Skip to content Skip to navigation Skip to footer


FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that threat actors may exploit. Designed for development, DevOps, and security teams, FortiDAST generates full details on vulnerabilities found, prioritized by threat scores computed from CVSS values, and provides guidance for their effective remediation. 

FortiDAST is cloud-based and uses a crawler and fuzzers to scan and test web applications.

How FortiDAST Works

FortiDAST combines FortiGuard Labs’ extensive threat research and knowledge base and employs a powerful crawler and expert-designed fuzzers. These crawl and test your web applications for vulnerabilities, simulating tactics threat actors would take in the real world.

Three FortiDAST deployment options. 1. Cloud-based scanning: perform testing without managing underlying infrastructure. 2. Proxy scanning: use proxy scanning to scan internal web applications not exposed to the Internet. 3. On-premise scanning: Deploy and manage scanning tools with in your environment.

Flexible Deployment Options

FortiDAST provides great flexibility. With cloud, proxy, or on-premises deployment options, FortiDAST fits your organization's needs.

FortiDAST is integrated with FortiDevSec

End-to-End CI/CD Pipeline Coverage

With FortiDAST and FortiDevSec integration, we provide DevSecOps teams with vulnerability scanning solutions to cover the entire CI/CD pipeline or software development life cycle (SDLC). You can scan applications and remediate vulnerabilities both in development and production phases. FortiDAST is also natively integrated with major CI/CD tools.

Features and Benefits

Black-box testing

Automate front-end or black-box testing of web apps against OWASP Top 10 and other vulnerabilities

Advanced Crawling

Use advanced crawling to reach and scan all web application branches and pathways

Vulnerability Scanning

Find run-time application security issues and bugs

Risk Analysis

Analyze threats & misconfigurations that pose risk based on threat scores calculated from CVSS values

Fuzzer Expertise

Get top efficacy using fuzzers and tests skillfully written by Fortinet experts

End-to-end CI/CD Coverage

Get full CI/CD lifecycle coverage through native integration with major tools and FortiDevSec

FortiDAST Use Cases

app performance icon
Web Application Protection
Proactively protect web applications with automated scanning to identify and prioritize vulnerabilities. Receive guidance for remediation.
integration icon
End-to-End Lifecycle Testing
Combine FortiDAST with major CI/CD tools including FortiDevSec for full-lifecycle testing.
clock icon
Scheduled Testing
Schedule scans for a specific time, or set to recur based on chosen criteria.