Scan Status
The vulnerability scan detects and assess URIs in the asset. The URI statistics displayed on the chart represent the total number of URIs detected (center of the chart) with each wedge of the chart representing the count/percentage of the following:
- The URIs with scan success
- The URIs with scan failure
- The URIs not scanned
The Scan Status widget also displays the details of skipped scans. See Skipped Scans.
Clicking on the chart or on the displayed statistics brings up a list of URIs and APIs associated with the scanned asset. Click on any of the URI to view the all the detected vulnerability details, alternately, you can also filter the vulnerabilities data based on the severity by clicking on the severity type in the Severity column.
Skipped Scans
FortiDAST skips scanning of URIs or files that are potentially safe.
The Skipped Scans section in Scan Status widget displays the total number of URIs detected for the following.
URI Type | Description |
---|---|
Invalid status code |
FortiDAST skips URLs that have response status codes outside the following list: 200, 302, 403, 405, 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511. |
Non-vulerable extensions | FortiDAST skips file extensions that are considered non-vulnerable. Common examples of the file extensions that are skipped include css, json, jpeg, png, mp3, mp4, ppdf, and docx. |
Third party links | FortiDAST skips scanning of the links from external domains which are part of the target URL. |
To view detailed information, click the number of URIs associated with each skipped scan type.