Compliance : Vulnerability scans : Viewing vulnerability scan reports
 
Viewing vulnerability scan reports
After a web vulnerability scan completes, the FortiWeb appliance generates a report summarizing and analyzing the results of the scan. If you configured it to email the report to you when complete, you may receive the report in your inbox. However, you can also view and download it through the web UI.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Web Vulnerability Scan Configuration category. For details, see “Permissions”.
Table 48: Web Vulnerability Scan > Web Vulnerability Scan > Scan History
Field
Description
View
Click to view a scan report. See “Downloading vulnerability scan reports”.
Download
Click to download a copy of a scan report. See “Downloading vulnerability scan reports”
Target Server
Displays the host name of the server that was scanned for vulnerabilities. Click this link to view the scan report associated with this server.
URLs Found
Displays the number of URLs on the target host that were scanned for vulnerabilities.
Alerts Found
Displays the total number of vulnerabilities discovered during the scan.
Scan Time
Displays the date and time that the scan was performed.
Scan Mode
Indicates whether the scan job used Basic Mode (use HTTP GET only and omit both user-defined and predefined sensitive URLs) or Enhanced Mode (use both HTTP POST and GET, excluding only user-defined URLs).
Scan report contents
The web vulnerability scan report is divided into sections for a summary, discovered vulnerabilities and affected URLs.
Figure 61: Viewing a vulnerability report
See also
Preparing for the vulnerability scan
Configuring vulnerability scan settings
Running vulnerability scans
Scheduling web vulnerability scans
Manually starting & stopping a vulnerability scan