Tenable
Web App Scanning
Unified web app and API scanning that’s simple, scalable and automated
Whether it’s the top 10 risks from OWASP, vulnerable web app components or APIs, Tenable Web App Scanning gives you comprehensive dynamic application security testing (DAST).
Web application security from the largest vulnerability research team in the industry
Results in minutes
Deliver immediate value with fast web application scans to discover common security hygiene issues that run in two minutes or less.
Intuitive scan setup
Set up a new web app scan in a few seconds by leveraging the same vulnerability management workflows you are already familiar with. Configure weekly or monthly automated testing of all of your applications.
Fully integrated dashboards
Create fully customizable dashboards and widget visualizations to integrate IT, cloud and web application vulnerability data into a single, unified view.
On-Prem Web App Scanning available through Tenable Security Center integration
FedRAMP-authorized Tenable Web App Scanning is available as a cloud-based solution, and now on-premises seamlessly integrated into Tenable Security Center. This empowers all customers, regardless of deployment preference, to enhance their security posture and protect against web app vulnerabilities.
Learn moreScalable deployment and architecture
Tenable Web App Scanning provides easy-to-use, comprehensive and automated vulnerability scanning for modern web applications, so you can configure and manage web app scans in a matter of minutes with minimal tuning.
Tenable One
Available through Tenable One: The world’s only end-to-end exposure management platform
Tenable One solves the central challenge of modern security: a deeply divided approach to seeing and doing battle against cyber risk. We remove risk by unifying security visibility, insight and action across the attack surface to rapidly expose and close gaps. Customers use Tenable One to eradicate priority cyber weaknesses and protect against attacks—from IT infrastructure to cloud environments to critical infrastructure and everywhere in between.
Learn more
FAQs
- What is Tenable Web App Scanning?
-
Tenable Web App Scanning is a dynamic application security testing (DAST) application. A DAST crawls a running web application through the front end to create a site map with all of the pages, links and forms for testing. Once the DAST creates a site map, it interrogates the site through the front end to identify any vulnerabilities in the application custom code or known vulnerabilities in the third-party components that comprise the bulk of the application.
- What kind of vulnerabilities does Tenable Web App Scanning identify?
-
Tenable Web App Scanning identifies OWASP Top 10 vulnerabilities such as cross-site scripting (XSS) and SQL injection in custom application code and vulnerable versions of third-party components running on your site. Both categories of vulnerabilities are essential to ensure comprehensive vulnerability coverage in modern web applications.
- Does Tenable Web App Scanning identify misconfigurations or certificate issues?
-
Yes, you can use Tenable Web App Scanning to identify a number of cyber hygiene issues in web applications in two minutes or less through the use of predefined scan templates. The SSL/TLS scan template checks for improperly issued or soon-to-expire SSL/TLS certificates, which helps users avoid costly and embarrassing browser warnings and redirects. The Config Audit scan template checks for a number of server-side misconfigurations that leave web applications vulnerable to hacker reconnaissance or man-in-the-middle attacks.
- Can I tailor information that Tenable Web App Scanning users have access to?
-
Yes. Tenable Web App Scanning includes role-based access control. Administrators have the option of creating user groups and assigning user permissions to view and launch scans on an individual scan basis. Users will only see relevant scan data, allowing them to more easily focus their efforts and prioritize which vulnerabilities to remediate.
- Can I create custom reports in Tenable Web App Scanning?
-
Yes. Tenable Web App Scanning gives users the ability to create a variety of dashboards to tailor their reporting needs. Pre-configured, executive-level reports are available to keep business stakeholders informed of team remediation progress without getting lost in technical details. Tenable Web App Scanning also allows users to create fully-custom dashboards of scan data to track metrics that are relevant to their teams. Tenable Vulnerability Management and Tenable Web App Scanning users can also create fully integrated dashboards combining IT, cloud and web application vulnerabilities for unified visibility across their attack surface.
- Does Tenable Web App Scanning scan single page applications?
-
Yes. Tenable Web App Scanning scans modern web applications including single page applications. While no scanning tool can guarantee 100% coverage of all application types and vulnerabilities, Tenable Web App Scanning crawls and scans many of the most popular single page application frameworks.
- How often are new vulnerability detections added to Tenable Web App Scanning?
-
Tenable’s world-class Research Team built Tenable Web App Scanning. Tenable Research continuously analyzes vulnerabilities and the threat landscape and adds new detections for third-party components and custom code vulnerability detection as new security issues are discovered.
- Can I use Tenable Web App Scanning to perform code reviews?
-
No. Tenable Web App Scanning is a dynamic application security testing (DAST) tool, meant to test running applications and does not perform static code reviews. Static application security testing (SAST) tools perform code reviews.
Related resources
Try Tenable Web App Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management Platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications.