Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
DATA SHEET
FortiPenTest™Cloud Delivered Penetration Testing as a Service
FortiPenTest is a Fortinet developed Cloud-native penetration test tool based upon the OWASP Top 10 list of application vulnerabilities. It is designed to use Fortinet’s extensive FortiGuard research results and knowledge base to test target systems for security vulnerabilities.
Highlights
§ OWASP Top 10 based vulnerability
testing
§ Test on-demand or schedule for
desired time
§ Vulnerability remediation
recommendations provided
§ Comprehensive reporting engine
§ Per asset Threat Score computed
from CVSS values
Fully ScalableImplement a cloud-based system that grows with your organization
Human Simulated ActivityUses real web browsers with simulated human activity to correctly interact with scripted client-side content
Security and ComplianceDiscover and address system vulnerabilities before they become a problem
DATA SHEET | FortiPenTest™
2
Highlights
Leveraging the OWASP Top Ten list of most prominent application security risks, FortiPenTest runs a series of tests and attacks to
determine what vulnerabilities a target IP address or Fully Qualified Domain Name (FQDN) is susceptible to, then provides full details on not
only the vulnerability, but also what you can do about it. Configurable E-mail notifications allow you to choose what to be alerted about.
Vulnerability Testing
FortiPenTest leverages the OWASP Top 10 Application Security
Risk listing to craft a series of tests designed to verify that a
target system has been successfully secured against exploit or
penetration. FortiPenTest can also take advantage of a third-party
command and control (C&C) server, allowing security modules to
carry blind attacks. Full results are displayed and categorized by
their CVSS severity score. Based upon these CVSS scores, an
overall Threat Score for the target is generated and displayed.
Detailed Results with Suggested Remediations
Each vulnerability found can be drilled down to get detailed
information on the issue along with suggested remediation steps.
Robust Report Engine
Both summary and detail reports are available for each test run.
Results can be exported from the system for distribution to a wider
audience.
Schedule Tests at Desired Intervals
Assets can be scheduled for a specific time, or set to recur scans
based upon chosen criteria.
Features
DATA SHEET | FortiPenTest™
www.fortinet.com
Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-PENT FPT-DAT-R02-202101
Order Information
Product SKU Description
FortiPenTest FC-10-FPENT-236-02-DD This stackable license adds 10 additional IP / FQDN targets to a single FortiPenTest cloud account.
A trial subscription to FortiPenTest is available to FortiCloud Premium subscribers. This trial version is limited to a single IP address / FQDN
and will only test to a limited subset of the OWASP list. The full version can be licensed for any desired number of targets using Fortinet’s full
suite of vulnerability tests. In addition, the full version allows for comprehensive testing and gap analysis results.