cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

x-dynatrace-test and Security scans?

AntonioSousa
DynaMight Guru
DynaMight Guru

I have cases where security scans are being done on a normal basis.

I have been wondering if I could use the x-dynatrace-test header used by load testing tools, to also be used by security scanning software to pass information into Dynatrace...

Has anybody used this in this context?

Antonio Sousa
3 REPLIES 3

JamesKitson
Dynatrace Guru
Dynatrace Guru

This is a pretty common use-case. If you haven't seen it already we have this page in our documentation that describes what you can do:

 

https://www.dynatrace.com/support/help/setup-and-configuration/integrations/third-party-integrations...

AntonioSousa
DynaMight Guru
DynaMight Guru

@JamesKitson,

Probably, I did not phrase it the best way, so I edited it. What I was thinking is to use the header with security tools. Quite frankly, most of the security tools I know don't even have that notion, but some do, as for instance the open source ZAP proxy. Other tools like BurpSuite & Nessus also seem to have extensions that might make it possible.

I believe the use-cases you refer to are load testing ones. Or do you know of some integrations with security related software?

Antonio Sousa

Ah I see - the update is a little clearer. I'm not aware of this being done but if the tool gives you the ability to set custom headers on the test traffic which seems like it would be common then yes you could use the same approach to find that traffic. 

Also it would not need to follow the naming convention/header that we recommend for performance tests, you could give it a more meaningful name. I'll leave it to others if they have any experience in practice.

Featured Posts