Web Application Scanning in Tenable Nessus

Web application scanning (WAS) is available in Tenable Nessus Expert. Web application scanning in Tenable Nessus allows you to scan and address web application vulnerabilities that traditional Tenable Nessus scanners, Tenable Nessus Agents, or Tenable Nessus Network Monitor cannot scan.

Note: The following platforms do not support web application scanning in Tenable Nessus:

  • Any host system that does not support Docker or has Docker installed

  • Any host that uses an ARM-based processor (for example, AArch64 Linux distributions and macOS M1 and M2 systems)

  • Tenable Core + Tenable Nessus, or any instance of Tenable Nessus that already runs within a Docker image

For more information about Docker support on virtualized hosts, see the Docker documentation.

Licensing

If you license web application scanning in Tenable Nessus Expert, you can scan up to five different FQDNs, and you can purchase additional FQDNs by contacting your Tenable representative.

If you do not perform a web application scan on an FQDN for 90 days, Tenable Nessus removes the FDQN from your license and it no longer counts towards your FQDN limit. You cannot delete web application scan data to remove the FQDN from your license.

Note: Tenable Nessus Expert only allows one concurrent web application scan at a time.

Prerequisites

Before you enable web application scanning in Tenable Nessus Expert, you must install Docker version 20.0.0 or later on your Tenable Nessus host.

Enable web application scanning in Tenable Nessus

  1. Under Resources in the left-side navigation pane, click Web App Scanning.

    The Web Application Scanning (WAS) page appears. The WAS requirements and information section shows whether Docker is installed on your Tenable Nessus host, the Docker version, whether web application scanning is downloaded on your Tenable Nessus host, and the current web application scanning plugin set.

  2. Select the Enable Web Application Scanning check box.

  3. Click Save.

    Tenable Nessus starts to download web application scanning.

    Once the web application scanning download completes, the WAS requirements and information section indicates that web application scanning is downloaded (as shown in the following image). You can now view Web App scan templates in the Tenable Nessus scanning user interface and perform web application scans.

    Tip: With web application scanning installed, you can click next to the WAS Image Last Checked field to update Tenable Nessus with the latest Tenable Web App Scanning version.

    For more information on how to install Tenable Nessus Expert and web application scanning, see the following video: Web App Scanning in Nessus Expert 10.6.

What to do next: