Adding Support for a new tab for Scanner which can explain on how scanners can evaluation there performance #60
Description
Is your feature request related to a problem? Please describe.
If we read about the goals of VulnerableApp/VulnerableApp-Facade, this application is built to help scanners like DAST and SAST in evaluating themselves so in order to help SAST, projects need to provide a file-like VulnerabilityDefinition, similarly, for DAST, Vulnerable Applications expose Scanner endpoint which can be used by DAST like Owasp ZAP.
Our VulnerableApp/VulnerableApp-jsp/VulnerableApp-php all expose scanner endpoint, so if you start the application then visit
/<VulnerableApplicationName>/scanner endpoint, you can find the json data.
The requirement is to add a button in the header (or any other suitable place, upto the implementer) which is say Scanners or something suitable which is clicked and then it opens up a menu bar with 2 options, one for DAST and one for SAST.
In DAST, we need to explain, how DAST scanners can utilise the VulnerableApp-facade and similarly under SAST we need to explain, how SAST can utilise the VulnerableApp-facade.
Initial thought:
DAST /scanner endpoint data:
Apart from User interface work, we also need to add a merging logic in LUA such that when ever user enters /scanner endpoint, we merge responses from all /<VulnerableApplicationName>/scanner endpoints and show the result. Something similar to: https://github.com/SasanLabs/VulnerableApp-facade/blob/main/lua-modules/vulnerableapp_utility.lua
Content of DAST and SAST menu options
For content relation information look at: https://sasanlabs.github.io/VulnerableApp/HOW-TO-USE.html#how-sast-or-dast-can-use-the-project