Fortinet white logo
Fortinet white logo

User Guide

Adding a New Application

Adding a New Application

Adding your application in the FortiDevSec GUI to perform vulnerability scan testing.

  1. In App Directory page, click +New Application.
  2. In New Application window, enter Application Name and select Application Group from the drop down. See Application Groups.

  3. In the Settings panel you can configure the risk rating factors based on questionnaire for this application .
    Note: If you do not configure the risk rating factors then the displayed default settings are applied.
    The following data is associated with the OWASP factors to calculate risk rating for your application.
    • Possible impact in case of a full breach of this application.
    • The application deployment details.

  4. Click Next.
  5. You can enable and Add Jira Plugin, configure the Jira cloud server or the on-premise solution and select the project to integrate it with this application.

  6. You can enable and configure FortiDAST scanning.
    1. Enter the target application URL and port number.
    2. Click Validate. FortiDevSec checks the entered URL format and verifies if the URL is already a target within FortiDAST.
      • If the URL exists, link to existing configuration is displayed.

      • If not, FortiDevSec adds the new URL as a target and associates it with a valid license.

      Once the URL and license is validated, the DAST license selected is displayed.

    3. Click Next.

  7. After an application is created, success message is displayed.

    • To configure the DAST scan in FortiDAST:
      1. Click DAST Config Link.
      2. FortiDAST configuration page opens in a new tab.
      3. Configure DAST scan as needed. See Configuring FortiDAST Scanner.
    • To download fdevsec.yaml file, click Scanner Config.
      Note: To perform DAST scan, uncomment the dast configuration in fdevsec.yaml file even when FortiDAST asset/URL is configured through GUI plugin.

Click Done and your application is listed in the dashboard.

Adding a New Application

Adding a New Application

Adding your application in the FortiDevSec GUI to perform vulnerability scan testing.

  1. In App Directory page, click +New Application.
  2. In New Application window, enter Application Name and select Application Group from the drop down. See Application Groups.

  3. In the Settings panel you can configure the risk rating factors based on questionnaire for this application .
    Note: If you do not configure the risk rating factors then the displayed default settings are applied.
    The following data is associated with the OWASP factors to calculate risk rating for your application.
    • Possible impact in case of a full breach of this application.
    • The application deployment details.

  4. Click Next.
  5. You can enable and Add Jira Plugin, configure the Jira cloud server or the on-premise solution and select the project to integrate it with this application.

  6. You can enable and configure FortiDAST scanning.
    1. Enter the target application URL and port number.
    2. Click Validate. FortiDevSec checks the entered URL format and verifies if the URL is already a target within FortiDAST.
      • If the URL exists, link to existing configuration is displayed.

      • If not, FortiDevSec adds the new URL as a target and associates it with a valid license.

      Once the URL and license is validated, the DAST license selected is displayed.

    3. Click Next.

  7. After an application is created, success message is displayed.

    • To configure the DAST scan in FortiDAST:
      1. Click DAST Config Link.
      2. FortiDAST configuration page opens in a new tab.
      3. Configure DAST scan as needed. See Configuring FortiDAST Scanner.
    • To download fdevsec.yaml file, click Scanner Config.
      Note: To perform DAST scan, uncomment the dast configuration in fdevsec.yaml file even when FortiDAST asset/URL is configured through GUI plugin.

Click Done and your application is listed in the dashboard.