Move DAST content

ccd6944b · Russell Dickenson · ece2b378 · ccd6944b · ccd6944b
Commit ccd6944b authored Apr 29, 2021 by Russell Dickenson
Showing with 32 additions and 39 deletions

doc/user/application_security/dast/index.md doc/user/application_security/dast/index.md +32 -0

doc/user/application_security/index.md doc/user/application_security/index.md +0 -39

No files found.
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -610,6 +610,38 @@ When using `DAST_PATHS` and `DAST_PATHS_FILE`, note the following:
 To perform a [full scan](#full-scan) on the listed paths, use the `DAST_FULL_SCAN_ENABLED` CI/CD variable.
+### View details of a vulnerability detected by DAST
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36332) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
+Vulnerabilities detected by DAST occur in the live web application. Addressing these types of
+vulnerabilities requires specific information. DAST provides the information required to
+investigate and rectify the underlying cause.
+To view details of vulnerabilities detected by DAST:
+1. To see all vulnerabilities detected, either:
+   - Go to your project and select **Security & Compliance**.
+   - Go to the merge request and select the **Security** tab.
+1. Select a vulnerability's description. The following details are provided:
+   | Field            | Description                                                        |
+   |:-----------------|:------------------------------------------------------------------ |
+   | Description      | Description of the vulnerability.                                  |
+   | Project          | Namespace and project in which the vulnerability was detected.     |
+   | Method           | HTTP method used to detect the vulnerability.                      |
+   | URL              | URL at which the vulnerability was detected.                       |
+   | Request Headers  | Headers of the request.                                            |
+   | Response Status  | Response status received from the application.                     |
+   | Response Headers | Headers of the response received from the application.             |
+   | Evidence         | Evidence of the data found that verified the vulnerability. Often a snippet of the request or response, this can be used to help verify that the finding is a vulnerability. |
+   | Identifiers      | Identifiers of the vulnerability.                                  |
+   | Severity         | Severity of the vulnerability.                                     |
+   | Scanner Type     | Type of vulnerability report.                                      |
+   | Links            | Links to further details of the detected vulnerability.            |
+   | Solution         | Details of a recommended solution to the vulnerability (optional). |
 ### Customizing the DAST settings
 WARNING:

--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -139,45 +139,6 @@ reports are available to download. To download a report, click on the
 ![Security widget](img/security_widget_v13_7.png)
-## View details of a DAST vulnerability
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36332) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
-Vulnerabilities detected by DAST occur in the live web application. Rectification of these types of
-vulnerabilities requires specific information. DAST provides the information required to
-investigate and rectify the underlying cause.
-To view details of DAST vulnerabilities:
-1. To see all vulnerabilities detected:
-   - In a project, go to the project's **{shield}** **Security & Compliance** page.
-   - Only in a merge request, go the merge request's **Security** tab.
-1. Select the vulnerability's description. The following details are provided:
-| Field            | Description                                                        |
-|:-----------------|:------------------------------------------------------------------ |
-| Description      | Description of the vulnerability.                                  |
-| Project          | Namespace and project in which the vulnerability was detected.     |
-| Method           | HTTP method used to detect the vulnerability.                      |
-| URL              | URL at which the vulnerability was detected.                       |
-| Request Headers  | Headers of the request.                                            |
-| Response Status  | Response status received from the application.                     |
-| Response Headers | Headers of the response received from the application.             |
-| Evidence         | Evidence of the data found that verified the vulnerability. Often a snippet of the request or response, this can be used to help verify that the finding is a vulnerability. |
-| Identifiers      | Identifiers of the vulnerability.                                  |
-| Severity         | Severity of the vulnerability.                                     |
-| Scanner Type     | Type of vulnerability report.                                      |
-| Links            | Links to further details of the detected vulnerability.            |
-| Solution         | Details of a recommended solution to the vulnerability (optional). |
-### Hide sensitive information in headers
-HTTP request and response headers may contain sensitive information, including cookies and
-authorization credentials. By default, content of specific headers are masked in DAST vulnerability
-reports. You can specify the list of all headers to be masked. For details, see
-[Hide sensitive information](dast/index.md#hide-sensitive-information).
 ## Addressing vulnerabilities
 > Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.8.