Skip to content
Snippets Groups Projects

DAST browser-based authentication release post

Merged Derek Ferguson requested to merge derekferguson-dast-browser-based-auth-release-post into master
All threads resolved!
1 file
+ 13
0
Compare changes
  • Side-by-side
  • Inline
---
features:
secondary:
- name: "Browser-based DAST authentication"
available_in: [ultimate]
documentation_link: 'https://docs.gitlab.com/ee/user/application_security/dast/#authentication'
reporter: derekferguson
stage: secure
categories:
- 'DAST'
issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/331751'
description: |
As a part of our project to move to a browser-based DAST ecosystem, we have switched the DAST authentication method over to using browser-based authentication. In addition to supporting all of the existing DAST methods of authentication, this new system allows for advanced debugging by generating a report that contains screenshots and HTTP requests made during the authentication process. The report allows a user to view all the steps in the process and see what is happening if authentication fails. The new authentication method also contains quality-of-life improvements such as greater flexibility for how to select login form elements on a page, support for clicking elements to show a popup login modal, strategies for validating whether or not authentication succeeded, and direct access to the browser logs for debugging purposes.
Loading