Solution Validation: DAST on-demand scan creating profiles
What’s this issue all about?
We are planning to introduce using profiles to setup DAST on-demand scans. We would like to verify the design for the major scenarios and verify can they success main tasks
- Scenarios 1: User is completely new to on-demand scan, no previous scan created, no profile created
- Task 1: Are users understand that they need to profiles before creating a scan
- Task 2: Are users understand the purpose of using profiles
- Task 3: Are users able to finish the site profile with the site validation
- Task 4: Are users able to the scanner profile
- Task 5: Are users able to create a new scan
- Task 6: Are users able to view the results of the scans
Who is the target user of the feature?
- Security Analytics
- Security Engineers
What questions are you trying to answer?
Core questions
- What do user think of the values of having configuration profiles
- Are users able to finish tasks mentioned in the first sections
- how do people understand the flow
- is there any obstacles which stop user finish tasks
- is there a confusing of the name "scanner profile"
- What do you think about validation a target site, do they have this feature
- What does the user think about the validation process? difficult?
- What do they understand the purpose of validation
- How long do they think the validation process should take
- How often user change the profile settings
What hypotheses and/or assumptions do you have?
- The current design is good for users to create on-demand scan with profiles
- User want to validate the profile once
- User's additional need which could help us decide the next step could be:
- View report
- Live editing/creating profiles
What decisions will you make based on the research findings?
- Updates on current design: any usability flaws/improvements
- Nex step design focus: displaying or live editing profile during creation.
What's the latest milestone that the research will still be useful to you?
TODO Checklist
-
PD + UXR: complete a research plan. -
PD: draft prototype what to test -
PD: draft script -
PDM/UXR: review a script -
(Optional) Dry run -> update prototype/scrcipts -
PD: draft a screener -
UXR: review the screener. -
PD: open a recruiting request, and assist research coordinator with scheduling participants. -
PD: moderate interviews. -
PD: ask the Research Coordinator to reimburse participants. -
PD + UXR + PM(Optional): analyze and synthesize the data collaboratively. -
PD: document the findings. -
PD: if applicable, unmarks this issue as confidential before closing it. -
PD (optional): hold a debrief session with PD and other interested stakeholders.
Edited by Annabel Dunstone Gray