3 files changed, 82 insertions, 0 deletions

diff --git a/doc/user/application_security/dast/checks/611.1.md b/doc/user/application_security/dast/checks/611.1.md
new file mode 100644
index 00000000000..49ef449f8b0
--- /dev/null
+++ b/doc/user/application_security/dast/checks/611.1.md
@@ -0,0 +1,31 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# External XML Entity Injection (XXE)
+
+## Description
+
+It is possible to cause the application's XML parser to include external resources.
+This can include files or in some circumstances initiate requests to third party
+servers.
+
+## Remediation
+
+Consult the documentation for the XML Parser used by the target application for security
+guidelines and hardening steps. It is recommended that all XML parsers disable external
+entity resolution and XML `xinclude` features. Most XML parsers based on `libxml` can also be
+configured to disable network access.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 611.1 | false | 611 | Active | high |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing)
+- [CWE](https://cwe.mitre.org/data/definitions/611.html)
diff --git a/doc/user/application_security/dast/checks/94.4.md b/doc/user/application_security/dast/checks/94.4.md
new file mode 100644
index 00000000000..9dddada84f9
--- /dev/null
+++ b/doc/user/application_security/dast/checks/94.4.md
@@ -0,0 +1,49 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server-side code injection (NodeJS)
+
+## Description
+
+The target application was found vulnerable to code injection. A malicious actor could inject arbitrary
+JavaScript code to be executed on the server. This could lead to a full system compromise by accessing
+stored secrets, injecting code to take over accounts, or executing OS commands.
+
+## Remediation
+
+Never pass user input directly into functions which evaluate string data as code, such as `eval`, `setTimeout`
+or `setInterval`. There is almost no benefit of passing string values to these methods, as such the best
+recommendation is to replace the current logic with more safe implementations of dynamically evaluating
+logic with user input. One alternative is to store functions or methods in a Map that can be looked
+up using a key. If the key exists, the function can be executed.
+
+```javascript
+const function_map = new Map();
+
+function_map.set('fn', function() {
+    console.log('hello world');
+})
+
+const input = 'fn2';
+
+const fn = function_map.get(input)
+
+if (fn) {
+    fn();
+} else {
+    console.log('invalid input');
+}
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 94.4 | false | 94 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/94.html)
diff --git a/doc/user/application_security/dast/checks/index.md b/doc/user/application_security/dast/checks/index.md
index 035f4a4b486..4d41f08672e 100644
--- a/doc/user/application_security/dast/checks/index.md
+++ b/doc/user/application_security/dast/checks/index.md
@@ -169,3 +169,5 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne
 |:---|:------|:---------|:-----|
 | [113.1](113.1.md) | Improper Neutralization of CRLF Sequences in HTTP Headers | High | Active |
 | [22.1](22.1.md) | Improper limitation of a pathname to a restricted directory (Path traversal) | High | Active |
+| [611.1](611.1.md) | External XML Entity Injection (XXE) | High | Active |
+| [94.4](94.4.md) | Server-side code injection (NodeJS) | High | Active |