FortiWeb is a web application firewall that protects web applications and APIs from threats targeting known and unknown vulnerabilities. The solution addresses OWASP Top 10 threats, sophisticated bot attacks, and DDoS attacks through multiple security mechanisms. The platform uses a dual-layer machine learning approach for anomaly detection and zero-day exploit identification. It applies machine learning to model each application, reducing administrative overhead by identifying malicious patterns and minimizing false positives. FortiWeb includes bot defense capabilities that distinguish between malicious bots and legitimate business bots such as search engines or monitoring tools. The bot protection uses advanced techniques including bot deception, biometric detection, and machine learning to manage bot traffic without degrading user experience through excessive CAPTCHAs. API discovery and protection features use machine learning algorithms to automatically discover APIs by evaluating application traffic. The solution delivers out-of-the-box policies with automatically generated positive security model policies for each schema specification (OpenAPI, XML, JSON) and integrates API security into CI/CD pipelines. Client-side protection monitors scripts running on payment pages to address PCI DSS requirements. This policy-based feature detects and mitigates unauthorized activity such as third-party script injections, DOM manipulation, and form hijacking within the user's browser. FortiWeb includes FortiAI-Assist for accelerating forensics and contextual decision making. The solution offers advanced threat analytics with recommended playbooks and threat-hunting capabilities. It is available in multiple form factors including hardware, virtual machines, SaaS, and public cloud marketplaces.