echo "[+] Distributing reports"
# Create distribution package
local package_name="security_assessment_reports_$(date +%Y%m%d_%H%M%S).tar.gz"
tar -czf "$package_name" -C "$(dirname "$output_dir")" "$(basename "$output_dir")"
echo " [+] Distribution package created: $package_name"
# Send via email (if configured)
if command -v mail &> /dev/null && [ -n "$REPORT_EMAIL" ]; then
echo "Sending security assessment reports for project $project_id"|\
mail -s "Security Assessment Reports - $(date)" \
-a "$package_name" \
"$REPORT_EMAIL"
echo " [+] Reports sent via email to: $REPORT_EMAIL"
fi
# Upload to secure storage (example with AWS S3)
if command -v aws &> /dev/null && [ -n "$S3_BUCKET" ]; then
aws s3 cp "$package_name" "s3://$S3_BUCKET/security-reports/"
echo " [+] Reports uploaded to S3: s3://$S3_BUCKET/security-reports/$package_name"
fi
# Create secure download link
if [ -n "$SECURE_UPLOAD_URL" ]; then
curl -X POST \
-F "file=@$package_name" \
-F "expires=7d" \
"$SECURE_UPLOAD_URL" > download_link.txt
echo " [+] Secure download link created: $(cat download_link.txt)"
fi
\\}
Function to create report index¶
create_report_index() \\{ local output_dir="\(1" local project_id="\)2"
echo "[+] Creating report index"
local index_file="$output_dir/index.html"
cat > "$index_file" << EOF
🔒 Security Assessment Reports
Project ID: $project_id
Generated: $(date)
📄 Available Reports
EOF # List all generated reports for report_file in "$output_dir"/*.\\\\{html,pdf,docx,xlsx,md\\\\} 2>/dev/null; do if [ -f "$report_file" ]; then local filename=$(basename "$report_file") local filesize=$(du -h "$report_file"|cut -f1) cat >> "$index_file" << EOF📊 Report Summary
This package contains comprehensive security assessment reports in multiple formats:
- HTML: Interactive web-based reports
- PDF: Printable documents for distribution
- Word: Editable documents for customization
- Excel: Data analysis and tracking
- Markdown: Version-controlled documentation
🔐 Security Notice
CONFIDENTIAL: These reports contain sensitive security information and should be handled according to your organization's data classification policies.
EOF
echo " [+] Report index created: $index_file"
\\}
Main execution¶
echo "[+] Dradis Report Automation" echo "============================"
Create output directory¶
mkdir -p "$OUTPUT_DIR"
Generate reports based on type¶
case "\(REPORT_TYPE" in "all") echo "[+] Generating all report formats" generate_report "\)PROJECT_ID" "default_export" "html" "\(OUTPUT_DIR/security_report.html" generate_report "\)PROJECT_ID" "default_export" "pdf" "\(OUTPUT_DIR/security_report.pdf" generate_report "\)PROJECT_ID" "word_export" "docx" "\(OUTPUT_DIR/security_report.docx" generate_report "\)PROJECT_ID" "excel_export" "xlsx" "\(OUTPUT_DIR/security_report.xlsx" customize_report "\)PROJECT_ID" "executive" "\(OUTPUT_DIR/executive_summary.md" customize_report "\)PROJECT_ID" "technical" "\(OUTPUT_DIR/technical_details.md" ;; "executive") echo "[+] Generating executive reports" customize_report "\)PROJECT_ID" "executive" "\(OUTPUT_DIR/executive_summary.md" generate_report "\)PROJECT_ID" "executive_export" "pdf" "\(OUTPUT_DIR/executive_summary.pdf" ;; "technical") echo "[+] Generating technical reports" customize_report "\)PROJECT_ID" "technical" "\(OUTPUT_DIR/technical_details.md" generate_report "\)PROJECT_ID" "default_export" "html" "\(OUTPUT_DIR/technical_report.html" ;; "html") generate_report "\)PROJECT_ID" "default_export" "html" "\(OUTPUT_DIR/security_report.html" ;; "pdf") generate_report "\)PROJECT_ID" "default_export" "pdf" "\(OUTPUT_DIR/security_report.pdf" ;; "docx") generate_report "\)PROJECT_ID" "word_export" "docx" "\(OUTPUT_DIR/security_report.docx" ;; "xlsx") generate_report "\)PROJECT_ID" "excel_export" "xlsx" "$OUTPUT_DIR/security_report.xlsx" ;; *) echo "[-] Unknown report type: $REPORT_TYPE" exit 1 ;; esac
Add branding to reports¶
for report_file in "\(OUTPUT_DIR"/*.\\\\{html,pdf\\\\} 2>/dev/null; do if [ -f "\)report_file" ]; then add_branding "\(report_file" "\)\\{report_file##*.\\}" fi done
Encrypt sensitive reports (if password provided)¶
if [ -n "\(REPORT_PASSWORD" ]; then for report_file in "\)OUTPUT_DIR"/*.\\{pdf,docx\\} 2>/dev/null; do if [ -f "\(report_file" ]; then encrypt_report "\)report_file" "$REPORT_PASSWORD" fi done fi
Create report index¶
create_report_index "\(OUTPUT_DIR" "\)PROJECT_ID"
Distribute reports¶
distribute_reports "\(OUTPUT_DIR" "\)PROJECT_ID"
echo "" echo "[+] Report generation completed successfully!" echo "===========================================" echo "Output Directory: $OUTPUT_DIR" echo "Report Index: \(OUTPUT_DIR/index.html" echo "" echo "Generated Reports:" ls -la "\)OUTPUT_DIR" echo "" echo "Next Steps:" echo "1. Review generated reports for accuracy" echo "2. Customize reports as needed" echo "3. Distribute to stakeholders" echo "4. Archive reports securely" ```_
Integration von Sicherheitswerkzeugen¶
Nmap Integration¶
```bash
Import Nmap results¶
nmap -sS -sV -O -A target.com -oX nmap_results.xml curl -X POST -H "Authorization: Token $API_TOKEN" \ -F "file=@nmap_results.xml" -F "plugin=nmap" \ http://localhost:3000/api/projects/1/import ```_
Nessus Integration¶
```bash
Export Nessus scan and import¶
curl -X POST -H "Authorization: Token $API_TOKEN" \ -F "file=@nessus_scan.nessus" -F "plugin=nessus" \ http://localhost:3000/api/projects/1/import ```_
Integration von Burp Suite¶
```bash
Export Burp findings and import¶
curl -X POST -H "Authorization: Token $API_TOKEN" \ -F "file=@burp_findings.xml" -F "plugin=burp" \ http://localhost:3000/api/projects/1/import ```_
OWASP ZAP Integration¶
```bash
Import ZAP results¶
curl -X POST -H "Authorization: Token $API_TOKEN" \ -F "file=@zap_report.xml" -F "plugin=zap" \ http://localhost:3000/api/projects/1/import ```_
Fehlerbehebung¶
Gemeinsame Themen¶
Probleme der Datenbankverbindung¶
```bash
Check database status¶
sudo systemctl status postgresql
Reset database¶
cd /opt/dradis-ce RAILS_ENV=production bundle exec rake db:reset
Check database configuration¶
cat config/database.yml ```_
Speicherprobleme¶
```bash
Increase Ruby memory limit¶
export RUBY_GC_HEAP_INIT_SLOTS=1000000 export RUBY_GC_HEAP_FREE_SLOTS=500000 export RUBY_GC_HEAP_GROWTH_FACTOR=1.1
Monitor memory usage¶
ps aux|grep rails ```_
Leistungsoptimierung¶
```bash
Enable Redis caching¶
sudo systemctl start redis sudo systemctl enable redis
Configure Rails caching¶
echo "config.cache_store = :redis_cache_store" >> config/environments/production.rb
Optimize database¶
sudo -u postgres psql dradis_production -c "VACUUM ANALYZE;" ```_
SSL/TLS Konfiguration¶
```bash
Generate self-signed certificate¶
openssl req -x509 -newkey rsa:4096 -keyout dradis.key -out dradis.crt -days 365 -nodes
Configure SSL in Nginx¶
ssl_certificate /etc/ssl/certs/dradis.crt; ssl_certificate_key /etc/ssl/private/dradis.key; ```_
Backup und Recovery¶
```bash
Backup Dradis data¶
pg_dump -h localhost -U dradis dradis_production > dradis_backup.sql tar -czf dradis_files_backup.tar.gz /opt/dradis-ce/shared
Restore from backup¶
sudo -u postgres psql -c "DROP DATABASE dradis_production;" sudo -u postgres psql -c "CREATE DATABASE dradis_production;" psql -h localhost -U dradis dradis_production < dradis_backup.sql tar -xzf dradis_files_backup.tar.gz -C / ```_
Ressourcen¶
- [Dradis Offizielle Website](LINK_7
- [Dradis Community Edition GitHub](LINK_7
- Dradis Dokumentation
- Dradis API Dokumentation
- Dradis Plugins
- (LINK_7)
- (LINK_7)
--
*Dieses Betrügereiblatt bietet einen umfassenden Hinweis für die Verwendung von Dradis zur Zusammenarbeit und Berichterstattung der Sicherheitsbewertung. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Genehmigung haben, bevor Sie Sicherheitsbewertungen durchführen und die Datenverarbeitungsrichtlinien Ihrer Organisation bei der Verwendung von Dradis verfolgen. *