Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Boris_Tolshew
New Contributor

Customization of FortiWeb Web Vulnerability Scan reports

Does anyone ever use Web Vulnerability Scan in FortiWeb? Generated repoerts looks pretty poor (user friedly about 0%). How I can customize it? For example: one of the reports has about 8000 pages and it's not good at all (test report with test web-server). It is include full html http-response, but sometimes (in some vulnerabilities or suspected vulnerabilities) i don't need it at all. Can anyone help with it? Maybe in future versions of FortiWeb reports customiztion will be improved.

I can't do anything except write a some script that will be parse report and delete extra data, but this doesn't seem like a good solution.

1 Solution
AEK
SuperUser
SuperUser

As scan template try select Fast Scan or OWASP Top 10 instead of Full Audit. This should make your report lighter.

On the other hand as far as I remember this report is mainly intended to be used to feed the custom Web Protection Profile that are based on vulnerability scan report, that's why they are not so user friendly.

So I think your method to use script to retain only useful data is good, otherwise you may need to use another scanner.

AEK

View solution in original post

AEK
2 REPLIES 2
aidenso
New Contributor

I think there is also the fact that other vendor firewalls apply nextgen firewall features to the local in traffic, whereas fortigates don't unless you configure a custom local in policy with virtual patch enabled. These vulnerabilities on other firewalls can be remediated through the regular security feeds and don't require you to install a patch (usually) https://tutuapp.uno/ .

AEK
SuperUser
SuperUser

As scan template try select Fast Scan or OWASP Top 10 instead of Full Audit. This should make your report lighter.

On the other hand as far as I remember this report is mainly intended to be used to feed the custom Web Protection Profile that are based on vulnerability scan report, that's why they are not so user friendly.

So I think your method to use script to retain only useful data is good, otherwise you may need to use another scanner.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors