Browse articles from Security
Recent posts
Security
The 2023 bug bounty year in review
GitLab's bug bounty program had an incredible year. Learn more about the prizes awarded and the bug reporters who won them.
Security
How GitLab's Red Team automates C2 testing
Learn how to apply professional development practices to Red Teams using open source command and control tools.
Security
Stealth operations: The evolution of GitLab's Red Team
We discuss how GitLab's Red Team has matured over the years, evolving from opportunistic hacking to stealth adversary emulation.
Security
Tips to configure browser-based DAST scans
Learn how to use the browser-based analyzer with common dynamic application security testing settings, based on web application attributes, to ensure successful scans.
Security
GitLab’s response to a high severity vulnerability impacting curl and libcurl
Learn about CVE-2023-38545, which leverages a heap buffer overflow through the SOCKS5 protocol, and what it means for GitLab customers.
Security
Introducing GitLab browser-based active checks in DAST
As of GitLab 16.4, or DAST 4.0.9, browser-based DAST active scans will search for path traversal vulnerabilities using the GitLab check 22.1 instead of the ZAP alert 6.
Security
Ask a hacker - 0xn3va
Vladislav Nechakhin or @0xn3va, one of our top 10 hacker contributors, joined us for an AMA and details his approach and strategy for bug bounty hunting.
Find out which plan works best for your team
Learn about pricingLearn about what GitLab can do for your team
Talk to an expert