From b55e6e4c3c71d588f412712f82b4b571f9d792cd Mon Sep 17 00:00:00 2001
From: Greg Myers <gmyers@gitlab.com>
Date: Tue, 28 Jun 2022 15:31:15 +0000
Subject: [PATCH] Note about checking web access logs for DAST insight

Web access logs from a target endpoint can provide
additional insight into what a DAST scan is/was
doing at a given time.
---
 doc/user/application_security/dast/dast_troubleshooting.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/user/application_security/dast/dast_troubleshooting.md b/doc/user/application_security/dast/dast_troubleshooting.md
index 50570b899201d..0c7a9806c72d4 100644
--- a/doc/user/application_security/dast/dast_troubleshooting.md
+++ b/doc/user/application_security/dast/dast_troubleshooting.md
@@ -102,3 +102,8 @@ To avoid this error, make sure you are using the latest stable version of Docker
 ## Lack of IPv6 support
 
 Due to the underlying [ZAProxy engine not supporting IPv6](https://github.com/zaproxy/zaproxy/issues/3705), DAST is unable to scan or crawl IPv6-based applications.
+
+## Additional insight into DAST scan activity
+
+For additional insight into what a DAST scan is doing at a given time, you may find it helpful to review
+the web server access logs for a DAST target endpoint during or following a scan.
-- 
GitLab