Investigate using DVWA in DAST testing
With the move to Browserker it appears that tests that targeted Webgoat no longer have the same reported vulnerabilities, it has been confirmed that these are ZAP based and false positives (see https://gitlab.com/gitlab-org/gitlab/-/issues/461031#note_1900460408 )
Investigate using DVWA in the following tests:
-
ee/browser_ui/13_secure/on_demand_dast_spec.rb
(as per https://gitlab.com/gitlab-org/gitlab/-/issues/460685 ) -
https://gitlab.com/gitlab-org/security-products/tests/dast-e2e
References
DVWA as a test in Browserker:
DVWA as a container package: