Merge branch '434146-update-dast-check-docs' into 'master'

Update Documentation for Available Active Checks See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/139068 Merged-by: Russell Dickenson <rdickenson@gitlab.com> Approved-by: Russell Dickenson <rdickenson@gitlab.com> Co-authored-by: Arpit Gogia <12347103-arpitgogia@users.noreply.gitlab.com>

Merge branch '434146-update-dast-check-docs' into 'master'
92f07f10 · Russell Dickenson · c1adaaaf · 77c4077e · 92f07f10 · 92f07f10
--- a/doc/user/application_security/dast/checks/1004.1.md
+++ b/doc/user/application_security/dast/checks/1004.1.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Sensitive cookie without HttpOnly attribute

--- a/doc/user/application_security/dast/checks/113.1.md
+++ b/doc/user/application_security/dast/checks/113.1.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Improper Neutralization of CRLF Sequences in HTTP Headers

--- a/doc/user/application_security/dast/checks/1336.1.md
+++ b/doc/user/application_security/dast/checks/1336.1.md
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server-Side Template Injection
+
+## Description
+
+The application is vulnerable to Server-Side Template Injection (SSTI), which enables attackers to
+manipulate templates on the server side. This vulnerability arises when untrusted user input is
+directly used in server-side templates without adequate sanitization. Attackers can exploit this
+weakness to inject and execute arbitrary code in templates, potentially compromising the
+system's integrity and confidentiality.
+
+## Remediation
+
+User-controlled data should always have special elements neutralized when used as part of
+constructing Expression Language statements. Please consult the documentation for the template
+system in use on how properly neutralize user-controlled data.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 1336.1 | false | 1336 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/1336.html)
+- [Testing for Server-side Template Injection](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection)
--- a/doc/user/application_security/dast/checks/16.1.md
+++ b/doc/user/application_security/dast/checks/16.1.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Missing Content-Type header

--- a/doc/user/application_security/dast/checks/16.10.md
+++ b/doc/user/application_security/dast/checks/16.10.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Content-Security-Policy violations

--- a/doc/user/application_security/dast/checks/16.11.md
+++ b/doc/user/application_security/dast/checks/16.11.md
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# TRACE HTTP method enabled
+
+## Description
+
+The debug TRACE method was found to be enabled on the target web server. This
+HTTP method reflects HTTP request data back to the user in a response. In some circumstances
+this information may include sensitive data that is applied by intermediary proxies.
+
+## Remediation
+
+The TRACE HTTP method is for debugging only and should not be enabled on production
+sites.
+
+For Apache based web servers, ensure the `TraceEnable` directive is either removed or set to
+`off`.
+
+For Microsoft Servers, remove the registry parameter named "EnableTraceMethod" found in the below
+registry key:
+
+- `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters`
+
+For all other server types, please consult your product's documentation on how to disable the TRACE method.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.11 | false | 16 | Active | high |
+
+## Links
+
+- [RFC](https://datatracker.ietf.org/doc/html/rfc9110.html#section-9.3.8)
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [Apache TraceEnable](https://httpd.apache.org/docs/2.4/mod/core.html#traceenable)
--- a/doc/user/application_security/dast/checks/16.2.md
+++ b/doc/user/application_security/dast/checks/16.2.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Server header exposes version information

--- a/doc/user/application_security/dast/checks/16.3.md
+++ b/doc/user/application_security/dast/checks/16.3.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # X-Powered-By header exposes version information

--- a/doc/user/application_security/dast/checks/16.4.md
+++ b/doc/user/application_security/dast/checks/16.4.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # X-Backend-Server header exposes server information

--- a/doc/user/application_security/dast/checks/16.5.md
+++ b/doc/user/application_security/dast/checks/16.5.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # AspNet header exposes version information

--- a/doc/user/application_security/dast/checks/16.6.md
+++ b/doc/user/application_security/dast/checks/16.6.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # AspNetMvc header exposes version information

--- a/doc/user/application_security/dast/checks/16.7.md
+++ b/doc/user/application_security/dast/checks/16.7.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Strict-Transport-Security header missing or invalid

--- a/doc/user/application_security/dast/checks/16.8.md
+++ b/doc/user/application_security/dast/checks/16.8.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Content-Security-Policy analysis

--- a/doc/user/application_security/dast/checks/16.9.md
+++ b/doc/user/application_security/dast/checks/16.9.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Content-Security-Policy-Report-Only analysis

--- a/doc/user/application_security/dast/checks/200.1.md
+++ b/doc/user/application_security/dast/checks/200.1.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Exposure of sensitive information to an unauthorized actor (private IP address)

--- a/doc/user/application_security/dast/checks/209.1.md
+++ b/doc/user/application_security/dast/checks/209.1.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Generation of error message containing sensitive information

--- a/doc/user/application_security/dast/checks/209.2.md
+++ b/doc/user/application_security/dast/checks/209.2.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Generation of database error message containing sensitive information

--- a/doc/user/application_security/dast/checks/22.1.md
+++ b/doc/user/application_security/dast/checks/22.1.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Improper limitation of a pathname to a restricted directory (Path traversal)

--- a/doc/user/application_security/dast/checks/287.1.md
+++ b/doc/user/application_security/dast/checks/287.1.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Insecure authentication over HTTP (Basic Authentication)

--- a/doc/user/application_security/dast/checks/287.2.md
+++ b/doc/user/application_security/dast/checks/287.2.md
 ---
 stage: Secure
 group: Dynamic Analysis
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---

 # Insecure authentication over HTTP (Digest Authentication)