FortiDevSec
Continuous Application Security Testing

Fortinet FortiDevSec

Fortinet Products

FortiDevSec - Standard functionality Tier

FortiDevSec 1 Year FortiDevSec - Standard functionality Tier - Unlimited scans and unlimited apps for all scanners (SAST, SCA/OSS, Containers, IaC and Secrets) for up to 5 developer users (all developers working on the target apps to be scanned are counted). This also includes DAST or WebApp Vulnerability scanning provided by FortiDAST but limited to 5 apps. Use add on SKU to add more apps for DAST. This is stackable. Annual Subscription . FortiCare support included.

#FC1-10-DEVSC-513-01-12
~~List Price: $7,290.00~~
Our Price: Request a Quote

FortiDevSec 2 Year FortiDevSec - Standard functionality Tier - Unlimited scans and unlimited apps for all scanners (SAST, SCA/OSS, Containers, IaC and Secrets) for up to 5 developer users (all developers working on the target apps to be scanned are counted). This also includes DAST or WebApp Vulnerability scanning provided by FortiDAST but limited to 5 apps. Use add on SKU to add more apps for DAST. This is stackable. Annual Subscription . FortiCare support included.

#FC1-10-DEVSC-513-01-24
~~List Price: $14,580.00~~
Our Price: Request a Quote

FortiDevSec 3 Year FortiDevSec - Standard functionality Tier - Unlimited scans and unlimited apps for all scanners (SAST, SCA/OSS, Containers, IaC and Secrets) for up to 5 developer users (all developers working on the target apps to be scanned are counted). This also includes DAST or WebApp Vulnerability scanning provided by FortiDAST but limited to 5 apps. Use add on SKU to add more apps for DAST. This is stackable. Annual Subscription . FortiCare support included.

#FC1-10-DEVSC-513-01-36
~~List Price: $21,869.00~~
Our Price: Request a Quote

FortiDevSec 5 Year FortiDevSec - Standard functionality Tier - Unlimited scans and unlimited apps for all scanners (SAST, SCA/OSS, Containers, IaC and Secrets) for up to 5 developer users (all developers working on the target apps to be scanned are counted). This also includes DAST or WebApp Vulnerability scanning provided by FortiDAST but limited to 5 apps. Use add on SKU to add more apps for DAST. This is stackable. Annual Subscription . FortiCare support included.

#FC1-10-DEVSC-513-01-60
~~List Price: $36,449.00~~
Our Price: Request a Quote

FortiDevSec - FortiPenTest Add On

FortiDevSec - FortiDAST Add On 1 Year Add on FortiDAST web vulnerability scanning / DAST functionality to FortiDevSec. Both products are to be used in SAAS version. This SKU provides access for scanning 5 apps using FortiDAST. This is on top of 5 apps for DAST that get included by default for each FortiDevSec license. Add on FortiDAST web vulnerability scanning / DAST functionality to FortiDevSec. Both products are to be used in VM version. This SKU provides access for scanning 5 apps using Fort

#FC1-10-DEVSC-216-02-12
~~List Price: $2,734.00~~
Our Price: Request a Quote

FortiDevSec - FortiDAST Add On 3 Year Add on FortiDAST web vulnerability scanning / DAST functionality to FortiDevSec. Both products are to be used in SAAS version. This SKU provides access for scanning 5 apps using FortiDAST. This is on top of 5 apps for DAST that get included by default for each FortiDevSec license. Add on FortiDAST web vulnerability scanning / DAST functionality to FortiDevSec. Both products are to be used in VM version. This SKU provides access for scanning 5 apps using Fort

#FC1-10-DEVSC-216-02-36
~~List Price: $8,201.00~~
Our Price: Request a Quote

FortiDevSec - FortiDAST Add On 5 Year Add on FortiDAST web vulnerability scanning / DAST functionality to FortiDevSec. Both products are to be used in SAAS version. This SKU provides access for scanning 5 apps using FortiDAST. This is on top of 5 apps for DAST that get included by default for each FortiDevSec license. Add on FortiDAST web vulnerability scanning / DAST functionality to FortiDevSec. Both products are to be used in VM version. This SKU provides access for scanning 5 apps using Fort

#FC1-10-DEVSC-216-02-60
~~List Price: $13,668.00~~
Our Price: Request a Quote

Click here to jump to more pricing!

Please Note: All Prices are Inclusive of GST

Overview:

Find and fix all types of application security issues within your DevOps CI/CD cycle

FortiDevSec automates application security testing to detect and remediate security vulnerabilities in applications' source code, included open-source and third-party libraries, container images, and Infrastructure-as-Code files early during the development stages of the application lifecycle, without requiring much security expertise from the developers or DevOps.

The comprehensive SaaS-based continuous application testing solution enables developers to detect and remediate security vulnerabilities within the DevOps continuous integration/continuous delivery/deployment (CI/CD) lifecycle.

Features and Benefits

BUILD AND DEPLOY SECURE APPLICATIONS FortiDevSec offers a comprehensive continuous application testing solution to detect and remediate vulnerabilities, empowering software developers and devops to build and deploy secure applications
INTELLIGENT SECURITYFortiDevSec utilizes advanced threat detection capabilities to prioritize critical threats and reduce false positives
SEAMLESS INTEGRATION FortiDevSec easily integrates into most major CI/CD platforms and bug trackers like JIRA
UNIFIED DASHBOARD FortiDevSec’s visual reporting tool aggregates and correlates all scan results across scan types, languages and platforms, and provides uniform risk ratings to assess the overall security posture
EASY TO DEPLOY FortiDevSec can be deployed in 3 simple steps to quickly respond to critical threats
SECURITY FABRIC INTEGRATION Integration with Fortinet’s Security Fabric to offer an enhanced solution to secure the CI/CD pipeline

FortiDevSec: Continuous Application Security Testing Use Cases

SIMPLIFIES SECURITY FOR APPLICATION DEVELOPMENT

Easily integrates into most major CI/CD platforms to detect and remediate software vulnerabilities, enabling developers to rapidly build, test and deploy software applications

COMPREHENSIVE VULNERABILITY MANAGEMENT

Automates deployment of application security scanners in the DevOps lifecycle to extend security across the entire vulnerability landscape

RISK MANAGEMENT

Consolidated dashboard aggregates and correlates scan results with intelligent risk scoring to prioritize critical threats

Applications:

FortiDevSec is designed to deploy the appropriate application security test based on the attributes and settings of the application. These testing technologies will analyze and detect software vulnerabilities throughout the different stages of the software development life cycle (SDLC) to secure the CI/CD pipeline.

Software Composition Analysis (SCA) also known as Open Source Software (OSS)

Identifies all open-source components in the application software
Validates dependencies across the integrated software
Ensures vulnerable versions are not being used in the application
Checks for license policies and organizational mandate
Verifies applications live on secure infrastructure components

Secrets

Scans source code and all previous builds for unsecure confidential data

Static Application Security Testing (SAST)

“White box security testing”
Detects security issues in the application source code
Ensures application is compliant with secure coding guidelines
Detects and remediates bugs introduced by Developers
Complements SCA/OSS and infrastructure vulnerability testing

Dynamic Application Security Testing (DAST)

“Black box security testing”
Detects run-time application security issues
Ensures application is compliant with secure coding guidelines
Detects bugs that only emerge during run-time
Complements SAST, SCA/OSS and infrastructure vulnerability testing

Containers

Detects software vulnerabilities in container images that are built in the application's CI/CD pipeline

Infrastructure as Code (IaC)

Scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile, and Kubernetes to detect potential configuration issues that expose your deployments to the risk of attack

Features:

Innovative Product Offering

AppSec testing is also very fragmented. There are many types of AppSec scans that need to be done on an application to figure out all its vulnerabilities, and these are usually offered by separate products. A multi-product solution creates fragmentation and hinders DevSecOps enablement of AppSec.

The industry needs an innovative AppSec product that has DevSecOps in its DNA. It should be easy to use by developers and DevOps without requiring specialized security expertise. It should also be a comprehensive offering covering all types of AppSec scans, including SAST, DAST, SCA, Secrets, and more.

Simple Security for Modern App Development

Modern application development is a combination of rapid application development using agile methodologies, being cloud-native, using microservices and container-based architectures, using CI/CD to automate build and deployment, and the need to automate application security testing in CI/ CD.

FortiDevSec orchestrates and automates continuous application security testing for developers and DevOps directly into the application CI/CD DevOps lifecycle. DevOps can integrate FortiDevSec just by copying a few lines of code into their CI/CD and without requiring any AppSec expertise. This feature allows AppSec to work at the speed of DevOps. FortiDevSec supports all major CI/CD tools, languages, and frameworks.

Comprehensive Vulnerability Management

Applications need to be secured from multiple attack vectors, and in order to do that, they need to be security tested using many types of scanners.

Static or source code testing (SAST) scans the application’s own source code, SCA/OSS scans the third-party libraries (typically open-source libraries) included in the application, Secrets scans for open password texts in the code, DAST or dynamic testing analyzes a web application through the frontend to find vulnerabilities through simulated attacks.

Consolidated Dashboard

FortiDevSec offers an easy-to-use portal where users can log in and view all the issues across all their applications and all the different scan types. There is no more need to use multiple portals for numerous different and fragmented scanners

Scan results are first normalized across multiple scan types. The risk rating, risk category, and descriptions are all normalized. The results are then aggregated and presented with various filters so the user can prioritize on fixing the most critical items first.

Documentation:

Download the Fortinet FortiDevSec Data Sheet (PDF).

Pricing Notes:

All Prices are Inclusive of GST
Pricing and product availability subject to change without notice.