Create a Web Application Scan
Use the following procedure to create and launch a web application scan in Tenable Nessus Expert. For more information on web application scanning with Tenable Nessus, see Web Application Scanning in Tenable Nessus.
Note: Tenable Nessus Expert only allows one concurrent web application scan at a time.
Before you begin:
Install Tenable Web App Scanning in Tenable Nessus. Doing so gives you access to the Web App scan templates.
To create a WAS scan:
In the top navigation bar, click Scans.
The My Scans page appears.
In the upper-right corner, click the New Scan button.
The Scan Templates page appears.
- Click the Web App tab.
The Web App scan templates page appears.
Click the Web App scan template that you want to use.
Configure the scan:
For WAS scans, you must at least name the scan and configure a Target URL. The Target URL specifies the URL for the target you want to scan. Targets must start with the http:// or https:// protocol identifier; regular expressions and wildcards are not allowed.
Note: If the URL you type in the Target URL box has a different FQDN host from the URL that appears on your license, and your scan runs successfully, the new URL you type counts as an additional asset on your license.
Note: If you create a user-defined scan template, the Target URL setting is not saved to the template. Type a target each time you create a new scan.
(Optional) Configure web authentication credentials for the scan.
(Optional) Enable or disable individual plugins.
Do one of the following:
If you want to launch the scan later, click the Save button.
Tenable Nessus saves the web application scan.
If you want to launch the scan immediately:
- Click the button.
- Click Launch.
Tenable Nessus saves and launches the web application scan.
For information on viewing and interpreting web application scan results, see the following video: Web App Vulnerability Analysis in Nessus Expert 10.6.