Merge branch 'russell/move-view-api-fuzzing-details' into 'master'

Move docs on how to view API fuzzing-detected vulnerabilities See merge request gitlab-org/gitlab!58640

Merge branch 'russell/move-view-api-fuzzing-details' into 'master'
Move docs on how to view API fuzzing-detected vulnerabilities See merge request gitlab-org/gitlab!58640
c24b93fd · Mike Jang · 3d93021f · 049883a3 · c24b93fd · c24b93fd
Commit c24b93fd authored Apr 06, 2021 by Mike Jang
Showing with 37 additions and 40 deletions

doc/user/application_security/api_fuzzing/index.md doc/user/application_security/api_fuzzing/index.md +37 -3

doc/user/application_security/index.md doc/user/application_security/index.md +0 -37

No files found.
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -953,7 +953,7 @@ faults it reports.
 ## Viewing fuzzing faults
 The API Fuzzing analyzer produces a JSON report that is collected and used
-[to populate the faults into GitLab vulnerability screens](../index.md#view-details-of-an-api-fuzzing-vulnerability).
+[to populate the faults into GitLab vulnerability screens](#view-details-of-an-api-fuzzing-vulnerability).
 Fuzzing faults show up as vulnerabilities with a severity of Unknown.
 The faults that API fuzzing finds require manual investigation and aren't associated with a specific
@@ -962,8 +962,42 @@ they should be fixed. See [handling false positives](#handling-false-positives)
 for information about configuration changes you can make to limit the number of false positives
 reported.
-For additional information, see
+### View details of an API Fuzzing vulnerability
-[View details of an API Fuzzing vulnerability](../index.md#view-details-of-an-api-fuzzing-vulnerability).
+> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.7.
+Faults detected by API Fuzzing occur in the live web application, and require manual investigation
+to determine if they are vulnerabilities. Fuzzing faults are included as vulnerabilities with a
+severity of Unknown. To facilitate investigation of the fuzzing faults, detailed information is
+provided about the HTTP messages sent and received along with a description of the modification(s)
+made.
+Follow these steps to view details of a fuzzing fault:
+1. You can view faults in a project, or a merge request:
+   - In a project, go to the project's **{shield}** **Security & Compliance > Vulnerability Report**
+     page. This page shows all vulnerabilities from the default branch only.
+   - In a merge request, go the merge request's **Security** section and click the **Expand**
+     button. API Fuzzing faults are available in a section labeled
+     **API Fuzzing detected N potential vulnerabilities**. Click the title to display the fault
+     details.
+1. Click the fault's title to display the fault's details. The table below describes these details.
+   | Field               | Description                                                                             |
+   |:--------------------|:----------------------------------------------------------------------------------------|
+   | Description         | Description of the fault including what was modified.                                   |
+   | Project             | Namespace and project in which the vulnerability was detected.                          |
+   | Method              | HTTP method used to detect the vulnerability.                                           |
+   | URL                 | URL at which the vulnerability was detected.                                            |
+   | Request             | The HTTP request that caused the fault.                                                 |
+   | Unmodified Response | Response from an unmodified request. This is what a normal working response looks like. |
+   | Actual Response     | Response received from fuzzed request.                                                  |
+   | Evidence            | How we determined a fault occurred.                                                     |
+   | Identifiers         | The fuzzing check used to find this fault.                                              |
+   | Severity            | Severity of the finding is always Unknown.                                              |
+   | Scanner Type        | Scanner used to perform testing.                                                        |
 ### Security Dashboard

--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -178,43 +178,6 @@ authorization credentials. By default, content of specific headers are masked in
 reports. You can specify the list of all headers to be masked. For details, see
 [Hide sensitive information](dast/index.md#hide-sensitive-information).
-## View details of an API Fuzzing vulnerability
-> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.7.
-Faults detected by API Fuzzing occur in the live web application, and require manual investigation
-to determine if they are vulnerabilities. Fuzzing faults are included as vulnerabilities with a
-severity of Unknown. To facilitate investigation of the fuzzing faults, detailed information is
-provided about the HTTP messages sent and received along with a description of the modification(s)
-made.
-Follow these steps to view details of a fuzzing fault:
-1. You can view faults in a project, or a merge request:
-   - In a project, go to the project's **{shield}** **Security & Compliance > Vulnerability Report**
-     page. This page shows all vulnerabilities from the default branch only.
-   - In a merge request, go the merge request's **Security** section and click the **Expand**
-     button. API Fuzzing faults are available in a section labeled
-     **API Fuzzing detected N potential vulnerabilities**. Click the title to display the fault
-     details.
-1. Click the fault's title to display the fault's details. The table below describes these details.
-| Field            | Description                                                        |
-|:-----------------|:------------------------------------------------------------------ |
-| Description      | Description of the fault including what was modified.              |
-| Project          | Namespace and project in which the vulnerability was detected.     |
-| Method           | HTTP method used to detect the vulnerability.                      |
-| URL              | URL at which the vulnerability was detected.                       |
-| Request          | The HTTP request that caused the fault.                       |
-| Unmodified Response | Response from an unmodified request. This is what a normal working response looks like. |
-| Actual Response  | Response received from fuzzed request.                             |
-| Evidence         | How we determined a fault occurred.                                |
-| Identifiers      | The fuzzing check used to find this fault.                         |
-| Severity         | Severity of the finding is always Unknown.                          |
-| Scanner Type     | Scanner used to perform testing.                                   |
 ## Addressing vulnerabilities
 > Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.8.