Automated health checks
Vital Signs
In most cases, the basis for collaboration is good communication and documenting processes, events, and results. Today, you have access to countless tools and frameworks for this process, often specialized for particular kinds of work. London-based Security Roots is the developer of the open source Dradis [1] software for IT security teams. The framework creates standardized reports specifically for security checks, helps teams prepare for penetration testing of IT infrastructures, and organizes the implementation and evaluation.
Security experts often use an expansive kit of tools, each with its specific focus, when carrying out penetration tests. Although some of these tools support standardized output formats for the results, the penetration tester is then ultimately forced to compile and organize things on their own to create a comprehensive report for all the tests. Because no uniform standards exist for organizing or creating reports from the individual results, the developers at Dradis stepped in with a web application that acts as a central interface for the penetration testing process.
The free community version allows several employees to work on one project per instance. You can use various plugins to provide data from common penetration testing tools within the scope of the project, including add-ons for Metasploit, Nessus, Nikto, and Nmap.
First Steps in the Container
Of the various installation options for viewing Dradis in action, I'll first take a quick look at the Docker image:
docker run -it --rm -p 3000:3000 dradis/dradis-ce
Of course, you can also download sources from the Git repository [2] and install the software on your local system. If you have access to Heroku or DigitalOcean, you can install Dradis there directly from
...Buy this article as PDF
(incl. VAT)