DATASHEET

A Simple, Scalable Approach to

Dynamic Application Security Testing

Key Benefits
Modern web applications continue to be a challenge for organizations to secure
as developers build increasingly complex business applications faster than ever.
Many organizations are releasing new or updated web applications multiple times
per day, each containing multiple vulnerabilities on average. Often outnumbered • Improve Scanning Confidence
by developers by 100:1, security teams are struggling to keep up, and many web Deliver highly accurate results with
applications are not assessed for security issues until it’s too late. Lack of application minimal false positives and negatives,
security skills and resources inhibit many organizations from adequately defending giving you and your developers
against cyberthreats. confidence that your reports are
accurate.
But yet another standalone security product isn’t the answer. Security leaders
must have visibility into the security of all of their web applications as part of a
• Reduce Manual Work Efforts
comprehensive Cyber Exposure solution to gain a complete view of their security and
Low-touch automated scanning allows
compliance posture.
you to understand your web application
Whether purchased as a standalone module to Tenable.io, or as a core component security risks as your environment
of the Tenable Exposure Platform (Tenable.ep), Tenable.io Web Application Scanning changes without the manual effort and
provides this visibility as part of a comprehensive Cyber Exposure solution. The time otherwise needed.
product delivers safe and automated vulnerability scanning to that can easily scale
to cover the entire online portfolio, so security professionals can rapidly assess their • Remove Security Blind Spots
web applications without heavy manual effort. Tenable.io Web Application Scanning Scan all of your applications, including
provides high detection rates with minimal false positives, ensuring you understand those built using modern web
the true cyber risks in your web applications. frameworks, such as JavaScript, AJAX,
HTML5 and Single Page Applications.

• Rapid Security Assessments

Deliver immediate value with fast web
application scans to discover common
security hygiene issues that run in two
minutes or less.

• Reduce Product Sprawl

Gain visibility into your true cyber risks
across your modern attack surface as
part of the Tenable Cyber Exposure
platform to decrease complexity and
product sprawl.

Tenable.io Web Application Scanning allows security teams to view identified vulnerabilities to
ensure visibility and prioritize remediation.
Key Capabilities
Understand Your Web Applications Rapidly Detect Cyber Hygiene Issues
Tenable.io Web Application Scanning helps you understand the Tenable.io Web Application Scanning provides two pre-built
page structure and layout of your web applications. The overview scanning templates for common and potentially costly web
scan provides you with the key basic findings in a short period of application misconfigurations. The SSL/TLS Scan checks for
time so you can better plan for a full assessment. invalid, expiring or improperly issued certificates that trigger
browser warning messages and user bounce rates. The Config Audit
Advanced Dashboard Capabilities Scan checks for overly descriptive responses to HTTP calls that
Dashboards in Tenable.io Web Application Scanning give you provide valuable reconnaissance information to would-be hackers.
“at-a-glance” visibility into scanned web applications. View Both scans complete in several minutes for near-immediate results.
vulnerabilities over time and based on risk level, OWASP Top 10
security issues, and descriptions of all vulnerabilities with detailed 3rd-Party Component Scanning
remediation instructions for developers. Pre-configured Web applications comprise up to 85% third-party and open source
executive summary dashboards allow you to share critical components, including Content Management Systems, web servers
business-level details with leadership. Customizable dashboards and language engines, that often contain dangerous vulnerabilities.
help you clearly communicate application security metrics that Tenable.io Web Application Scanning can identify third-party
matter most to your team. components in an application and assess them for vulnerabilities as
part of a comprehensive web application scan.
Safe Scanning of Web Applications
In order to prevent performance latency and disruptions, it’s Advanced Authentication Support
important to define parts of critical web applications that are Many web applications implement authentication to control access
safe to scan and define other parts that should never be scanned. to sensitive user data, which can inhibit the ability for vulnerability
With Tenable.io Web Application Scanning, you can exclude parts scanners to assess the application. Tenable.io Web Application
of the web application to be scanned by providing the URLs or file Scanning supports a broad range of authentication options, such
extensions to be excluded from the scan, ensuring the scanner is as form-based authentication, cookie-based authentication, NTLM
non-intrusive. support, and Selenium-based authentication, to address most web
application requirements.
Automated Web Application Scanning
With the scarcity (and cost) of security professionals, it’s important Unified Web App Scanning and Vulnerability Management
to find solutions that offer automation to help alleviate the lack of Tenable.io Web Application Scanning delivers comprehensive and
security resources. Tenable.io Web Application Scanning allows accurate web application scanning as part of a seamless Tenable
you to simply and rapidly assess all of your web applications with a Cyber Exposure platform experience so you can gain a complete
highly automated solution that reduces your manual work effort. view of your security and compliance exposure. This helps
eliminate data silos and minimize the burden of product sprawl, so
Coverage of Modern Web Application Frameworks you can understand your cyber risk and protect your organization
Legacy web app scanners can’t keep up with the modern with one solution.
applications that have exploded in development today. Tenable.io
Web Application Scanning is not only able to scan traditional HTML
web applications, but also supports dynamic web applications built
using HTML5, JavaScript and AJAX frameworks, including Single
Page Applications.

For More Information: Please visit tenable.com

Contact Use: Please email us at sales@tenable.com

COPYRIGHT 2021 TENABLE, INC. ALL RIGHTS RESERVED. TENABLE, TENABLE.IO, TENABLE NETWORK SECURITY, NESSUS, SECURITYCENTER, SECURITYCENTER
CONTINUOUS VIEW AND LOG CORRELATION ENGINE ARE REGISTERED TRADEMARKS OF TENABLE, INC. TENABLE.SC, LUMIN, ASSURE, AND THE CYBER EXPOSURE
COMPANY ARE TRADEMARKS OF TENABLE, INC. ALL OTHER PRODUCTS OR SERVICES ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS. Datasheet / Web App Scanning / 012721