Doc Consistency: user/application_security - dynamic analysis

cbfcc4a3 · Niklas · Russell Dickenson · b5ba302e · cbfcc4a3 · cbfcc4a3
Commit cbfcc4a3 authored Oct 21, 2021 by Niklas Committed by Russell Dickenson Oct 21, 2021
6 changed files
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -111,12 +111,9 @@ To generate an API Fuzzing configuration snippet:

 ### OpenAPI Specification

-> Support for OpenAPI Specification v3.1 was
-> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327268) in GitLab 14.2.
-> Support for OpenAPI Specification using YAML format was
-> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330583) in GitLab 14.0.
-> Support for OpenAPI Specification v3.0 was
-> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/228652) in GitLab 13.9.
+> - Support for OpenAPI Specification v3.0 was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/228652) in GitLab 13.9.
+> - Support for OpenAPI Specification using YAML format was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330583) in GitLab 14.0.
+> - Support for OpenAPI Specification v3.1 was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327268) in GitLab 14.2.

 The [OpenAPI Specification](https://www.openapis.org/) (formerly the Swagger Specification) is an API description format for REST APIs.
 This section shows you how to configure API fuzzing using an OpenAPI Specification to provide information about the target API to test.
@@ -214,7 +211,7 @@ To configure API fuzzing to use a HAR file:
   ```

 1. Provide the location of the HAR specification. You can provide the specification as a file
-   or URL. [URL support was introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
+   or URL. URL support was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
   in GitLab 13.10 and later. Specify the location by adding the `FUZZAPI_HAR` variable.

 1. The target API instance's base URL is also required. Provide it by using the `FUZZAPI_TARGET_URL`
@@ -285,7 +282,7 @@ To configure API fuzzing to use a Postman Collection file:
   ```

 1. Provide the location of the Postman Collection specification. You can provide the specification
-   as a file or URL. [URL support was introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
+   as a file or URL. URL support was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
   in GitLab 13.10 and later. Specify the location by adding the `FUZZAPI_POSTMAN_COLLECTION`
   variable.

@@ -613,15 +610,15 @@ Overrides use a JSON document, where each type of override is represented by a J
  },
  "body-form":  {
    "form-param1": "value",
-    "form-param1": "value",
+    "form-param2": "value"
  },
  "body-json":  {
    "json-path1": "value",
-    "json-path2": "value",
+    "json-path2": "value"
  },
  "body-xml" :  {
    "xpath1":    "value",
-    "xpath2":    "value",
+    "xpath2":    "value"
  }
 }
 ```
@@ -975,7 +972,7 @@ reported.

 ### View details of an API Fuzzing vulnerability

-> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.7.
+> Introduced in GitLab 13.7.

 Faults detected by API Fuzzing occur in the live web application, and require manual investigation
 to determine if they are vulnerabilities. Fuzzing faults are included as vulnerabilities with a

--- a/doc/user/application_security/coverage_fuzzing/index.md
+++ b/doc/user/application_security/coverage_fuzzing/index.md
@@ -146,7 +146,7 @@ corpus.

 ### Reports JSON format

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220062) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3 as an [Alpha feature](https://about.gitlab.com/handbook/product/gitlab-the-product/#alpha).
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220062) in GitLab 13.3 as an [Alpha feature](https://about.gitlab.com/handbook/product/gitlab-the-product/#alpha).

 The `gitlab-cov-fuzz` tool emits a JSON report file. For more information, see the
 [schema for this report](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/coverage-fuzzing-report-format.json).

--- a/doc/user/application_security/dast/browser_based.md
+++ b/doc/user/application_security/dast/browser_based.md
@@ -127,7 +127,6 @@ dast:
    DAST_BROWSER_ACTION_TIMEOUT: "10s"
    DAST_BROWSER_STABILITY_TIMEOUT: "15s"
    DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT: "15s"
-    DAST_BROWSER_ACTION_TIMEOUT: "10s"
    DAST_BROWSER_ACTION_STABILITY_TIMEOUT: "3s"
 ```


--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -320,8 +320,8 @@ tips for optimizing DAST scans in a [blog post](https://about.gitlab.com/blog/20

 ### API scan

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10.
-> - A new DAST API scanning engine was introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.10.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10928) in GitLab 12.10.
+> - A new DAST API scanning engine was introduced in GitLab 13.10.

 Using an API specification as a scan's target is a useful way to seed URLs for scanning an API.
 Vulnerability rules in an API scan are different than those in a normal website scan.
@@ -416,7 +416,7 @@ variables:

 ### URL scan

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214120) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.4.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214120) in GitLab 13.4.
 > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/273141) in GitLab 13.11.

 A URL scan allows you to specify which parts of a website are scanned by DAST.
@@ -492,7 +492,7 @@ Click **View details** to view the web console output which includes the list of

 ### View details of a vulnerability detected by DAST

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36332) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36332) in GitLab 13.1.

 Vulnerabilities detected by DAST occur in the live web application. Addressing these types of
 vulnerabilities requires specific information. DAST provides the information required to

--- a/doc/user/application_security/dast/run_dast_offline.md
+++ b/doc/user/application_security/dast/run_dast_offline.md
@@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: reference, howto
 ---

-# Run DAST in an offline environment
+# Run DAST in an offline environment **(ULTIMATE)**

 For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
 to external resources through the internet, some adjustments are required for the DAST job to

--- a/doc/user/application_security/dast_api/index.md
+++ b/doc/user/application_security/dast_api/index.md
@@ -681,15 +681,15 @@ Overrides use a JSON document, where each type of override is represented by a J
  },
  "body-form":  {
    "form-param1": "value",
-    "form-param1": "value",
+    "form-param2": "value"
  },
  "body-json":  {
    "json-path1": "value",
-    "json-path2": "value",
+    "json-path2": "value"
  },
  "body-xml" :  {
    "xpath1":    "value",
-    "xpath2":    "value",
+    "xpath2":    "value"
  }
 }
 ```