Fuzz test suites and their location that already exist in the repo
Problem to solve
User experience goal
Allow users to specify how their web apps & APIs are tested normally and fuzz them using that info. Do this by standing up a users app and test system, then putting a proxy between the two to conduct fuzz tests.
Benefits after discussing of this approach:
- It can auto-discover endpoints that may not be defined as part of an API specification.
- It can find additional results since the fuzzer will have more context from the various tests.
- This approach will be technically more involved to implement.
- This approach will potentially be more difficult for users to configure and setup.
Question: If a user is using a GitLab-managed Kuberneter cluster, could we do install a cluster application to do the proxying that would be needed?
Permissions and Security
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references