Create a Web Application Scan

Use the following procedure to create and launch a web application scan in Tenable Nessus Expert. For more information on web application scanning with Tenable Nessus, see Web Application Scanning in Tenable Nessus.

Note: Tenable Nessus Expert only allows one concurrent web application scan at a time.

Before you begin:

Install Tenable Web App Scanning in Tenable Nessus. Doing so gives you access to the Web App scan templates.

To create a WAS scan:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the upper-right corner, click the New Scan button.

    The Scan Templates page appears.

  3. Click the Web App tab.

    The Web App scan templates page appears.

  4. Click the Web App scan template that you want to use.

  5. Configure the scan:

    • Configure the Basic, Scope, Assessment, and Advanced settings. Depending on the scan template you choose, some of these settings may not be available for configuration.

      For WAS scans, you must at least name the scan and configure a Target URL. The Target URL specifies the URL for the target you want to scan. Targets must start with the http:// or https:// protocol identifier; regular expressions and wildcards are not allowed.

      Note: If the URL you type in the Target URL box has a different FQDN host from the URL that appears on your license, and your scan runs successfully, the new URL you type counts as an additional asset on your license.

      Note: If you create a user-defined scan template, the Target URL setting is not saved to the template. Type a target each time you create a new scan.

    • (Optional) Configure web authentication credentials for the scan.

    • (Optional) Enable or disable individual plugins.

  6. Do one of the following: 

    • If you want to launch the scan later, click the Save button.

      Tenable Nessus saves the web application scan.

    • If you want to launch the scan immediately:

      1. Click the down button.
      2. Click Launch.

      Tenable Nessus saves and launches the web application scan.

      For information on viewing and interpreting web application scan results, see the following video: Web App Vulnerability Analysis in Nessus Expert 10.6.