Enable Mutual TLS authentication support in Browser-based only scans

Problem to solve

As a customer I would like to ensure my DAST scan is able to access a site that is protected by mutual TLS authentication.

This has been implemented for legacy scans in the issue #299596 (closed).

Proposal

Follow the guidelines outlined for Chromium: https://chromium.googlesource.com/chromium/src/+/refs/heads/lkgr/docs/linux/cert_management.md. We will need the user to provide a certificate, and optionally the username/password for the certificate file.

We will need to setup an e2e test to ensure this works in various configurations.

Intended users

Sasha (Software Developer)
Sam (Security Analyst)

What does success look like, and how can we measure that?

A user can supply a certificate and it successfully imports into the browser. We can measure this by ensuring e2e tests are created to handle the various cases (with/without credentials for the certificate).

What is the type of buyer?

Gold/Ultimate

Links / references

Edited Jan 10, 2022 by Cameron Swords