Re: x-dynatrace-test and Security scans?

AntonioSousa · ‎21 Mar 2022

I have cases where security scans are being done on a normal basis.

I have been wondering if I could use the x-dynatrace-test header used by load testing tools, to also be used by security scanning software to pass information into Dynatrace...

Has anybody used this in this context?

Antonio Sousa

JamesKitson · ‎21 Mar 2022

This is a pretty common use-case. If you haven't seen it already we have this page in our documentation that describes what you can do:

https://www.dynatrace.com/support/help/setup-and-configuration/integrations/third-party-integrations...

AntonioSousa · ‎21 Mar 2022

@JamesKitson,

Probably, I did not phrase it the best way, so I edited it. What I was thinking is to use the header with security tools. Quite frankly, most of the security tools I know don't even have that notion, but some do, as for instance the open source ZAP proxy. Other tools like BurpSuite & Nessus also seem to have extensions that might make it possible.

I believe the use-cases you refer to are load testing ones. Or do you know of some integrations with security related software?

Antonio Sousa

JamesKitson · ‎21 Mar 2022

Ah I see - the update is a little clearer. I'm not aware of this being done but if the tool gives you the ability to set custom headers on the test traffic which seems like it would be common then yes you could use the same approach to find that traffic.

Also it would not need to follow the naming convention/header that we recommend for performance tests, you could give it a more meaningful name. I'll leave it to others if they have any experience in practice.