feat: DAST

Signed-off-by: QuentinN42 <quentin@lieumont.fr>
2024-11-25 19:13:57 +03:00 · 2023-03-16 15:09:49 -07:00 · 2023-03-16 15:09:49 -07:00 · 672ab9110b
commit 672ab9110b
parent f07d6a29c5
2 changed files with 33 additions and 2 deletions
--- a/docs/security/dast.rst
+++ b/docs/security/dast.rst
@ -0,0 +1,32 @@
+Dynamic Application Security Testing
+====================================
+
+Continuous security testing
+---------------------------
+
+One of the best way to stop wondering about security for your API is to be able to scan it each time you deploy it into
+staging or production environments. As you run your unit tests in your CI/CD pipeline, you can bullet-proof your GraphQL
+application before it even reaches a production environment.
+
+Security testing tools
+----------------------
+
+graphql.security
+________________
+
+`graphql.security`_ is a free, quick graphql security testing tool, allowing you to quickly assess the most common
+vulnerabilities in your application.
+
+Escape
+______
+
+`Escape`_ is a GraphQL security SaaS platform running an automated pentest tool.
+
+You can effortlessly incorporate this platform into your current CI/CD pipeline such as Github Actions or Gitlab CIs
+which makes it convenient to set up.
+
+The security notifications will be automatically communicated to your CI/CD platform, enabling you to promptly attend to
+them.
+
+.. _graphql.security: https://graphql.security/
+.. _Escape: https://escape.tech/
--- a/docs/security/index.rst
+++ b/docs/security/index.rst
@ -19,7 +19,6 @@ the `Django documentation`_ on how to secure your API.
   maxdepth
   introspection
   customvalidation
-
-We have seen the most efficient way to secure your GraphQL API.
+   dast

 .. _Django documentation: https://docs.djangoproject.com/en/4.1/topics/security/