Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiDAST 24.2.0 User Guide
    24.2.0
    24.3.a
    24.3.0
    24.2.0
    24.1.0
    23.4.0
    23.3.a
    23.3.0
    23.2.0
    23.1.a
    23.1.0

    Automation Scripts

    Automation Scripts

    You can upload your existing automation scripts to FortiDAST. Once uploaded, these scripts are replayed in a controlled environment, providing several benefits:

    • Improve data collection for authentication, crawling, and fuzzing of web applications.

    • Discover hard-to-find URLs through efficient web crawling.

    • Replay core business logic to identify vulnerabilities.

    Adding an automation script

    Before uploading to FortiDAST ensure the script requirements are met. Also, the automation script must be configured with target URL, UUID, and FortiDAST API key. See Automation Script Prerequisites

    You can also click FAQs in the GUI to learn more about script configuration.

    1. Navigate to Configure > Replay with Automation.

    2. Select the Automation Scripts tab.

    3. Click + Create.

    4. Enter a unique name for the script. This must match with script_name parameter configured in the script.

    5. Browse and upload the script file.

    6. Enable Run script on every scan toggle to execute the uploaded script with each scan.

    7. Click OK to save the script.

    Script validation

    The Validation Status indicates the script's current validation state.

    • New: Script uploaded but not yet validated.

    • In Progress: Script validation is ongoing.

    • Successful: Script is validated and ready for use.

    • Failed: Script validation failed. CheckValidation Errors for details.

    The status of scripts validation can also be viewed on the Scans Policy page. A gear icon is displayed when scripts are added. Hover on the icon to view the count of scripts In Progress, Success or Failed.

    Session logging

    Session logging captures cookies and other session details during script execution. To enable session logging, select a script and click Select for session logging. Confirm your selection in the popup window.

    Viewing script details

    Select a script and click Show Details. This displays the script details and validation results. You can also download the script execution output, containing traversed URLs and APIs.

    Deleting a script

    Select a script you want to delete and click Delete.

    During rescan, the output from initial script validation and execution is used.
    Previous
    Next

    Automation Scripts

    Automation Scripts

    You can upload your existing automation scripts to FortiDAST. Once uploaded, these scripts are replayed in a controlled environment, providing several benefits:

    • Improve data collection for authentication, crawling, and fuzzing of web applications.

    • Discover hard-to-find URLs through efficient web crawling.

    • Replay core business logic to identify vulnerabilities.

    Adding an automation script

    Before uploading to FortiDAST ensure the script requirements are met. Also, the automation script must be configured with target URL, UUID, and FortiDAST API key. See Automation Script Prerequisites

    You can also click FAQs in the GUI to learn more about script configuration.

    1. Navigate to Configure > Replay with Automation.

    2. Select the Automation Scripts tab.

    3. Click + Create.

    4. Enter a unique name for the script. This must match with script_name parameter configured in the script.

    5. Browse and upload the script file.

    6. Enable Run script on every scan toggle to execute the uploaded script with each scan.

    7. Click OK to save the script.

    Script validation

    The Validation Status indicates the script's current validation state.

    • New: Script uploaded but not yet validated.

    • In Progress: Script validation is ongoing.

    • Successful: Script is validated and ready for use.

    • Failed: Script validation failed. CheckValidation Errors for details.

    The status of scripts validation can also be viewed on the Scans Policy page. A gear icon is displayed when scripts are added. Hover on the icon to view the count of scripts In Progress, Success or Failed.

    Session logging

    Session logging captures cookies and other session details during script execution. To enable session logging, select a script and click Select for session logging. Confirm your selection in the popup window.

    Viewing script details

    Select a script and click Show Details. This displays the script details and validation results. You can also download the script execution output, containing traversed URLs and APIs.

    Deleting a script

    Select a script you want to delete and click Delete.

    During rescan, the output from initial script validation and execution is used.
    Previous
    Next