UX Theme: Increase adoption by making DAST more approachable for new users
UX Theme
Increase adoption by making DAST more approachable for new users
Beneficiary
- New users of DAST
Need & JTBD
-
JTBD:
- When committing changes to my project, I want to know if I introduced any business-critical vulnerabilities, So that I can address them prior to sending my code for review.
- When I am ready to release changes into production, I want to verify it is safe to release, So that I can release the changes responsibly.
- When I am assessing the security of my application in production, I want to know whether my app is currently vulnerable, So I can address detected business-critical vulnerabilities.
-
Need:
- Ability to understand the value and purpose of DAST
- Ability set up DAST without being an expert in application security
Business objective
Increase adoption by improving the learnability of DAST, especially for first-time users.
Confidence
| Confidence | Research |
|---|---|
| Medium | gitlab-design#1814 (closed), #356421 |
Subthemes
Feature/solution subthemes
| Opportunity | Issue link | UX Weight | Workflow status |
|---|---|---|---|
| &7631 (closed) | 4 |
|
|
| &7632 (closed) | 4 |
|
|
| Improve the usability of profiles |
#352067 #326767 (closed) |
5 |
workflowdesign Scheduled for %15.3 |
| Users still have problems understanding aspects of the DAST config interface | #356421 | 3 | workflowready for design |
| Users misinterpret “active” scan mode, thinking it represents the scan being enabled or in-progress | #356441 | 2 | workflowready for design |
| DAST config: users found the “edit” and “change profile” actions to be ambiguous and redundant | #356418 | 2 | workflowready for design |
| A number of users expected to find pre-build profiles that they could use when configuring DAST scanning. | #356439 | – | workflowready for design |
| Display the current configuration parameters when a security tool is in use | #347489 | 3 | workflowready for design |
| Iterate on the placement of "saved scans" so that they are easier to find | #366691 | 3 | workflowready for design |
| Explore how we might provide more detail about pre-scan verification errors are so that they are easier to act on. | #366692 | 5 | workflowready for design |
Research subthemes
| Opportunity | Issue link | Research type |
|---|---|---|
| Conduct research to understand users’ expectations when enabling a security scanner | #356454 | UX problem validation |
Edited by Michael Fangman