Tenable-Provided WAS Templates

Note: This topic describes scan templates in the new interface only. If you activate the new interface, you can use the classic interface to view a snapshot of historical scan templates you created and configured prior to activating the new interface. However, you can modify scan configurations in the new interface only.

When you activate the new interface, be aware of the following changes:

  • In the new interface, the Legacy Web App Scan template appears in the Scanner tab.
  • If you want to create or modify a scan or user-defined scan template based on the PCI WAS Scan template, you can use the classic interface only.

For a list of templates and settings available in the classic interface, see WAS Scan Templates (Classic Interface).

Tenable.io Web Application Scanning provides scanner templates for specific scanning purposes. For general information about scan templates and settings, see Scan Templates and Settings.

Tenable.io Web Application Scanning provides the following scanner templates.

Template Description
API

A scan that checks an API for vulnerabilities. This scan analyzes RESTful APIs described via an OpenAPI (Swagger) specification file.

Tip: If the API you want to scan requires keys or a token for authentication, you can add the expected custom headers in the Advanced settings in the HTTP Settings section.

Note: The API scan template is available as a public beta. Its functionality is subject to change as ongoing improvements are made throughout the beta period.
Note:

Config Audit

A high-level scan that analyzes HTTP security headers and other externally-facing configurations on a web application to determine if the application is compliant with common security industry standards.

If you create a scan using the Config Audit scan template, Tenable.io Web Application Scanning analyzes your web application only for plugins related to security industry standards compliance.

Overview

A high-level preliminary scan that determines which URLs in a web application Tenable.io Web Application Scanning scans by default.

The Overview scan template does not analyze the web application for active vulnerabilities. Therefore, this scan template does not offer as many plugin family options as the Scan template.

Note: This scan template is equivalent to the Web App Overview template in the classic Tenable.io Web Application Scanning interface.

PCI A scan that assesses web applications for compliance to the Payment Card Industry Data Security Standards (PCI DSS) for PCI ASV.
Scan

A comprehensive scan that assesses web applications for a wide range of vulnerabilities.

The Scan template provides plugin family options for all active web application plugins.

If you create a scan using the Scan template, Tenable.io Web Application Scanning analyzes your web application for all plugins that the scanner checks for when you create a scan using the Config Audit, Overview, or SSL TLS templates, as well as additional plugins to detect specific vulnerabilities.

A scan run with this scan template provides a more detailed assessment of a web application and take longer to complete that other Tenable.io Web Application Scanning scans.

Note: This scan template is equivalent to the Web App Scan template in the classic Tenable.io Web Application Scanning interface.

SSL TLS

A scan to determine if a web application uses SSL/TLS public-key encryption and, if so, how the encryption is configured.

When you create a scan using the SSL TLS template, Tenable.io Web Application Scanning analyzes your web application only for plugins related to SSL/TLS implementation. The scanner does not crawl URLs or assess individual pages for vulnerabilities.

Note: The API, Config Audit, and SSL TLS templates are available only in the new interface.

The settings you can configure in a scan or in a user-defined scan template depend on the Tenable-provided scan template type you use to create your scan.