Run Browserker active checks in DAST
Problem
The DAST team have spent time building custom active checks. Currently, these are not running on a browser-based DAST scan.
Proposal
Document and run custom active checks.
Implementation plan
-
Document the 22.1
active check in the DAST documentation.- This can either be done manually, or generated with the passive check documentation. Any solution should be tailed toward getting it done quickly (MVP). (done in another issue/MR)
-
Enable the 22.1
check in DAST/ZAP for a browser-based full scan (make other browserker active checks will not run) -
Disable the 6
ZAP check in DAST/ZAP for a browser-based full scan. -
Ensure that all other ZAP active checks run for a browser-based full scan. -
Note: only release an MR turning it on when feature is tested and other engineers/product team agrees.
Edited by Cameron Swords