Browserker GTM
Proposal
The DAST team would like to start coordinating release of a beta version of Browserker. This will require a few separate initiatives:
- Create Browserker specific documentation, tracked with issue https://gitlab.com/gitlab-org/security-products/analyzers/browserker/-/issues/7
- Create blog posts regarding it's novelty and increase general awareness. Some ideas could be:
- Browser-based vs. proxy-based spidering and testing
- The challenge of testing modern SPA's for security flaws
- The science of spidering (page loads, third party content, DOM parsing, "new" pages, CDN delivered content, etc.)
- What is a page and when is there a "new" page (not relying on URLs anymore)
- DAST as a developer function (this should probably be a blog we write regardless of its connection to Browserker)
- Guides and demo projects on how to use/configure Browserker for DAST
- Use case walkthrough of actually setting up a specific app (could be any of our benchmark apps), using review apps (or some other temp deployment strategy), and setting up a CI/CD DAST job with Browserker to scan the site app
- Video walkthrough of setting up a scan with Browserker instead of the current DAST spider