toll free: 1-877-386-3763
direct: 1-780-430-6240

Buy Now Quote Request FortiWeb Web Application Security

FortiWeb Web Application Security

Urge for PCI DSS Compliance

Network security threats have evolved to target web-based applications that are the interface to confidential information stored on back-end databases. In response to major security breaches, information, and identity and data theft PCI standards were formed. However, ensuring the web-application is free of vulnerabilities is complicated by the ongoing discovery of new vulnerabilities, patching challenges, code revisions, time-to-market pressures, the inherent difficulty of vulnerability identification, and even access to the application code.

ICSA Certified

ICSA Web Application Firewall Award

Fortinet's FortiWeb™ has passed ICSA Web Application Firewall Certification. The latest model being tested is FortiWeb 1000C. ICSA Labs certifications are evidence of FortiWeb's commitment to uphold the industry's highest security standards. Achieving this certification ensures that FortiWeb™ customers benefit from best practices in the security industry for all their Web application needs.

Unmatched Protection for Web Applications

The FortiWeb family of web application firewalls provides specialized, layered application threat protection for medium and large enterprises, application service providers, and SaaS providers. FortiWeb’s integrated web application and XML firewalls protect your web-based applications and internet-facing data from attack and data loss.

Using advanced techniques to provide bidirectional protection against sophisticated threats like SQL injection and cross-site scripting, FortiWeb platforms help you prevent identity theft, financial fraud and corporate espionage. FortiWeb delivers the technology you need to monitor and enforce government regulations, industry best practices, and internal policies.

FortiWeb Deployments

FortiWeb Deployment Scenarios

  • Inline Transparent - Layer two bridge that does not require network level redesign
  • True Transparent Proxy - Layer two deployment with no need for network level redesign. The traffic is internally terminated to provide more functionality than pure inspection.
  • Reverse Proxy - Provides additional capabilities such as URL rewrite and advanced routing capabilities
  • Offline Sniffing - Monitors environments with zero network footprint and latency

Accelerate Deployment and Lower Costs

FortiWeb significantly reduces deployment costs by consolidating Web Application Firewall, XML filtering, web traffic acceleration, and application traffic balancing into a single device with no per-user pricing.

It drastically reduces the time required to protect your regulated internet-facing data and eases the challenges associated with policy enforcement and regulatory compliance. Its intelligent, application-aware load-balancing engine increases application performance, improves resource utilization and application stability while reducing server response times.

Aids in Compliance

PCI DSS compliance

FortiWeb is the only product that provides a Vulnerability Scanner module within the web application firewall that completes a comprehensive solution for PCI DSS requirement 6.6.

Protects against OWASP top 10

Incorporating a positive and a negative security module based on bidirectional traffic analysis and an embedded behavioral based anomaly detection engine FortiWeb fully protects against the OWASP TOP 10.


Utilizing Fortinet’s renowned FortiGuard service FortiWeb customers get up to date dynamic protection from the Fortinet® Global Security Research Team, which researches and develops protection against known and potential application security threats.

FortiWeb Protects agains a wide range of attacks.

  • Cross Site Scripting
  • SQL Injection
  • Session Hijacking
  • Cookie Tampering / Poisoning
  • Cross Site Request Forgery
  • Command injection
  • Remote File Inclusion
  • Forms Tampering
  • Hidden Field Manipulation
  • Outbound Data Leakage
  • HTTP Request Smuggling
  • Remote File Inclusion
  • Encoding Attacks
  • Broken Access Control
  • Forceful Browsing
  • Directory Traversal
  • Site Reconnaissance
  • Search Engine Hacking
  • Brute Force Login
  • Access Rate Control
  • Schema Poisoning
  • XML Parameter Tampering
  • XML Intrusion Prevention
  • WSDL Scanning
  • Recursive Payload
  • External Entity Attack
  • Buffer Overflows
  • Denial of Service.