21 Mar 2022 08:13 PM - last edited on 22 Mar 2022 07:57 AM by MaciejNeumann
I have cases where security scans are being done on a normal basis.
I have been wondering if I could use the x-dynatrace-test header used by load testing tools, to also be used by security scanning software to pass information into Dynatrace...
Has anybody used this in this context?
21 Mar 2022 08:16 PM
This is a pretty common use-case. If you haven't seen it already we have this page in our documentation that describes what you can do:
21 Mar 2022 09:03 PM - edited 21 Mar 2022 09:04 PM
Probably, I did not phrase it the best way, so I edited it. What I was thinking is to use the header with security tools. Quite frankly, most of the security tools I know don't even have that notion, but some do, as for instance the open source ZAP proxy. Other tools like BurpSuite & Nessus also seem to have extensions that might make it possible.
I believe the use-cases you refer to are load testing ones. Or do you know of some integrations with security related software?
21 Mar 2022 09:57 PM
Ah I see - the update is a little clearer. I'm not aware of this being done but if the tool gives you the ability to set custom headers on the test traffic which seems like it would be common then yes you could use the same approach to find that traffic.
Also it would not need to follow the naming convention/header that we recommend for performance tests, you could give it a more meaningful name. I'll leave it to others if they have any experience in practice.