TENABLE.io WAS (Web App Scanning)



TENABLE.io WAS (Web App Scanning)

Tenable.io™ Web Application Scanning delivers safe and automated vulnerability scanning to that can easily scale to cover the entire online portfolio, so security professionals can rapidly assess their web applications without heavy manual effort. Tenable.io Web Application Scanning provides high detection rates with minimal false positives, ensuring you understand the true cyber risks in your web applications.



  • Understand Your Web Applications - Tenable.io Web Application Scanning helps you understand the page structure and layout of your web applications. The overview scan provides you with the key basic findings in a short period of time so you can better plan for a full assessment
  • Advanced Dashboard Capabilitie - Dashboards in Tenable.io Web Application Scanning give you"at-a-glance" visibility into scanned web applications. View vulnerabilities over time and based on risk level, OWASP Top 10 security issues, and descriptions of all vulnerabilities with detailed remediation instructions for developers. Pre-configuredexecutive summary dashboards allow you to share critical business-level details with leadership. Customizable dashboards help you clearly communicate application security metrics that matter most to your team.

  • Safe Scanning of Web Application - In order to prevent performance latency and disruptions, it's important to define parts of critical web applications that are safe to scan and define other parts that should never be scanned. With Tenable.io Web Application Scanning, you can exclude parts of the web application to be scanned by providing the URLs or file extensions to be excluded from the scan, ensuring the scanner is non-intrusive
  • Automated Web Application Scanning - With the scarcity (and cost) of security professionals, it's important to find solutions that offer automation to help alleviate the lack of security resources. Tenable.io Web Application Scanning allows you to simply and rapidly assess all of your web applications with a highly automated solution that reduces your manual work effort.
  • Coverage of Modern Web Application Frameworks - Legacy web app scanners can't keep up with the modern applications that have exploded in development today. Tenable.io Web Application Scanning is not only able to scan traditional HTML web applications, but also supports dynamic web applications built using HTML5, JavaScript and AJAX frameworks, including Single Page Applications.
  • Rapidly Detect Cyber Hygiene Issue -Tenable.io Web Application Scanning provides two pre-built scanning templates for common and potentially costly web application misconfigurations. The SSL/TLS Scan checks for invalid, expiring or improperly issued certificates that trigger browser warning messages and user bounce rates. The Config Audit Scan checks for overly descriptive responses to HTTP calls that provide valuable reconnaissance information to would-be hackers. Both scans complete in several minutes for near-immediate results
  • 3rd-Party Component Scanning -Web applications comprise up to 85% third-party and open source components, including Content Management Systems, web servers and language engines, that often contain dangerous vulnerabilities. Tenable.io Web Application Scanning can identify third-party components in an application and assess them for vulnerabilities as part of a comprehensive web application scan.
  • Advanced Authentication Support - Many web applications implement authentication to control access to sensitive user data, which can inhibit the ability for vulnerability scanners to assess the application. Tenable.io Web Application Scanning supports a broad range of authentication options, such as form-based authentication, cookie-based authentication, NTLM support, and Selenium-based authentication, to address most web application requirements.

For details, please contact us.