Credentials in Tenable Web App Scanning Scans

Note: The topics in this section describe credentials in the new interface only. If you activate the new interface, you can view a snapshot of historical credentials that you configured in the classic interface, but you cannot modify those credentials.

Note: You can set Credentials settings for single-target scans only. If you create a scan with more than one target, these settings are not available.

In Tenable Web App Scanning scans, you can configure credentials settings that allow Tenable Web App Scanning to perform an authenticated scan on a web application. Credentialed scans can perform a wider variety of checks than non-credentialed scans, which can result in more accurate scan results.

Scans in Tenable Web App Scanning use managed credentials. Managed credentials allow you to store credential settings centrally in a credential manager. You can then add those credential settings to multiple scan configurations instead of configuring credential settings for each individual scan.

Tenable Web App Scanning scans support credentials in the following authentication types:

Tip: If want to scan an API with the API scan template, and your API requires keys or a token for authentication, you can add the expected custom headers in the Advanced settings in the HTTP Settings section.

You can configure credentials settings in Tenable Web App Scanning scans using the following methods.

Credentials Category

Authentication Type

Configuration Method
HTTP Server Authentication Use the Tenable Web App Scanning user interface to manually configure credentials settings in scans.

Web Application Authentication

Login Form
Cookie Authentication
Selenium Authentication

Do one of the following:

  • Use the Selenium Integrated Development Environment (IDE) extension in Chrome to record credentials, then manually add the credentials to scans via the Tenable Web App Scanning user interface.

    Note: For information about the Selenium IDE extension in Chrome, see the Google Chrome documentation.

  • Use the Tenable Web App Scanning Chrome Extension to record credentials and automatically add the credentials to your scan configurations.

Tip: For information about Selenium scripts you can use with Tenable Web App Scanning, see Tenable Web App Scanning Selenium Commands.

API Key Use the Tenable Web App Scanning user interface to manually configure credentials settings in scans.
Bearer Authentication