diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-18 16:16:36 +0300 |
commit | 311b0269b4eb9839fa63f80c8d7a58f32b8138a0 (patch) | |
tree | 07e7870bca8aed6d61fdcc810731c50d2c40af47 /doc/user/application_security/dast/checks/index.md | |
parent | 27909cef6c4170ed9205afa7426b8d3de47cbb0c (diff) |
Add latest changes from gitlab-org/gitlab@14-5-stable-eev14.5.0-rc42
Diffstat (limited to 'doc/user/application_security/dast/checks/index.md')
-rw-r--r-- | doc/user/application_security/dast/checks/index.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/checks/index.md b/doc/user/application_security/dast/checks/index.md new file mode 100644 index 00000000000..f1a68387eb1 --- /dev/null +++ b/doc/user/application_security/dast/checks/index.md @@ -0,0 +1,20 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# DAST browser-based crawler vulnerability checks **(ULTIMATE)** + +The [DAST browser-based crawler](../browser_based.md) provides a number of vulnerability checks that are used to scan for vulnerabilities in the site under test. + +| ID | Check | Severity | Type | +|:---|:------|:---------|:-----| +| [1004.1](1004.1.md) | Sensitive cookie without `HttpOnly` attribute | Low | Passive | +| [16.1](16.1.md) | Missing Content-Type header | Low | Passive | +| [16.2](16.2.md) | Server header exposes version information | Low | Passive | +| [16.3](16.3.md) | X-Powered-By header exposes version information | Low | Passive | +| [16.4](16.4.md) | X-Backend-Server header exposes server information | Info | Passive | +| [16.5](16.5.md) | AspNet Header(s) exposes version information | Low | Passive | +| [614.1](614.1.md) | Sensitive cookie without `Secure` attribute | Low | Passive | +| [693.1](693.1.md) | Missing X-Content-Type-Options: nosniff | Low | Passive | |