Vulnerability scans
You can scan for known vulnerabilities on your web servers and web applications, helping you to design protection profiles that are an effective and efficient use of processing resources.
Vulnerability reports from a certified vendor can help you comply with regulations and certifications that require periodic vulnerability scans, such as Payment Card Industry Data Security Standard (PCI DSS).
Run vulnerability scans during initial FortiWeb deployment (see
“How to set up your FortiWeb”)
and any time you are staging a new version of your web applications. You may also be required by your compliance regime to provide reports on a periodic basis, such as quarterly.
Each vulnerability scan starts from an initial URL, authenticates if set up to do so, then scans for vulnerabilities in web pages that it crawls to from links on the initial page. After performing the scan, the FortiWeb appliance generates a report from the scan results.
| Create and run web vulnerability scans early in the configuration of your FortiWeb appliance. Use the reports to locate vulnerabilities and fine-tune your protection settings. |
| If you have many web servers, you may want a FortiScan appliance to: • deepen vulnerability scans • integrate patch deployment • prioritize and track fixes via ticketing • offload and distribute scans to improve performance and remove bottlenecks |
To run a web vulnerability scan
1. Optionally, configure email settings. Email settings included in vulnerability scan profiles cause FortiWeb to email scan reports (see
“Configuring email settings”).
See also