debian-mirror-gitlab/doc/user/application_security/dast/checks/index.md
2022-05-07 20:08:51 +05:30

1.5 KiB

stage group info
Secure Dynamic Analysis To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

DAST browser-based crawler vulnerability checks (ULTIMATE)

The DAST browser-based crawler provides a number of vulnerability checks that are used to scan for vulnerabilities in the site under test.

ID Check Severity Type
1004.1 Sensitive cookie without HttpOnly attribute Low Passive
16.1 Missing Content-Type header Low Passive
16.2 Server header exposes version information Low Passive
16.3 X-Powered-By header exposes version information Low Passive
16.4 X-Backend-Server header exposes server information Info Passive
16.5 AspNet header exposes version information Low Passive
16.6 AspNetMvc header exposes version information Low Passive
200.1 Exposure of sensitive information to an unauthorized actor (private IP address) Low Passive
548.1 Exposure of information through directory listing Low Passive
598.1 Use of GET request method with sensitive query strings (session ID) Medium Passive
614.1 Sensitive cookie without Secure attribute Low Passive
693.1 Missing X-Content-Type-Options: nosniff Low Passive