Fortinet black logo

User Guide

Home FortiWeb Cloud User Guide

Vulnerability Scan

Copy Link
Copy Doc ID a9687b55-f2f2-11ee-8c42-fa163e15d75b:898181
Download PDF

Vulnerability Scan

The Vulnerability Scan module helps identify OWASP Top 10 flaws in web applications. You can get a comprehensive report with remediation recommendations to protect your web applications.

You now have the option to subscribe to the Vulnerability Scan service with a monthly plan on AWS, Azure, and Google Cloud.

By default, the Vulnerability Scan report is based on your current WAF configuration. It highlights the vulnerabilities that are still exposed to attackers given the existing configuration, so that you can fine tune the WAF settings to strengthen the security.

However, if you want to check out the vulnerabilities assuming the protection from FortiWeb Cloud was off, you can enable the Bypass WAF option at the top right corner of the Vulnerability Scan page. Please note this option is only available when the Advanced Configuration on the Global > System Settings > Settings page is switched on.

To add applications for vulnerability Scan:

  1. Go to Vulnerability Scan.
  2. Click Create New.
  3. In Add Asset window, select the FQDN and Port. These are the domain names and port numbers you have defined in Network > Endpoints.
  4. Click OK.

The maximum number of applications allowed are defined in your contracts. You can check it in Global > System Settings > Contracts.

In the following screenshot, "0/5" means you can add at most 5 applications across all applications, while 0 seat is available now.

To configure and view the vulnerability report:

Click the Settings button to configure scanning settings and the Reports button to view the reports. For more information, check FortiDAST User Guide: https://docs.fortinet.com/product/FortiDAST

To configure your Vulnerability Scan subscription from a public cloud marketplace:

Go to Global > System settings > Contracts.

Billing

The billing cycle for Vulnerability Scan occurs monthly, and you will be charged on the date you initially add an application and subsequently on the same date each month. For instance, if you add an application on May 1st, your next billing date will be June 1st. If you happen to remove the application on May 15th and then re-add it on May 20th, you will be charged once at the time of re-adding the application. Following this, your next billing date will be on June 20th.

Please note that Vulnerability Scan seats are nontransferable. Removing applications does not open a seat in your contract that can be replaced with a different application.

Previous
Next

Vulnerability Scan

The Vulnerability Scan module helps identify OWASP Top 10 flaws in web applications. You can get a comprehensive report with remediation recommendations to protect your web applications.

You now have the option to subscribe to the Vulnerability Scan service with a monthly plan on AWS, Azure, and Google Cloud.

By default, the Vulnerability Scan report is based on your current WAF configuration. It highlights the vulnerabilities that are still exposed to attackers given the existing configuration, so that you can fine tune the WAF settings to strengthen the security.

However, if you want to check out the vulnerabilities assuming the protection from FortiWeb Cloud was off, you can enable the Bypass WAF option at the top right corner of the Vulnerability Scan page. Please note this option is only available when the Advanced Configuration on the Global > System Settings > Settings page is switched on.

To add applications for vulnerability Scan:

  1. Go to Vulnerability Scan.
  2. Click Create New.
  3. In Add Asset window, select the FQDN and Port. These are the domain names and port numbers you have defined in Network > Endpoints.
  4. Click OK.

The maximum number of applications allowed are defined in your contracts. You can check it in Global > System Settings > Contracts.

In the following screenshot, "0/5" means you can add at most 5 applications across all applications, while 0 seat is available now.

To configure and view the vulnerability report:

Click the Settings button to configure scanning settings and the Reports button to view the reports. For more information, check FortiDAST User Guide: https://docs.fortinet.com/product/FortiDAST

To configure your Vulnerability Scan subscription from a public cloud marketplace:

Go to Global > System settings > Contracts.

Billing

The billing cycle for Vulnerability Scan occurs monthly, and you will be charged on the date you initially add an application and subsequently on the same date each month. For instance, if you add an application on May 1st, your next billing date will be June 1st. If you happen to remove the application on May 15th and then re-add it on May 20th, you will be charged once at the time of re-adding the application. Following this, your next billing date will be on June 20th.

Please note that Vulnerability Scan seats are nontransferable. Removing applications does not open a seat in your contract that can be replaced with a different application.

Previous
Next