Tenable Web App Scanning Dashboard

The default Web Applications Scanning dashboard shows the data that Tenable Web App Scanning collects.

Required Tenable Web App Scanning User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Did You Know? Web Application Exposure: The average exposure score for all applications across WAS customers is 460.

Tenable Web App Scanning uses several metrics to help you assess your risk:

Overall Score
Asset Exposure Score (AES)
Top Contributing Factors
Remediation
Prevention

Tenable Web App Scanning Global Applications Health

The following tables describe the sections and widgets shown in the Global Applications Health section of the Web Applications Scanning dashboard. You can view details about the data in a widget by clicking the widget. The Global Applications Health widget in the left panel shows information for Total Apps, Vulnerabilities, and Unscanned applications:

Overall Score

The outer circle of the dashboard ring chart tracks the Asset Exposure Score (AES) of four of your scanned applications and a small Other segment of the remaining applications. You can click this segment to see the next four of your applications and their related details. Each segment's color changes along with the current AES score. The center of the dashboard ring chart shows your overall Cyber Exposure Score (CES) score and the color changes along with your current CES grade. For more information on your application details, see Findings.

Tip: Dashboard Ring Chart The inner circle represents the overall score across all applications (CES), while the outer ring represents individual application scores (AES). While the inner circle may appear healthy, you may have an unhealthy application appear in the outer ring.

For a demonstration on how Tenable calculates your CES, see the following video:

Widget	Description
Overall Score	Number of findings Tenable Web App Scanning has discovered. Tenable Web App Scanning categorizes the findings by severity (Critical and High). For information about vulnerability ratings and the severity metrics Tenable uses to analyze risk, see Severity vs. VPR in the Tenable Vulnerability Management User Guide.
Web Applications Scanned	Number of applications scanned over time.
Incomplete Scans	Number of incomplete scans in the past 90 days.
Non-Authenticated Scans	Number of non-authenticated scans in the past 90 days.

Asset Exposure Score (AES)

Tenable Web App Scanning calculates a dynamic AES for each application on your network to represent the application's relative exposure as an integer between zero and 1000. A higher AES indicates higher exposure.

Tenable Web App Scanning calculates AES based on the current ACR (Tenable-provided or custom) and the VPRs associated with the application.

AES Category	AES Range
High	650 to 1000
Medium	350 to 649
Low	0 to 349

Note: Asset Exposure Score (AES) is only available in Tenable Web App Scanning for customers with a valid Lumin license.

Top Contributing Factors

The list of top contributing factors in the right side of the user interface shows what severity classifications of scanned applications are present for your Tenable Web App Scanning instance. These items contribute to your overall scores. Investigate and address the following to help reduce your score:

% of applications have critical, high, medium, or low risk
% of applications have critical, high, medium, or low risk
You have (xyz amount) application vulnerabilities
You have an average of (xyz amount) vulnerabilities per application

Note:Tenable Web App Scanning only shows four items in the list. The first two always show the two highest severity risks applications available. The last two contributing factor items are always present in the dashboard.

Manage Your Application Exposure

Remediation

Remediation metrics help with addressing and resolving critical vulnerabilities and unauthenticated scans across your web applications.

Widget	Description
Fix Critical Vulnerabilities	Number of findings Tenable Web App Scanning has discovered. Tenable Web App Scanning categorizes the findings by severity (Critical and High). For information about vulnerability ratings and the severity metrics Tenable uses to analyze risk, see Severity vs. VPR in the Tenable Vulnerability Management User Guide.
Address Incomplete Scans	Number of non-authenticated scans in the past 90 days. Note: Incomplete scans are scans whose status is either aborted, canceled, or partial failure.
Address Non-Authenticated Scans	Number of non-authenticated scans in the past 90 days.
Fix OWASP Top 10 Vulnerabilities	Number of non-authenticated scans in the past 90 days.

Prevention

Prevention metrics help with early identification and mitigation of potential vulnerabilities from unscanned applications and total findings in your scanned applications.

Widget	Description
Scan Unscanned Web Applications	Number of incomplete scans in the past 90 days.
Investigate Total Findings	Number of applications scanned over time.

Tenable Web App Scanning Statistics

The following table describes the widgets shown in the Statistics section of the Web Applications Scanning dashboard. You can view details about the data in a widget by clicking the widget.

Widget	Description
Findings	Number of findings Tenable Web App Scanning has discovered. Tenable Web App Scanning categorizes the findings by severity (Critical and High). For information about vulnerability ratings and the severity metrics Tenable uses to analyze risk, see Severity vs. VPR in the Tenable Vulnerability Management User Guide.
Web Assets Scanned	Number of assets scanned over time.
Incomplete Scans	Number of incomplete scans in the past 90 days.
Non- Authenticated Scans	Number of non-authenticated scans in the past 90 days.

OWASP Top 10

This chart shows the vulnerabilities discovered by Tenable Web App Scanning that appear in the latest Open Web Application Security Project (OWASP) Top 10 Most Critical Web Application Security Risks document.

Next Steps

To view scores and details of specific applications, see the following pages: