Configuration
The Configuration section allows admin users or users with the Manage Configurations permission to add and manage various settings. In APTRS, users can define Project Types, such as "Mobile Application Testing," which are used when creating projects and are also referenced in PDF and DOCX reports. Multiple project types can be added to suit different testing needs.
In addition to project types, users can also create Report Standards. When generating a report, users are required to select the applicable testing standard, such as OWASP for web application testing. Users can add additional standards here, which can then be used in the generated reports.
Version 2.0 Update
As of APTRS version 2.0, users can now edit and delete existing project types and report standards. This provides more flexibility in managing your configuration settings and keeping them up-to-date.
Managing Configuration Settings
The Configuration section in APTRS provides tools to customize the system according to your organization's needs. This section explains how to manage these configuration options.
Project Types
Project Types define the categories of security assessments your organization performs. These appear in project creation forms and are included in generated reports.
Adding Project Types
To add a new project type:
- Navigate to the Configuration page
- Locate the Project Types section
- Click the "Add Project Type" button
- Enter the name of the project type (e.g., "Web Application Assessment", "API Security Testing")
- Click "Save" to add the project type
Editing Project Types (Version 2.0+)
To modify an existing project type:
- Find the project type in the list
- Click the "Edit" icon next to the project type
- Update the name as needed
- Click "Save" to apply your changes
Impact on Existing Projects
Editing a project type will update it across all projects where it's used. Consider the impact on existing reports before making changes.
Deleting Project Types (Version 2.0+)
To remove a project type:
- Locate the project type in the list
- Click the "Delete" icon next to the project type
- Confirm the deletion when prompted
Report Standards
Report Standards define the compliance frameworks or methodologies used in your security assessments, such as OWASP Top 10 or NIST guidelines.
Adding Report Standards
To add a new report standard:
- Navigate to the Configuration page
- Go to the Report Standards section
- Click "Add Report Standard"
- Enter the standard name (e.g., "OWASP Top 10 2021", "NIST SP 800-53")
- Click "Save" to add the standard
Editing Report Standards (Version 2.0+)
To modify an existing report standard:
- Find the standard in the list
- Click the "Edit" icon next to the standard
- Update the name as needed
- Click "Save" to apply your changes
Deleting Report Standards (Version 2.0+)
To remove a report standard:
- Locate the standard in the list
- Click the "Delete" icon next to the standard
- Confirm the deletion when prompted
Best Practices for Configuration Management
Standardization
- Create a consistent naming convention for project types and standards
- Document your configuration choices for team reference
- Limit the number of project types to maintain clarity
- Use widely recognized standards when possible
Maintenance
- Periodically review and update your configurations
- Remove unused project types and standards
- Ensure configurations align with your current service offerings
- Consider version numbers in standard names (e.g., "OWASP Top 10 2021" vs "OWASP Top 10 2017")
Permissions
Only users with administrative privileges or the "Manage Configurations" permission can modify these settings. This restriction helps maintain consistency in your APTRS environment.