Changes
- Enable browser-based active check
918.1
Server-Side Request Forgery as an alpha attack (!831) - Upgrade browserker to
1.0.18
(!831)- Implement active check
918.1
Server-Side Request Forgery browserker!1230 - Don't clean URL paths when finding request path injection locations browserker!1230
- Implement active check
- Add
Via: GitLab DAST
header to target availability probe (!825) - Upgrade browserker to
1.0.17
(!823)- Enable active check 89.1 SQL Injection browserker!1226
- Enable browser-based active check
89.1 SQL Injection
as an alpha attack (!823) - Upgrade browserker to
1.0.16
(!824)- Enable active check
917.1
Expression Language Injection browserker!1218 - Upgrade vulnerability checks to version
1.0.60
browserker!1223- Update
89.1
and917.1
check descriptions and remediations dast-cwe-checks!224 - Add more payloads to
917.1
to cover more situations dast-cwe-checks!225
- Update
- Enable active check