Updated Schema-Based Testing documentation

docs/6.x/vulnerability-detection/schema-based-testing/docker-reference.md

@@ -0,0 +1 @@
+--8<-- "latest/vulnerability-detection/schema-based-testing/docker-reference.md"

docs/6.x/vulnerability-detection/schema-based-testing/strategies.md

@@ -0,0 +1 @@
+--8<-- "latest/vulnerability-detection/schema-based-testing/strategies.md"

docs/7.x/vulnerability-detection/schema-based-testing/docker-reference.md

@@ -0,0 +1 @@
+--8<-- "latest/vulnerability-detection/schema-based-testing/docker-reference.md"

docs/7.x/vulnerability-detection/schema-based-testing/strategies.md

@@ -0,0 +1 @@
+--8<-- "latest/vulnerability-detection/schema-based-testing/strategies.md"

docs/latest/about-wallarm/detecting-vulnerabilities.md

@@ -28,7 +28,7 @@ To detect vulnerabilities in the applications and APIs, Wallarm uses the followi
     !!! tip ""
         Available in the **Security Testing** [subscription](../about-wallarm/subscription-plans.md). Requires installed [**Wallarm node**](../about-wallarm/api-security-overview.md#how-wallarm-api-security-works).
 
-* [**Schema-Based Testing (SBT)**](#schema-based-testing-sbt), part of [Wallarm's Security Testing suite](../vulnerability-detection/security-testing-overview.md): dynamic application security testing (DAST) solution that enables "shift-left" security - proactively identifies a wide range of vulnerabilities early in the development process; uses an API's schema (such as an OpenAPI specification or a Postman collection) as a blueprint to automatically generate and execute targeted security tests.
+* [**Schema-Based Testing (SBT)**](#schema-based-testing-sbt), part of [Wallarm's Security Testing suite](../vulnerability-detection/security-testing-overview.md): dynamic application security testing (DAST) solution that enables "shift-left" security. SBT takes a Postman collection as its test basis and uses an AI-driven engine to generate and validate targeted security tests, identifying a wide range of vulnerabilities early in the development process.
 
     !!! tip ""
         Available in the **Security Testing** [subscription](../about-wallarm/subscription-plans.md). **Does not require** installed [Wallarm node](../about-wallarm/api-security-overview.md#how-wallarm-api-security-works).
@@ -66,14 +66,14 @@ The Threat Replay Testing capabilities:
 
 ### Schema-Based Testing (SBT) <a href="../../../about-wallarm/subscription-plans/#core-subscription-plans"><img src="../../../images/security-testing-tag.svg" class="non-zoomable" style="border: none;"></a>
 
-Wallarm's [Schema-Based Testing](../vulnerability-detection/schema-based-testing/overview.md) is a dynamic application security testing (DAST) solution that enables "shift-left" security. It uses an API's schema (such as an OpenAPI specification or a Postman collection) as a blueprint to automatically generate and execute targeted security tests. By integrating into CI/CD pipelines, Schema-Based Testing allows development teams to proactively identify a wide range of vulnerabilities—including OWASP API Top 10 risks, business logic flaws, and input validation issues—early in the development process, making them easier and cheaper to fix.
+Wallarm's [Schema-Based Testing](../vulnerability-detection/schema-based-testing/overview.md) is a dynamic application security testing (DAST) solution that enables "shift-left" security. It takes a Postman collection — your existing functional tests — as a blueprint and runs an AI-driven scanner that analyzes the application context, generates vulnerability hypotheses, and validates each finding with an executable proof-of-exploit test. By integrating into CI/CD pipelines, Schema-Based Testing helps development teams proactively identify a wide range of vulnerabilities — including OWASP API Top 10 risks, business logic flaws, and input validation issues — early in the development process, making them easier and cheaper to fix.
 
 Schema-Based Testing capabilities:
 
-* Tests based on provided application's OpenAPI specification or Postman collection.
-* Deep, dynamic analysis of API endpoints.
-* Detection of vulnerabilities in the application or API itself, as well as security misconfigurations in the underlying infrastructure or environment.
-* Lightweight execution via Docker container.
+* Tests built from your Postman collection: functional tests drive realistic, multi-request attack scenarios.
+* Deep, dynamic analysis of API endpoints with AI-generated hypotheses validated by proof-of-exploit tests.
+* Detection of OWASP API Top 10 risks, business logic and access control vulnerabilities (BOLA, BFLA, mass assignment, etc.), input validation issues, and traffic-observable misconfigurations.
+* Lightweight execution via Docker container, with results streamed back to Wallarm Cloud.
 
 ### API Security Testing via Postman <a href="subscription-plans/#rogue-mcp"><img src="../../images/rogue-mcp-tag.svg" class="non-zoomable" style="border: none;"></a>
 

docs/latest/api-discovery/exploring.md

@@ -273,7 +273,7 @@ Exporting to OAS lets you use the discovered API schema for protection, analysis
 
 * **Upload to API specifications** in Wallarm to [enforce requests](../api-specification-enforcement/overview.md) or enable rogue API detection (when available for your API Discovery version).
 * **Open in [Swagger Editor](https://editor.swagger.io/)** to inspect and edit the inventory in OpenAPI format.
-* **Use in Wallarm's [Schema-Based Testing](../vulnerability-detection/schema-based-testing/overview.md)** to run automated API security tests, or **export to third-party platforms** (e.g. [Postman](https://www.postman.com/)) for documentation, testing, or further analysis. The specification helps with vulnerability testing and reviewing endpoints for sensitive data and undocumented parameters.
+* **Export to third-party platforms** (for example, [Postman](https://www.postman.com/)) for documentation, testing, or further analysis. The specification helps with vulnerability testing and reviewing endpoints for sensitive data and undocumented parameters. After importing the OAS into Postman and adding functional tests, you can drive [Schema-Based Testing](../vulnerability-detection/schema-based-testing/overview.md) with the resulting collection.
 
 To download the OAS file:
 

docs/latest/attacks-vulns-list.md

@@ -1133,7 +1133,7 @@ Complex business logic and access control vulnerabilities are defined by the str
 
 **Required configuration:**
 
-Wallarm detects the complex business logic and access control vulnerabilities only with enabled [Schema-Based Testing (SBT)](vulnerability-detection/schema-based-testing/overview.md) where the [Postman-based testing](vulnerability-detection/schema-based-testing/setup.md#postman-collection-based-test-policies) is configured.
+Wallarm detects the complex business logic and access control vulnerabilities with [Schema-Based Testing (SBT)](vulnerability-detection/schema-based-testing/overview.md), where the Active Scan mode runs the relevant [strategies](vulnerability-detection/schema-based-testing/strategies.md) against your Postman collection.
 
 Note that in Wallarm, you can also configure **AI Business logic abuse detection** mitigation control to detect [business logic abuse](#business-logic-abuse) at already running applications.
 

docs/latest/user-guides/settings/api-tokens.md

@@ -28,7 +28,7 @@ The selected usage scope restricts how and where the token can be used:
 
     Appropriate for self-hosted Nodes only.
 * Wallarm API - select this option to use the token for making authenticated requests directly to the Wallarm API.
-* Schema-Based Testing agent - [required](../../vulnerability-detection/schema-based-testing/) for work of [Schema-Based Testing](../../vulnerability-detection/schema-based-testing/setup.md#token).
+* Schema-Based Testing agent - required for [Schema-Based Testing](../../vulnerability-detection/schema-based-testing/overview.md) to authenticate the Docker container against Wallarm Cloud. See [token prerequisites](../../vulnerability-detection/schema-based-testing/setup.md#prerequisites).
 
 ## Token expiration
 

docs/latest/vulnerability-detection/api-security-testing-via-postman/overview.md

@@ -20,18 +20,18 @@ API Security Testing looks for issues such as:
 
 Findings are summarized with explanations and remediation guidance, designed for developers rather than security specialists. For the full list of issue types that can be detected (including those found by ASTP), see [Vulnerability types](../../attacks-vulns-list.md#vulnerability-types).
 
-## API Security Testing via Postman vs Schema-Based Testing (Postman)
+## API Security Testing via Postman vs Schema-Based Testing
 
-Wallarm also offers [Schema-Based Testing](../schema-based-testing/overview.md), which can use your Postman collection to run dynamic security tests (typically via Docker in CI/CD). Both options can use your Postman collections; choose based on how you work and how deep you need to go:
+Wallarm also offers [Schema-Based Testing](../schema-based-testing/overview.md), which runs dynamic security tests against your application as a Docker container, typically in CI/CD. Both products take a Postman collection as input; choose based on how you work and how deep you need to go:
 
-| | **API Security Testing via Postman** | **Schema-Based Testing** (Postman collection) |
+| | **API Security Testing via Postman** | **Schema-Based Testing** |
 |---|---|---|
-| **Use when** | You want a quick, conversational check inside Postman—ask in natural language and get results in the Agent chat in a few minutes. | You want automated, comprehensive DAST in CI/CD; you already have functional tests in Postman and want them to drive security tests. |
-| **How it runs** | Passive, design-level analysis; no attack payloads, no traffic replay. | Dynamic testing: sends real requests, uses your collection's functional tests as a blueprint to generate and run security tests. |
-| **Depth** | Auth gaps, data leaks, over-permissive endpoints, schema issues, basic BOLA/BOPLA—summarized for developers. | OWASP API Top 10, business logic, access control, input validation (injections, RCE, etc.), environment misconfigurations. |
-| **Where** | Inside Postman (Agent Mode); results in chat and in Wallarm Cloud. | Docker-based; runs in your pipeline or locally; results in Wallarm Console (Test runs, Security Issues). |
+| **Use when** | You want a quick, conversational check inside Postman — ask in natural language and get results in the Agent chat in a few minutes. | You want automated, comprehensive DAST embedded in CI/CD; you already have functional tests in Postman and want them to drive security tests. |
+| **How it runs** | Passive, design-level analysis; no attack payloads, no traffic replay. | Dynamic testing as a Docker container: replays the collection, then generates and validates targeted security tests against the application. |
+| **Depth** | Auth gaps, data leaks, over-permissive endpoints, schema issues, basic BOLA/BOPLA — summarized for developers. | OWASP API Top 10, business logic, access control, input validation (injections, RCE, etc.), and traffic-observable misconfigurations. |
+| **Where** | Inside Postman (Agent Mode); results in chat and in Wallarm Cloud. | Docker container runs in your pipeline or locally; results in Wallarm Console (Test runs, Security Issues). |
 
-In short: use **API Security Testing via Postman** for fast, in-Postman checks with minimal setup; use Schema-Based Testing with a Postman collection when you need full DAST and pipeline integration.
+In short: use **API Security Testing via Postman** for fast, in-Postman checks with minimal setup; use **Schema-Based Testing** when you need full DAST and pipeline integration.
 
 ## Access via Postman