Merge branch 'russell/clarify-dast-cookie-handling' into 'master'

Document DAST cookie handling See merge request gitlab-org/gitlab!50923

Merge branch 'russell/clarify-dast-cookie-handling' into 'master'
Document DAST cookie handling See merge request gitlab-org/gitlab!50923
9b4fe6d0 · Suzanne Selhorn · 6d99ecd2 · 0d65061f · 9b4fe6d0
Commit 9b4fe6d0 authored Jan 07, 2021 by Suzanne Selhorn
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

doc/user/application_security/dast/index.md doc/user/application_security/dast/index.md +4 -0

No files found.
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -183,6 +183,10 @@ To create masked variables for the username and password, see [Create a custom v
 Note that the key of the username variable must be `DAST_USERNAME`
 and the key of the password variable must be `DAST_PASSWORD`.

+After DAST has authenticated with the application, all cookies are collected from the web browser.
+For each cookie a matching session token is created for use by ZAP. This ensures ZAP is recognized
+by the application as correctly authenticated.
+
 Other variables that are related to authenticated scans are:

 ```yaml