Merge branch 'sethgitlab-authenticated-scans-warning' into 'master'

Added warning on authenticated scans See merge request gitlab-org/gitlab!28246

Merge branch 'sethgitlab-authenticated-scans-warning' into 'master'
Added warning on authenticated scans See merge request gitlab-org/gitlab!28246
299208bf · Russell Dickenson · 1c9e3c40 · 764dd691 · 299208bf
Commit 299208bf authored Apr 14, 2020 by Russell Dickenson
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

doc/user/application_security/dast/index.md doc/user/application_security/dast/index.md +3 -0

No files found.
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -148,6 +148,9 @@ The results will be saved as a
 that you can later download and analyze.
 Due to implementation limitations, we always take the latest DAST artifact available.

+DANGER: **Danger:**
+**DO NOT** run an authenticated scan against a production server. When an authenticated scan is run, it may perform *any* function that the authenticated user can. This includes modifying and deleting data, submitting forms, following links, and so on. Only run an authenticated scan against a test server.
+
 ### Full scan

 DAST can be configured to perform [ZAP Full Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan), which