Introduction

FortiWeb Cloud WAF-as-a-Service is a cloud-native SaaS-based web application firewall (WAF) that protects public cloud-hosted web applications from the OWASP Top 10 threats, zero-day attacks and other application layer attacks.

With innovative AI-based capabilities, FortiWeb Cloud eliminates the need for manual training and reduces management overhead using Machine Learning that automatically learns and evolves with your specific application, blocking malicious anomalies without blocking legitimate users.

The environment is built on the FortiWeb Cloud MSSP edition run by CSE-international.
All attendees are part of a single tenant and will be able to see each other's web applications.

Please respect the other attendees' environment and work only on your own web application

Topology

The topology used is fully cloud based.
We are utilizing a stepstone server (Client) to access back-end webservices, that are protected by FortiWeb Cloud WAFaaS.

Infrastructure topology

Login Credentials

NOTE: # is your attendee number

Component Username Password
FortiWeb Cloud user# Fortinet2020#
Stepstone server user# fortinet

FAQ

Q: My DNS Status stays on Update Pending and doesn't move to OK
A: You have to request the dns-sage@fortiworkshop.nl to put in place the CNAME for you.

Q: I get a certificate warning on my website.
A: Your DNS status needs to be in the OK condition after which it will receive a Let's encrypt certificat (takes ~5 min).


Disclaimer

  • Nothing contained in this article is intended to teach or encourage the use of security tools or methodologies for illegal or unethical purposes. Always act in a responsible manner. Make sure you have written permission from the proper individuals before you use any of the tools or techniques described here outside this environment.

  • The environment is designed for functional learning and testing purposes, not to be used for performance testing. Behavior might be slower than expected due to limited resource assignment.