Get Started with Web Application Scanning in Tenable Nessus Expert

With the release of Tenable Nessus 10.6, Tenable brings its web application scanning functionality to Tenable Nessus Expert. The following overview provides you with everything you need to know to get started using web application scanning in Tenable Nessus Expert. Even if you are already familiar with Tenable’s cloud-based application scanner, read this overview in its entirety, as it contains information you must know to use this functionality successfully.

For more information about web application scanning in the Tenable Nessus Expert user interface, see Web Application Scanning in Tenable Nessus and Create a Web Application Scan.

System and Hardware Requirements

While Tenable Nessus itself is installed directly on the host operating system, the web scanner portion of Tenable Nessus Expert is installed as a Docker image on the same host. To do this, your host must have Docker version 20.0.0 or later installed. The web application scanner cannot run if the host does not have Docker installed (all other Tenable Nessus functionality works as expected without Docker being installed).

To install Docker and view Docker system requirements on your host, see https://docs.docker.com/. Once Docker is installed on the host, you can install or upgrade to Tenable Nessus 10.6 or later on the host (you can also install Docker after you install or upgrade to Tenable Nessus).

The following table describes the hardware requirements for web application scanning in Tenable Nessus Expert:

Hardware Minimum Requirement
Processor > 8 2GHz cores
RAM

> 8 GB

Tenable recommends using 16 GB RAM for the best results.
Disk Space

> 40 GB, not including space used by the host operating system

Your overall usage (scan results, plugin updates, logging) increase the amount of disk space needed over time.

Note: The following platforms do not support web application scanning in Tenable Nessus:

  • Any host system that does not support Docker or has Docker installed

  • Any host that uses an ARM-based processor (for example, AArch64 Linux distributions and Apple Silicon systems)

  • Tenable Core + Tenable Nessus, or any instance of Tenable Nessus that already runs within a Docker image

For more information about Docker support on virtualized hosts, see the Docker documentation.

Installation Notes

To install web application scanning in Tenable Nessus Expert, see Web Application Scanning in Tenable Nessus.

In addition to the following installation notes, see the following video on how to install Tenable Nessus Expert and web application scanning: Web App Scanning in Nessus Expert 10.6.

  • Tenable Nessus Expert must be able to detect that Docker is installed on the host before you can enable web application scanning.

    On Windows systems, you must run the Docker Desktop as administrator (right-click the Docker Desktop icon and select Run as administrator) for Tenable Nessus Expert to detect the presence of Docker. In the event you installed Docker Desktop in a custom directory path, Tenable Nessus Expert on Windows may not be able to detect the instance. In this case, use the Nessuscli utility to tell Tenable Nessus Expert where in the host system’s directory path the Docker binary lives. For example, if you are running a Windows host and your Docker executable is stored here:

    C:\Program Files\Docker\Docker\Resources\bin\docker.exe

    Run the following command as administrator:

    nessuscli fix --set global.path_to_docker="C:\Program Files\Docker\Docker\resources\bin\docker.exe"

    You can use this same command on Linux systems by adding the Linux file path to the Docker binary.

    Then, restart the Tenable Nessus service and log in to finish enabling web application scanning.

  • Do not attempt to install Tenable Nessus web application scanning on an existing Docker image. The web application scanner already resides on a Docker image, and running a Docker application within another docker image is not supported and results in poor performance.

  • Tenable Core + Tenable Nessus image do not support web application scanning.

  • Tenable Nessus web application scanning does not run on ARM processors (for example, AArch64 Linux or macOS Apple Silicon processors).

Best Practices

  • Web applications, whether complex or simple, require knowledge of the application to configure the scanner to perform to the best of its capabilities successfully. Tenable recommends working with web application developers to ensure that you use the proper scan configuration settings for the specific applications architecture.

  • Because web application scanning can be invasive depending on how the scan is configured, Tenable recommends first scanning against a mirror image of the web application, if available. This allows you to determine the impact of using various scan configurations against the application.

  • When scanning a production application directly, Tenable recommends only performing web scans during your organization’s scheduled maintenance windows.

  • In most cases, security practitioners identify specific web applications to assess for vulnerabilities. However, they may not be aware of all the potential web applications deployed in their environment. Tenable recommends running an initial scan to identify potential web applications. Doing so allows you to compile a list of potential web application targets. You can use the list to engage with system administrators and web application developers and determine whether these hosts require a full web application vulnerability assessment. For more information, see the following video on identifying web application hosts in your network: How to Detect Web Applications with Nessus.

Web Application Scanning Templates

The web application scanner in Tenable Nessus Expert includes seven scan templates:

  • An API scanning template

  • A web application configuration audit template

  • A Log4Shell detection template

  • A web application overview template

  • A PCI ASV template

  • A general web application scan template

  • An SSL TLS audit scan

  • A quick web application scan template

In most circumstances, Tenable recommends using the following scan templates in their listed order to generate scan results that meet most organization’s security requirements:

  1. SSL TLS

    For information about setting up and launching an SSL TLS scan against a web application, see the following video: Web App SSL and TLS Scanning in Nessus Expert 10.6.

  2. Web App Config Audit

    For information about setting up and launching a Web App Config Audit scan against a web application, see the following video: Web App Config Audit Scanning in Nessus Expert 10.6.

  3. Web App Overview

    For information about setting up and launching a Web App Overview scan against a web application, see the following video: Web App Overview Scanning in Nessus Expert 10.6.

  4. Scan

    For information about scanning a web application with the Scan template, see the following video: Web App Scan in Nessus Expert 10.6.

For information on viewing and interpreting web application scan results, see the following video: Web App Vulnerability Analysis in Nessus Expert 10.6.

For more documentation on each Tenable Nessus web application scan template, see Scan Templates.

Helpful Knowledge Base Articles

The web application scanner in Tenable Nessus Expert uses the same engine as Tenable's web application scanner found in Tenable Vulnerability Management and Tenable Core + Tenable Web App Scanning. While the following knowledge base articles may reference these other products, the topics discussed in the articles are applicable to web application scanning in Tenable Nessus: