Home / Companies / GitLab / Blog / Post Details
Content Deep Dive

How to configure DAST full scans for complex web applications

Blog post from GitLab

Post Details
Company
Date Published
Author
Dennis Appelt
Word Count
2,121
Company Posts That Month
23
Language
English
Hacker News Points
-
Post removed?
No
Summary

Shifting Dynamic Application Security Testing (DAST) left in the software development lifecycle allows for earlier detection of security vulnerabilities, but it introduces challenges like excessive alerts and high computational costs from frequent CI security jobs. The blog post outlines the configuration and optimization of DAST for the GitLab web application, addressing common issues such as managing scan durations, obtaining relevant results, and reducing alert fatigue. To optimize scan durations, techniques like excluding low-risk pages, using appropriate test data, and parallelizing jobs are recommended. The post emphasizes the importance of tailoring DAST rules to the application's specific context to avoid irrelevant tests, which can be achieved by disabling certain rules and running jobs in parallel. By sharing GitLab's internal practices and experiences, the post aims to inspire others to enhance their own DAST configurations and encourages feedback and shared learning within the community.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.