Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiDAST 25.2.0 User Guide
    25.2.0
    25.2.0
    25.1.0
    24.4.0
    24.3.a
    24.3.0
    24.2.0
    24.1.0
    23.4.0
    23.3.a
    23.3.0
    23.2.0
    23.1.a
    23.1.0

    Business Logic Recorder

    Business Logic Recorder

    The Business Logic Recorder allows you to browse and record navigation within your web application or target, enabling FortiDAST to discover additional navigation paths, URIs, cookies, and APIs for enhanced scan coverage.

    Note

    • The Business Logic Recorder does not support DevSecOps or proxy-based scans.

    • For targets requiring multi-factor authentication, scheduled scans cannot capture the required tokens or responses. Use a standard scan to ensure proper scanning of authenticated URLs.
    Creating a new recording

    You can create up to 10 recordings. To record a business logic sequence:

    1. Navigate to Scans Policy > Scan Configuration page. See Configuring the Scanner.

    2. In the Replay with Automation section, select Business Logic Recorder tab.

    3. Configure a session timeout from one to 24 hours.

    4. Click New Recording. The target URL launches in Business Logic Recorder window.

    5. Perform the necessary navigation and actions within the web application and click Save. You cannot use the tab key within the embedded browser. If the back button is clicked multiple times, a blank page may display. Click Discard and start a new recording.

    6. Provide a name for the recording (maximum 64 characters) and click Save. The discovered URIs, cookies, and APIs from the recorded business logic sequence are included in subsequent scans, enhancing scan coverage.

      Alternatively, click Discard at any time during the recording to cancel.

    7. Click OK.

    Note

    The Session Status shows if the session is valid. If expired, you are prompted to log in again when you perform scan.

    You can modify the session timeout at any time, and the latest timeout value updates all recordings based on the cookies or session details of the most recent recording.
    Downloading Discovered Network Endpoints

    Select a recording and click Download Discovered Network Endpoints to download a swagger-specification.json file containing detected endpoints.

    Deleting a recording

    Select a recording you want to delete and click Delete.

    Previous
    Next

    Business Logic Recorder

    Business Logic Recorder

    The Business Logic Recorder allows you to browse and record navigation within your web application or target, enabling FortiDAST to discover additional navigation paths, URIs, cookies, and APIs for enhanced scan coverage.

    Note

    • The Business Logic Recorder does not support DevSecOps or proxy-based scans.

    • For targets requiring multi-factor authentication, scheduled scans cannot capture the required tokens or responses. Use a standard scan to ensure proper scanning of authenticated URLs.
    Creating a new recording

    You can create up to 10 recordings. To record a business logic sequence:

    1. Navigate to Scans Policy > Scan Configuration page. See Configuring the Scanner.

    2. In the Replay with Automation section, select Business Logic Recorder tab.

    3. Configure a session timeout from one to 24 hours.

    4. Click New Recording. The target URL launches in Business Logic Recorder window.

    5. Perform the necessary navigation and actions within the web application and click Save. You cannot use the tab key within the embedded browser. If the back button is clicked multiple times, a blank page may display. Click Discard and start a new recording.

    6. Provide a name for the recording (maximum 64 characters) and click Save. The discovered URIs, cookies, and APIs from the recorded business logic sequence are included in subsequent scans, enhancing scan coverage.

      Alternatively, click Discard at any time during the recording to cancel.

    7. Click OK.

    Note

    The Session Status shows if the session is valid. If expired, you are prompted to log in again when you perform scan.

    You can modify the session timeout at any time, and the latest timeout value updates all recordings based on the cookies or session details of the most recent recording.
    Downloading Discovered Network Endpoints

    Select a recording and click Download Discovered Network Endpoints to download a swagger-specification.json file containing detected endpoints.

    Deleting a recording

    Select a recording you want to delete and click Delete.

    Previous
    Next