Audit & Improve DAST documentation

• Summary
• Proposal

Summary

As part of a KR to improve documentation accuracy in devopsapplication security testing we need to audit the DAST configuration page. We were given the following feedback:

Each variable is explained. However a process flow diagram showing where I could use the variables at each stage of a DAST login, waiting after auth would be very helpful. Also a link to real examples using it would help in working out how it would be used.

Additionally, we were given this feedback, but it might not be relevant

the tutorial on how to configure DAST was also outdated, as the code used was deemed invalid by the pipeline editor on gitlab.

Proposal

We plan to create 2 diagrams to address this issue:

• 1 mermaid authentication flow diagram,
• 1 mermaid diagram of zoomed in view of a single crawler action and how that might affect timeouts. After some discussion with @DavidNelsonGL who has a very good understanding of what the customers have trouble understanding, the above actions would be most beneficial to our customers.

/cc @johncrowley @gitlab-org/secure/dynamic-analysis