Create a WAS Scan

Required Additional License: Web Application Scanning

Required Web Application Scanning User Role:  Scan Operator, Standard, Scan Manager, or Administrator

To create a scan in the new Web Application Scanning interface:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, in the Web App Scanning section, click Scans.

    The Web Application Scanning Scans page appears.

    Note: If your Web Application Scanning license expires, your web application scans no longer appear in the scans table.

  3. In the upper-right corner of the page, click the add Create Scan button.

    The Select a Scan Template page appears. By default, the Web Application tab is active.

    Tip: For information about creating Vulnerability Management scans, see Create a Vulnerability Management Scan.

  4. Do one of the following:

    • To create a scan based on a Tenable-provided scan template, click the tile for the scan template you want to use for your scan.

      The Create a Scan page appears.

    • To create a scan based on a user-defined scan template:

      1. Click the User Defined tab.

        A list of user-defined scan templates appears.

      2. Click the tile for the scan template you want to use for your scan.

        The Create a Scan page appears.

    Note: Tenable recommends that you run an Overview scan the first time you scan a target to determine which URL targets Web Application Scanning scans by default. Based on the results, you can run a scan via the Scan template and adjust the configurations to exclude certain targets.

    Note: Users with Scan Operator permissions can see and use only the user-defined scan templates that are shared with their account. For more information, see User Roles.

  5. Configure the scan:

    Tab Action

    Specifies the basic organizational and security-related aspects of a scan template. This includes specifying the name of the scan, the target, whether you want to schedule the scan, scan notifications, and who has permissions to view or modify the scan.

    Scope Specifies the URLs and file types you want included in or excluded from your scan.
    Assessment Specifies how a scan identifies vulnerabilities, as well as what vulnerabilities are identified. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications.
    Advanced Specifies advanced controls for scan efficiency.

    Specify the credentials you want Web Application Scanning to use to perform a credentialed scan.

    Plugins Select security checks by plugin family or individual plugin.
  6. Do one of the following:

    • If you want to save without launching the scan, click Save. Web Application Scanning saves the scan.

    • If you want to save and launch the scan immediately, click Save & Launch. Web Application Scanning saves and launches the scan.

    Note: When you launch a scan, the time the scanner takes to complete the scan varies depending on the system load. To prevent unnecessarily lengthy scan times, avoid launching an excessive number of scans simultaneously.

    Excessive numbers of concurrent scans may exhaust the system's scanning capacity. If necessary, Web Application Scanning automatically staggers concurrent scans to ensure consistent scanning performance.

    Note: Web Application Scanning aborts scans that remain in pending status for more than four hours. If Web Application Scanning aborts a scan, modify your scan schedules to reduce the number of overlapping scans. If you still have issues, contact Tenable Support.