TOC & Recently Viewed

Recently Viewed Topics

Web Application Scan Templates

On the Scans page, the Web Application tab appears, displaying Tenable.io Web Application Scanning scan templates. You can use these templates with the default settings to create scans, or you can configure the templates based on your organization's web application scanning policies.

The Web Application tab displays the following Tenable.io Web Application Scanning scan type templates:

Note: Tenable recommends that you run a Web Application Overview scan the first time you scan a web application. After the scan completes, review the targeted URLs to determine whether scanning those URLs for vulnerabilities is sufficient. If scanning the target URLs is sufficient, use the default configurations when you run a Web App Scan. If not, configure the Web App Scan template settings to include or exclude certain URLs.

Template Description
Web App Overview

High-level preliminary scan that determines which URLs in your web application that Tenable.io Web Application Scanning scans by default.

Web App Scan

Detailed scan that checks your web application for vulnerabilities.

Note: A Web App Scan generally takes more time to complete than other Tenable scans.

Legacy Web App Scan

Detailed scan that allows you to use a Nessus scanner to scan your web applications.

Note: Unlike the Tenable.io Web Application Scanning scanner, the Nessus scanner does not use a browser to scan your web applications. Therefore, a Legacy Web App Scan is not as comprehensive as a Web App Scan.

Web App Overview Scan

Note: To avoid an Access Denied error when running a scan, you must add an Allow rule to the Cloudflare firewall for the scan's user agent string.

Web App Scan Settings

Legacy Web App Scan Settings

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.