Use Browserker authentication for normal DAST/ZAP scans

Proposal

DAST/ZAP and DAST/Browserker have similar implementations for authentication. This issue proposes to replace the DAST/ZAP Selenium authentication with the DAST/Browserker authentication to minimize the confusion experienced by customers using DAST.

Implementation details

• Orchestrate Browserker authentication from DAST when authentication settings are provided
• Ensure Browserker supports all the options for DAST/ZAP authentication
• Ensure users can always download the authentication report
• There is a possibility that authentication would happen in Chrome and an Ajax Scan would happen in Firefox Firefox will be removed in DAST 2.0.
• [-] Throw an error if authentication runs on a ZAP scan and no cookie value is added to the ZAP server (nice to have)
• Promote Browserker authentication documentation to the normal DAST authentication documentation
  • Document limitations with DAST/Browserker can accept session storage, while DAST/ZAP does not.
• [-] Ensure an on-demand scan works with Browserker authentication (covered by #333646 (closed))
• DAST/Browserker can accept session storage, while DAST/ZAP does not.
• [-] Remove the DAST Python authentication code (will be covered elsewhere)

References

This slack thread shows some of the challenges related to supporting multiple authentication mechanisms.

Summary:

If you’re not doing a browser-based scan:
[instructions]

If you are doing a browser-based scan:
[instructions]