Fortinet 508 FortiWeb 5.0 Patch 6 Administration Guide
Configuring vulnerability scan settingsWeb Vulnerability Scan > Web Vulnerability Scan > Web Vulnerability Profile enables you to
configure vulnerability scan profiles.
A vulnerability scan profile defines a web server that you want to scan, as well as the specific
vulnerabilities to scan for. Vulnerability scan profiles are used by vulnerability scan policies,
which determine when to perform the scan and how to publish the results of the scan defined
by the profile.
To configure a vulnerability scan profile
1. If FortiWeb must authenticate in order to reach all URLs that will be involved in the
vulnerability scan, configure the web application (if it provides form-based authentication)
with an account that FortiWeb can use to log in.
2. Go to Web Vulnerability Scan > Web Vulnerability Scan > Web Vulnerability Profile.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Web Vulnerability Scan Configuration category.
For details, see “Permissions” on page 47.
3. Click Create New.
A dialog appears.
For best results, the account should have permissions to all functionality used by the web site.
If URLs and inputs vary by account type, you may need to create multiple accounts — one for
each non-overlapping set — and run separate vulnerability scans for each account.