TOC & Recently Viewed

Recently Viewed Topics

Provision Tenable Core Web Application Scanner (BYOL)

The Tenable Core Web Application Scanner is an instance installed within Microsoft Azure that allows scanning of internally-facing web applications deployed within Microsoft Azure. The Tenable Core Web Application Scanner is a Dynamic Application Security Testing (DAST) technology. It is used to perform vulnerability assessments of web applications. Customers interested in leveraging Tenable Core Web Application Scanner BYOL to secure web applications must obtain an evaluation of Web Application Scanner through the drop down at the top of or purchase the add-on.

  1. To provision a Tenable Core Web Application Scanner BYOL instance, go to Microsoft Azure ( and log in.

  2. Click the green + New to open the Azure Marketplace.

  3. Enter Tenable in the search box and the TenableCore WAS (BYOL) instance will appear below.

  4. Click TenableCore WAS (BYOL) to open the instance details. Choose an option under Select a deployment model and click Create to begin deployment of the Tenable Core Web Application Scanner BYOL virtual machine.

  5. Enter the configuration information on the Basics screen and click OK. Refer to the Tenable Core WAS BYOL Scanner Basics table for details.

    Tenable Core WAS BYOL Scanner Basics

    Option Description
    Name Descriptive name for the Tenable Core WAS BYOL scanner.
    VM disk type Select between SSD and HDD drives.
    User name User account name used to access the Tenable Core WAS BYOL scanner.
    Authentication type Select SSH public key.
    SSH Public Key

    Once generated, enter the SSH public key.

    Note: Create a keypair if necessary:

    ssh-keygen -t rsa
    cat ~/.ssh/
    Subscription Select the subscription to which the virtual machine will be added.
    Resource group Enter the name of a new Resource group or select an existing Resource group.
    Location Select the geographical location for the virtual machine.
  1. Once the Basics information is entered, instance sizes and pricing appears.

  2. From the available options, click to choose the desired virtual machine size.

  3. On the Settings screen, enter the required information and click OK (highlighted below). Refer to the TenableCore WAS BYOL Scanner Settings below for details.

    Tenable Core WAS BYOL Scanner Settings

    Option Description
    Storage accounts Create or select a storage account type and select Standard or Premium disk type.
    Network Create or select a virtual network where the Tenable Core WAS BYOL will reside.
    Subnet Assign Tenable Core WAS BYOL to a subnet in the virtual network.
    Public IP Address Option to create a public IP address so that the Tenable Core WAS BYOL virtual machine is accessible outside the virtual network.
    Network security group Enables firewall rules to control traffic to and from the Tenable Core WAS BYOL virtual machine.
    Extensions Adds new features, like configuration management or anti-virus protection, to your virtual machine.
    High availability Provides redundancy by grouping two or more virtual machines in an availability set.
    Monitoring Enable system diagnostics and create a diagnostics storage account to analyze the results.
  1. Offer details will display. Review, then click Purchase to buy the Tenable Core WAS BYOL virtual machine you configured.

  2. If you are deploying the instance into an Azure Virtual Network, you must ensure it can be reached via TCP port 8000 on an IP address associated with the instance. This is needed to complete the configuration process, as well as for the use of the product.

  3. Configure the instance and/or the Azure Virtual Network so that Tenable Core WAS can communicate with Tenable servers; this is required for registration and plugin updates. If for some reason this is not possible, please refer to the Tenable Core for Web Application Scanning User Guide regarding off-line updates.

  4. Generally, you will connect to the public IP address (or external hostname) associated with an instance. If you are connecting to Tenable Core WAS over a VPN to an Azure Virtual Network, it may be the private IP address. The IP addresses associated with the instance can be found under the virtual machine Settings.

  5. Next, SSH into Tenable Core using the external IP or Azure's internal IP from another instance.

    Note: Use the following command ssh {useraccount}@{ip_address}. The user account used here is the user account created in step 5.

  6. Enter the following command using the user account created in step 5 and the Azure instance's public IP address to create a secure web UI: sudo passwd {useraccount}.
  7. Open your browser and go to the URL - https://{ip_address}:8000 to sign in to the web UI.
  8. In the left menu, click on the Web Application Scanner option. A new window will display.

  9. Enter the link key.

  10. Click Activate Scanner.

    A confirmation displays.

  11. The scanner displays under linked scanners.

  12. To complete configuration, see the Tenable Core for Web Application Scanning User Guide.

    Note: Microsoft does not require pre-approval to conduct vulnerability scans against Azure resources.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.