This Is How to Do Simple, Fast and Accurate Web App Security

Web apps are the most common attack vector causing data breaches today. Here’s how Tenable.io Web Application Scanning, built by Tenable Research, can help security teams protect their web app estate.

It’s not an exaggeration to say that web apps power the world. Web apps provide critical news and information to key stakeholders, run marketing campaigns and transact sales, and help you engage and interact more effectively with your customers. As businesses become more digital, especially in the midst of current times, we’re seeing a sharp rise in the importance of web apps with numerous examples ranging from primary care providers deploying new telemedicine portals to local grocery stores standing up ecommerce services. To understand just how pervasive web apps are: We’re quickly approaching 2 billion unique web apps across the world.¹

Because most web apps are easily accessible to external users by design, its pervasiveness is also its primary downfall. Web apps are notoriously vulnerable. In aggregate, we’re talking about tens of billions of high-risk web app vulnerabilities that threat actors can attack with exploits. It should be no surprise that web apps consistently remain the most common attack vector causing data breaches today.²

Modern web apps change constantly, making it very difficult for security teams to keep pace with continuous updates and newly disclosed vulnerabilities. Unfortunately, most organizations do not have adequate application security resources.³ On top of that, many solutions are cost-prohibitive and difficult to use without extensive expertise. Too few security teams have a holistic process to secure web apps alongside their IT assets, which creates even more complexity.

The result is the vast majority of web apps are not assessed for critical vulnerabilities that could bring a business to its knees and halt all customer transactions or lead to a loss of confidential customer data.

You don’t need a PhD to secure PHP

One of the easiest ways to cut through application security complexity is to extend existing platforms you have in place today to protect your web apps. Not only does this simplify your security tech stack, but you can also take advantage of workflows you are already familiar with to launch new scans, analyze scan results, prioritize vulnerabilities and customize reporting. This is especially critical for security organizations that don’t have a team of appsec PhDs at the ready. 

This is why we created Tenable.io Web Application Scanning. The product is designed by security practitioners for security practitioners. Users can quickly configure scans in minutes, instead of spending hours or days of manual tuning to yield meaningful results. It was built by Tenable Research – the largest vulnerability research team in the industry – to deliver comprehensive and accurate vulnerability coverage of your web apps. 

As new dangerous web app vulnerabilities are discovered by our Security Response Team, vulnerability detections are quickly added to Tenable.io Web App Scanning, so that users can detect and remediate them. In the case of a recent WordPress plugin attack, new vulnerability detections were released within hours. And, all web apps assessed by Tenable.io Web App Scanning integrate into the Tenable.io asset view alongside your traditional IT and cloud assets for unified visibility across your attack surface. 

Announcing exciting, new capabilities in Tenable.io Web App Scanning

Tenable.io Web App Scanning just got a whole lot better. Starting on April 30 for new Tenable.io Web App Scanning customers, we’re releasing several important, new product enhancements. If you’re an existing Tenable.io Web App Scanning customer, you’ll be able to take advantage of these new capabilities in just a few short weeks to ensure you have a seamless product experience. The new capabilities include:

• Fully integrated dashboards for unified visibility. Tenable.io Web App Scanning data is now fully integrated into Tenable.io dashboards and widget library. Create new customized dashboards and widgets to combine IT, cloud and web app vulnerability data into a single unified view. This helps you analyze and drill into web apps as you would with other assets across your attack surface to find and fix the vulnerabilities that matter most. 

• Single-page app support for enhanced detections. A new state-of-the-art scanning engine now supports dynamic, JavaScript-based single-page apps invisible to many web app scanners. Additional vulnerability detections include support for Apache Solr, new plugins for source-code-leakage vulnerabilities, and dozens of component vulnerabilities in PHP, Joomla and Drupal.
• Fast discovery of common web app flaws. Predefined scan templates enable you to quickly identify common web app cyber hygiene issues related to SSL/TLS certificates and HTTP header misconfigurations. These scans take seconds to configure and minutes to get results for quick insights.

And, because it is built by Tenable Research, Tenable.io Web App Scanning gains all the benefits this world-class research organization provides: number one in CVE coverage, number one in scan accuracy and speed of new vulnerability detections. This gives you confidence that your development teams aren’t wasting time remediating false positives or missing vulnerabilities that could be leveraged by an attacker.

Try Tenable.io Web App Scanning for free

Beginning on April 30, we are providing all Tenable.io customers access to Tenable.io Web App Scanning for free for 30 days, even if you had previously evaluated it in the past. Customers will receive evaluation invites and be able to opt in directly in Tenable.io. See firsthand how web app security data integrates into your existing dashboards and workflows for unified visibility.

Not yet a Tenable.io customer? No problem. You can still try Tenable.io Web App Scanning for free to see how easy it is to quickly configure new web app scans and analyze results.

Learn more about Tenable.io Web App Scanning

Looking to learn more before starting your free eval? Join us for an upcoming webinar,“RCEs and Remote Employees. How Vulnerable Are Your Web Apps?” on May 20. We’ll share the latest research insights into web app vulnerabilities and threats, along with an in-depth demo of Tenable.io Web App Scanning. Save your spot. Register now.

Start free trial

_{1. https://www.internetlivestats.com/total-number-of-websites/
2. 2019 Data Breach Investigations Report, Verizon, 2019
3. The Life and Times of Cybersecurity Professionals 2018, ESG, 2019}