Improve security configuration docs

doc/user/application_security/configuration/index.md

@@ -7,23 +7,37 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Security Configuration **(ULTIMATE)**
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
+> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4.
+> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4.
 
-The Security Configuration page displays the configuration state of each security feature in the
-current project. The page uses the project's latest default branch [CI pipeline](../../../ci/pipelines/index.md)
-to determine each feature's configuration state. If a job with the expected security report artifact
-exists in the pipeline, the feature is considered enabled.
+The Security Configuration page displays the configuration state of each security control in the
+current project.
 
-You can only enable SAST from the Security Configuration page. Documentation links are included for
-the other features. For details about configuring SAST, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
+To view a project's security configuration, go to the project's home page,
+then in the left sidebar, go to **Security & Compliance** > **Configuration**.
+
+## Status
+
+For each security control, the page displays the status and either a management option or a
+documentation link.
+
+The status of each security control is determined by the project's latest default branch
+[CI pipeline](../../../ci/pipelines/index.md).
+If a job with the expected security report artifact exists in the pipeline, the feature's status is
+_enabled_.
 
 NOTE: **Note:**
 If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
 all security features are configured by default.
 
-## View Security Configuration
+## Manage
 
-To view a project's security configuration:
+You can configure the following security controls:
 
-1. Go to the project's home page.
-1. In the left sidebar, go to **Security & Compliance** > **Configuration**.
+- Auto DevOps
+  - Click **Enable Auto DevOps** to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md).
+- SAST
+  - Click either **Enable** or **Configure** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
+- DAST Profiles
+  - Click **Manage** to manage the available DAST profiles used for on-demand scans. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).

doc/user/application_security/dast/index.md

@@ -367,7 +367,7 @@ dast:
     DAST_API_SPECIFICATION: api-specification.yml
 ```
 
-#### Full scan
+#### Full API scan
 
 API scans support full scanning, which can be enabled by using the `DAST_FULL_SCAN_ENABLED`
 environment variable. Domain validation is not supported for full API scans.
@@ -622,9 +622,10 @@ project dashboard.
 
 ### Site profile
 
-An on-demand scan requires a site profile, which includes a profile name and target URL. The profile
-name allows you to describe the site to be scanned. The target URL specifies the URL against which
-the DAST scan is run.
+An on-demand scan requires a site profile, which includes:
+
+- **Profile name**: A name you assign to the site to be scanned.
+- **Target URL**: The URL against which the DAST scan runs.
 
 ### Run an on-demand scan
 
@@ -636,23 +637,31 @@ Running an on-demand scan requires an existing site profile. If a site profile f
 doesn't exist, first [create a site profile](#create-a-site-profile). An on-demand DAST scan has
 a fixed timeout of 60 seconds.
 
-- Navigate to your project's home page, then click **On-demand Scans** in the left sidebar.
+- From your project's home page, go to **Security & Compliance > On-demand Scans** in the left sidebar.
 - Click **Create new DAST scan**.
 - Select a site profile from the profiles dropdown.
 - Click **Run scan**.
 
 #### Create a site profile
 
-- Navigate to your project's home page, then click **On-demand Scans** in the left sidebar.
-- Click **Create new DAST scan**.
-- Click **New Site Profile**.
+- From your project's home page, go to **Security & Compliance > Configuration** in the left sidebar.
+- Click **Manage** in the **DAST Profiles** row.
+- Click **New Profile > Site Profile**.
 - Type in a unique **Profile name** and **Target URL** then click **Save profile**.
 
+#### Edit a site profile
+
+- From your project's home page, go to **Security & Compliance > Configuration** in the left sidebar.
+- Click **Manage** in the **DAST Profiles** row.
+- Click **Edit** in the row of the profile to edit.
+- Edit the **Profile name** and **Target URL** then click **Save profile**.
+
 #### Delete a site profile
 
-- Navigate to your project's home page, then click **On-demand Scans** in the left sidebar.
-- Click **Create new DAST scan**.
-- Click **Delete** in the matching site profile's row.
+- From your project's home page, go to **Security & Compliance > Configuration** in the left sidebar.
+- Click **Manage** in the **DAST Profiles** row.
+- Click **{remove}** in the row of the profile to delete.
+- Click **Delete**.
 
 ### Enable or disable On-demand Scans
 
@@ -665,8 +674,6 @@ feature flag enabled.
 [GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
 can disable or enable the feature flags.
 
-#### Enable or disable On-demand Scans
-
 To disable On-demand Scans:
 
 ```ruby