Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your external and internal web-based applications from the OWASP Top 10 and many other threats. Using IP Reputation services, botnets and other malicious sources are automatically screened out, before they can do any damage. Dos detection and prevention keeps your applications safe from being overloaded by Layer 7 Dos attacks. FortiWeb checks, that the request hasn't been manipulated, using HTTP RFC validation. Requests are checked against FortiWeb's signatures to compare them against known attack types to make sure they're clean. Any files, attachments or code are scrubbed with FortiWeb's built-in antivirus and antimalware services. FortiWeb's auto-learning behavioral detection engine reviews all requests, that have passed the tests for known attacks. If the request is outside of user or automatic parameters, the request is blocked. Lastly, FortiWeb provides a correlation engine, where multiple events from different security layers are correlated to make a more accurate decision and help protect against the sophisticated attacks. This combination provides excellent protection from any web application attack, including zero-day threats.