馃搻 Dynamic Analysis - 15.4 Planning
馃敀 Secure, Dynamic Analysis
Assess your applications and services by scanning your running application for vulnerabilities and weaknesses.
devopssecure groupdynamic analysis
DAST (Web)
Feature | Issue | Priority | Deliverable |
---|---|---|---|
Change DAST On-demand API Scanning Engine | &8406 (closed) | milestonep1 | TBD |
Add support for site validation from Drawer | #363274 (closed) | milestonep2 | No |
Browser-based DAST Engine
Feature | Issue | Priority | Deliverable |
---|---|---|---|
CWE-78: OS Command Injection Plugin Specification - Active | https://gitlab.com/gitlab-org/gitlab/-/issues/327810 | milestonep1 | TBD |
Match response attacks can have more than one matcher | #369089 (closed) | milestonep2 | TBD |
Active attacks can inject into multipart form value request bodies | #367034 (closed) | milestonep3 | TBD |
Active attacks can inject into JSON request bodies | #367033 (closed) | milestonep3 | TBD |
Active attacks can inject into the request path | #367036 (closed) | milestonep3 | TBD |
Parse DAST CWE active check YAML files | #367230 (closed) | milestonep4 | TBD |
Active check attacks can constrain the injection locations to specific locations | #367978 (closed) | milestonep4 | TBD |
Checks can match on response status | #369081 (closed) | milestonep4 | TBD |
API Security (DAST API & API Fuzzing)
Feature | Issue | Priority | Deliverable |
---|---|---|---|
GraphQL Schema support | #352780 (closed) | milestonep1 | Deliverable |
Java Spring Boot Rest API discovery refinement | #362659 (closed) | milestonep2 | No |
Change DAST On-demand API Scanning Engine | &8406 (closed) | milestonep2 | TBD |
Migrate to .NET 6 | #345188 (closed) | milestonep3 | TBD |
Coverage-guided Fuzzing
Feature | Issue | Priority | Deliverable |
---|---|---|---|
No work planned |
Themes
馃摎 Documentation priorities
Issue | Technical writing weight |
---|---|
Add crawl graph to scan artifacts (#345354 - closed) | tw-weight3 |
TOTAL | 11 |
In-progress UX work
Release Post Candidates
-
DAST API with API Security analyzer GA -
GraphQL Schema support for DAST API -
Add support for site validation from Drawer
Checklist
Edited by Derek Ferguson