Manage Web App Scans

Required Additional License: Tenable Web App Scanning

Required Tenable Nessus Version: 10.6.1 or later

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

For more information about web app scans, see Web App Scans.

Configure Web App Scans using Tenable Core or Docker

To configure web app scans with Tenable Security Center using Tenable Core or Docker image:

Note:Tenable Security Center allows four concurrent web app scans per configured Tenable CoreTenable Web App Scanning or Docker image at a time.

  1. Apply the Tenable Web App Scanning for Tenable Security Center license, as described in Update an Existing License.

  2. Ensure the Tenable Web App Scanning plugins are updated, as described in Plugin/Feed Settings. The plugins automatically update when the license is updated.

  3. To add a Sensor Proxy to Tenable Security Center: if there is not one added or if a new one is required due to network architecture.

  4. Add a Tenable CoreTenable Web App Scanning or a Tenable Web App Scanning as a Docker image to your environment.

  5. Add a Web Application Scanner to your Sensor Proxy.

  6. Add a scan zone in Tenable Security Center, as described in Add a Scan Zone.

  7. Add a universal repository for the scan data in Tenable Security Center, as described in Add a Repository.

  8. Configure your Tenable Web App Scanning credentials, as described in Add Credentials.

  9. Create a Web App Scanning scan policy, as described in Add a Scan Policy.

  10. Add a web app scan in Tenable Security Center, as described in Add a Web App Scan.

Configure Web App Scans using Tenable Nessus

To configure web app scans using a Tenable Nessus scanner:

Note: You can use a Tenable Nessus scanner to perform web app scans, however this will be deprecated in a future release. For more information about Tenable Nessus scanners, see Tenable Nessus Scanners.

Note:Tenable Security Center allows only one concurrent web app scan per configured Tenable Nessus scanner at a time.

  1. Apply the Tenable Web App Scanning for Tenable Security Center license, as described in Update an Existing License.

  2. Ensure the Tenable Web App Scanning plugins are updated, as described in Plugin/Feed Settings. The plugins automatically update when the license is updated.

  3. If you are configuring a Tenable Nessus scanner:

    1. Ensure you are running Docker version 20.0.0 or later on your Tenable Nessus host. Tenable recommends the official Docker builds and install packages.

      Note: If your scanner is configured to connect through a proxy, ensure that you configure the proxy settings directly in Docker.

    2. Ensure you are running Tenable Nessus version 10.6.1 or later.

    3. Ensure your system meets the hardware requirements for Tenable Nessus with Tenable Web App Scanning enabled.

    Note: The following platforms do not support web app scanning in Tenable Nessus:

    • Any host system that does not support official Docker builds.

    • Any host that uses an ARM-based processor (for example, AArch64 Linux distributions and macOS M1 and M2 systems).

    • Tenable Core + Tenable Nessus, or any instance of Tenable Nessus that already runs within a Docker image.

    For more information about Docker support on virtualized hosts, see the Docker documentation.

  4. Enable the Tenable Web App ScanningCapable option for the Tenable Nessus scanner in Tenable Security Center, as described in Tenable Nessus Scanners.

  5. Add a scan zone in Tenable Security Center, as described in Add a Scan Zone.

  6. Add a universal repository for the scan data in Tenable Security Center, as described in Add a Repository.

  7. Configure your Tenable Web App Scanning credentials, as described in Add Credentials.

  8. Create a Web App Scanning scan policy, as described in Add a Scan Policy.

  9. Add a web app scan in Tenable Security Center, as described in Add a Web App Scan.

Add a Web App Scan

You can create web app scans in Tenable Security Center using Web Application Scanning templates. For more information, see Scan Policy Templates.

For more information, see Web App Scans and Web App Scan Settings.

Before you begin:

  • Confirm you understand the complete web app scanning configuration process, as described in Web App Scans.

  • Configure a Web App Scanning scan policy, as described in Manage Scan Policies.

To add a web app scan:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Web App Scans.

    The Web App Scans page appears.

  3. At the top of the table, click Add.

    The Add Web App Scan page appears.

  4. Click General.

    1. Type a Name for the scan.

    2. (Optional) Type a Description for the scan.

    3. In the Policy drop-down menu, select the Web App Scanning scan policy.

    4. (Optional) Select a Schedule for the scan.

  5. Click Settings.

    1. Select a Scan Zone for the scan.

    2. Select an Import Repository for the scan.

  6. Click Targets.

    1. Type a target URL for the scan.

  7. Click Credentials.

    1. Click Add Credential.

    2. In the drop-down boxes, select a credential type and a preconfigured credential.

    3. Click the check mark to save your selection.

  8. (Optional) Click Post Scan.

    1. If you want to configure automatic report generation, click Add Report. For more information, see Add a Report to a Scan.

  9. Click Submit.

    Tenable Security Center saves your configuration.

What to do next:

View Web Application Scan Details

To view web application scan details:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Web App Scans.

    The Web App Scans page appears.

  3. To filter the scans that appear on the page, apply a filter as described in Apply a Filter.

  4. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  5. Click View.

    The View Web App Scan page appears.

Start a Web App Scan

To start a web app scan:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Web App Scans.

    The Web App Scans page appears.

  3. To filter the scans that appear on the page, apply a filter as described in Apply a Filter.

  4. To start a scan, see Start or Pause a Scan.

    Note: Pausing is not supported for web app scans.

Edit a Web App Scan

To edit a web app scan:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Web App Scans.

    The Web App Scans page appears.

  3. To filter the scans that appear on the page, apply a filter as described in Apply a Filter.

  4. Right-click the row for the scan.

    The actions menu appears.

    -or-

    Select the check box for the scan.

    The available actions appear at the top of the table.

  5. Click Edit.

    The Edit Web App Scan page appears.

  6. Modify the scan options. For more information, see Web App Scan Settings.

  7. Click Submit.

    Tenable Security Center saves your configuration.

Delete a Web App Scan

To delete one or more web app scans:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Web App Scans.

    The Web App Scans page appears.

  3. To filter the scans that appear on the page, apply a filter as described in Apply a Filter.

  4. To delete a scan:

    1. Right-click the row for the scan.

      The actions menu appears.

      -or-

      Select the check box for the scan.

      The available actions appear at the top of the table.

    2. Click Delete.

      Tenable Security Center deletes the scan.

  5. To delete multiple scans:

    1. In the table, select the check box for each scan you want to delete.

      The available actions appear at the top of the table.

    2. At the top of the table, click Delete.

      A confirmation window appears.

    3. Click Delete.

      Tenable Security Center deletes the scans.