diff options
Diffstat (limited to 'doc/user/application_security/dast/checks')
10 files changed, 18 insertions, 18 deletions
diff --git a/doc/user/application_security/dast/checks/16.2.md b/doc/user/application_security/dast/checks/16.2.md index a317b9418a1..2051b118009 100644 --- a/doc/user/application_security/dast/checks/16.2.md +++ b/doc/user/application_security/dast/checks/16.2.md @@ -40,5 +40,5 @@ the `Server` header. - [CWE](https://cwe.mitre.org/data/definitions/16.html) - [Apache ServerTokens](https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/) -- [NGINX server_tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) +- [NGINX `server_tokens`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) - [IIS 10 Remove Server Header](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/#attributes) diff --git a/doc/user/application_security/dast/checks/16.3.md b/doc/user/application_security/dast/checks/16.3.md index d9e6f6f8d92..d1799baa517 100644 --- a/doc/user/application_security/dast/checks/16.3.md +++ b/doc/user/application_security/dast/checks/16.3.md @@ -32,4 +32,4 @@ information from the `X-Powered-By` header. ## Links - [CWE](https://cwe.mitre.org/data/definitions/16.html) -- [PHP expose_php](https://www.php.net/manual/en/ini.core.php#ini.expose-php) +- [PHP `expose_php`](https://www.php.net/manual/en/ini.core.php#ini.expose-php) diff --git a/doc/user/application_security/dast/checks/548.1.md b/doc/user/application_security/dast/checks/548.1.md index b6907db5928..6cef8ccdb63 100644 --- a/doc/user/application_security/dast/checks/548.1.md +++ b/doc/user/application_security/dast/checks/548.1.md @@ -41,5 +41,5 @@ indexing. - [CWE](https://cwe.mitre.org/data/definitions/548.html) - [Apache Options](https://httpd.apache.org/docs/2.4/mod/core.html#options) -- [NGINX autoindex](https://nginx.org/en/docs/http/ngx_http_autoindex_module.html) -- [IIS directoryBrowse element](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/directorybrowse) +- [NGINX `autoindex`](https://nginx.org/en/docs/http/ngx_http_autoindex_module.html) +- [IIS `directoryBrowse` element](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/directorybrowse) diff --git a/doc/user/application_security/dast/checks/798.33.md b/doc/user/application_security/dast/checks/798.33.md index 536faefdb51..4761ac9d157 100644 --- a/doc/user/application_security/dast/checks/798.33.md +++ b/doc/user/application_security/dast/checks/798.33.md @@ -4,11 +4,11 @@ group: Dynamic Analysis info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# Exposure of confidential secret or token Droneci Access Token +# Exposure of confidential secret or token Drone CI Access Token ## Description -The response body contains content that matches the pattern of a Droneci Access Token. +The response body contains content that matches the pattern of a Drone CI Access Token. Exposing this value could allow attackers to gain access to all resources granted by this token. ## Remediation diff --git a/doc/user/application_security/dast/checks/798.49.md b/doc/user/application_security/dast/checks/798.49.md index 7ea3a65fbfa..41a3e8ace3d 100644 --- a/doc/user/application_security/dast/checks/798.49.md +++ b/doc/user/application_security/dast/checks/798.49.md @@ -4,11 +4,11 @@ group: Dynamic Analysis info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# Exposure of confidential secret or token Freshbooks Access Token +# Exposure of confidential secret or token FreshBooks Access Token ## Description -The response body contains content that matches the pattern of a Freshbooks Access Token. +The response body contains content that matches the pattern of a FreshBooks Access Token. Exposing this value could allow attackers to gain access to all resources granted by this token. ## Remediation diff --git a/doc/user/application_security/dast/checks/798.65.md b/doc/user/application_security/dast/checks/798.65.md index f2ebfb988b2..083bfec3350 100644 --- a/doc/user/application_security/dast/checks/798.65.md +++ b/doc/user/application_security/dast/checks/798.65.md @@ -4,11 +4,11 @@ group: Dynamic Analysis info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# Exposure of confidential secret or token Launchdarkly Access Token +# Exposure of confidential secret or token LaunchDarkly Access Token ## Description -The response body contains content that matches the pattern of a Launchdarkly Access Token. +The response body contains content that matches the pattern of a LaunchDarkly Access Token. Exposing this value could allow attackers to gain access to all resources granted by this token. ## Remediation diff --git a/doc/user/application_security/dast/checks/798.97.md b/doc/user/application_security/dast/checks/798.97.md index d3035b05bbb..711288eba9c 100644 --- a/doc/user/application_security/dast/checks/798.97.md +++ b/doc/user/application_security/dast/checks/798.97.md @@ -4,11 +4,11 @@ group: Dynamic Analysis info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# Exposure of confidential secret or token Rubygem API token +# Exposure of confidential secret or token RubyGems API token ## Description -The response body contains content that matches the pattern of a Rubygem API token. +The response body contains content that matches the pattern of a RubyGems API token. Exposing this value could allow attackers to gain access to all resources granted by this token. ## Remediation diff --git a/doc/user/application_security/dast/checks/829.1.md b/doc/user/application_security/dast/checks/829.1.md index f18634b72d9..7df250c2047 100644 --- a/doc/user/application_security/dast/checks/829.1.md +++ b/doc/user/application_security/dast/checks/829.1.md @@ -20,7 +20,7 @@ applications users would be protected from the malicious alterations. All identified resources should be sourced from the same domain as the target application. If this is not possible, it is strongly recommended that all `script` tags that implement `src` values, or `link` tags that implement the `href` values include Sub-Resource Integrity. To generate SRI integrity values the -[srihash](https://www.srihash.org/) tool can be used, or by running one of the following commands: +[SRI hash](https://www.srihash.org/) tool can be used, or by running one of the following commands: - `cat FILENAME.js | openssl dgst -sha384 -binary | openssl base64 -A` - `shasum -b -a 384 FILENAME.js | awk '{ print $1 }' | xxd -r -p | base64` diff --git a/doc/user/application_security/dast/checks/829.2.md b/doc/user/application_security/dast/checks/829.2.md index 19490afe676..d9d3e5a6341 100644 --- a/doc/user/application_security/dast/checks/829.2.md +++ b/doc/user/application_security/dast/checks/829.2.md @@ -19,7 +19,7 @@ them with known good versions. All identified resources should be sourced from the same domain as the target application. If this is not possible, it is strongly recommended that all `script` tags that implement `src` values, or `link` tags that implement the `href` values include Sub-Resource Integrity. To generate SRI integrity values the -[srihash](https://www.srihash.org/) tool can be used, or by running one of the following commands: +[SRI hash](https://www.srihash.org/) tool can be used, or by running one of the following commands: - `cat FILENAME.js | openssl dgst -sha384 -binary | openssl base64 -A` - `shasum -b -a 384 FILENAME.js | awk '{ print $1 }' | xxd -r -p | base64` diff --git a/doc/user/application_security/dast/checks/index.md b/doc/user/application_security/dast/checks/index.md index 9466734f9cf..56406b24586 100644 --- a/doc/user/application_security/dast/checks/index.md +++ b/doc/user/application_security/dast/checks/index.md @@ -69,7 +69,7 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne | [798.30](798.30.md) | Exposure of confidential secret or token Dropbox API secret | High | Passive | | [798.31](798.31.md) | Exposure of confidential secret or token Dropbox long lived API token | High | Passive | | [798.32](798.32.md) | Exposure of confidential secret or token Dropbox short lived API token | High | Passive | -| [798.33](798.33.md) | Exposure of confidential secret or token Droneci Access Token | High | Passive | +| [798.33](798.33.md) | Exposure of confidential secret or token Drone CI Access Token | High | Passive | | [798.34](798.34.md) | Exposure of confidential secret or token Duffel API token | High | Passive | | [798.35](798.35.md) | Exposure of confidential secret or token Dynatrace API token | High | Passive | | [798.36](798.36.md) | Exposure of confidential secret or token EasyPost API token | High | Passive | @@ -84,7 +84,7 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne | [798.46](798.46.md) | Exposure of confidential secret or token Flutterwave Secret Key | High | Passive | | [798.47](798.47.md) | Exposure of confidential secret or token Flutterwave Encryption Key | High | Passive | | [798.48](798.48.md) | Exposure of confidential secret or token Frame.io API token | High | Passive | -| [798.49](798.49.md) | Exposure of confidential secret or token Freshbooks Access Token | High | Passive | +| [798.49](798.49.md) | Exposure of confidential secret or token FreshBooks Access Token | High | Passive | | [798.50](798.50.md) | Exposure of confidential secret or token GoCardless API token | High | Passive | | [798.52](798.52.md) | Exposure of confidential secret or token GitHub Personal Access Token | High | Passive | | [798.53](798.53.md) | Exposure of confidential secret or token GitHub OAuth Access Token | High | Passive | @@ -99,7 +99,7 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne | [798.62](798.62.md) | Exposure of confidential secret or token Kraken Access Token | High | Passive | | [798.63](798.63.md) | Exposure of confidential secret or token Kucoin Access Token | High | Passive | | [798.64](798.64.md) | Exposure of confidential secret or token Kucoin Secret Key | High | Passive | -| [798.65](798.65.md) | Exposure of confidential secret or token Launchdarkly Access Token | High | Passive | +| [798.65](798.65.md) | Exposure of confidential secret or token LaunchDarkly Access Token | High | Passive | | [798.66](798.66.md) | Exposure of confidential secret or token Linear API Token | High | Passive | | [798.67](798.67.md) | Exposure of confidential secret or token Linear Client Secret | High | Passive | | [798.68](798.68.md) | Exposure of confidential secret or token LinkedIn Client ID | High | Passive | @@ -126,7 +126,7 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne | [798.94](798.94.md) | Exposure of confidential secret or token Private Key | High | Passive | | [798.95](798.95.md) | Exposure of confidential secret or token Pulumi API token | High | Passive | | [798.96](798.96.md) | Exposure of confidential secret or token PyPI upload token | High | Passive | -| [798.97](798.97.md) | Exposure of confidential secret or token Rubygem API token | High | Passive | +| [798.97](798.97.md) | Exposure of confidential secret or token RubyGem API token | High | Passive | | [798.98](798.98.md) | Exposure of confidential secret or token RapidAPI Access Token | High | Passive | | [798.99](798.99.md) | Exposure of confidential secret or token Sendbird Access ID | High | Passive | | [798.100](798.100.md) | Exposure of confidential secret or token Sendbird Access Token | High | Passive | |