馃搻 Dynamic Analysis - 15.5 Planning
馃敀 Secure, Dynamic Analysis
Assess your applications and services by scanning your running application for vulnerabilities and weaknesses.
devopssecure groupdynamic analysis
DAST (Web)
| Feature | Issue | Priority | Deliverable |
|---|---|---|---|
| Change DAST On-demand API Scanning Engine | &8406 (closed), #373776 (closed) | milestonep1 | TBD |
| Add support for site validation from Drawer | #363274 (closed) | milestonep2 | No |
Browser-based DAST Engine
| Feature | Issue | Priority | Deliverable |
|---|---|---|---|
| Standardize encoding in YAML check definition files | #375621 (closed) | milestonep1 | TBD |
| Active attacks can inject into multipart form value request bodies | #367034 (closed) | milestonep2 | TBD |
| Active attacks can inject into the request path | #367036 (closed) | milestonep3 | TBD |
| Active check attacks can constrain the injection locations to specific locations | #367978 (closed) | milestonep4 | TBD |
| Parse DAST CWE active check YAML files | #367230 (closed) | milestonep4 | TBD |
API Security (DAST API & API Fuzzing)
| Feature | Issue | Priority | Deliverable |
|---|---|---|---|
| Change DAST On-demand API Scanning Engine | &8406 (closed) | milestonep1 | TBD |
| Java Spring Boot Rest API discovery refinement | #362659 (closed) | milestonep2 | No |
| Migrate to .NET 6 | #345188 (closed) | milestonep3 | TBD |
Coverage-guided Fuzzing
| Feature | Issue | Priority | Deliverable |
|---|---|---|---|
| No work planned |
Themes
馃摎 Documentation priorities
| Issue | Technical writing weight |
|---|---|
| Add crawl graph to scan artifacts (#345354 - closed) | tw-weight3 |
| TOTAL | 11 |
In-progress UX work
Release Post Candidates
-
DAST API with API Security analyzer GA -
GraphQL Schema support for DAST API -
Add support for site validation from Drawer -
Allow changing the port(s) used by API Security -
Add Authentication Options for DAST API On-Demand screens - Adding this issue since it's now in workflowverification, though I also see it's blocked by another issue. Adding it in case it makes its way into this release as it's potentially a good one to highlight.
Checklist
Edited by Thomas Woodham