Welcome to Tenable Web App Scanning

Last updated: July 15, 2024

Tenable Web App Scanning offers significant improvements over the existing Web Application Tests policy template provided by the Tenable Nessus scanner, which is incompatible with modern web applications that rely on Javascript and are built on HTML5. This leaves you with an incomplete understanding of your web application security posture.

Tenable Web App Scanning provides comprehensive vulnerability scanning for modern web applications. Tenable Web App Scanning's accurate vulnerability coverage minimizes false positives and false negatives, ensuring that security teams understand the true security risks in their web applications. The product offers safe external scanning that ensures production web applications are not disrupted or delayed, including those built using HTML5 and AJAX frameworks.

For more information on Tenable Web App Scanning architecture and scanning, refer to Get Started with Tenable Web App Scanning.

Note: Tenable Vulnerability Management can be purchased alone or as part of the Tenable One package. For more information, see Tenable One.

Tip: The Tenable Web App Scanning User Guide is available in English and Japanese. The Tenable Web App Scanning user interface is available in English, Japanese, and French. To switch the user interface language, see General Settings.

Tenable One Exposure Management Platform

Tenable One is an Exposure Management Platform to help organizations gain visibility across the modern attack surface, focus efforts to prevent likely attacks and accurately communicate cyber risk to support optimal business performance.

The platform combines the broadest vulnerability coverage spanning IT assets, cloud resources, containers, web apps, and identity systems, builds on the speed and breadth of vulnerability coverage from Tenable Research and adds comprehensive analytics to prioritize actions and communicate cyber risk. Tenable One allows organizations to:

  •     Gain comprehensive visibility across the modern attack surface
  •     Anticipate threats and prioritize efforts to prevent attacks
  •     Communicate cyber risk to make better decisions
Tip: For additional information on getting started with Tenable One products, check out the Tenable One Deployment Guide.

For an overview of Tenable One, see the following video:

Tenable Vulnerability Management API

See the API

The Tenable Vulnerability Management API can be leveraged to develop your own applications using various features of the Tenable Vulnerability Management platform, including scanning, creating policies, and user management.

Tenable Web App Scanning Deployment Options

Tenable offers many deployment options for Tenable Web App Scanning. For more information, refer to the following product pages:

  • Tenable Core + Web App Scanning - You can use the Tenable Core operating system to run an instance of Tenable Web App Scanning in your environment. After you deploy Tenable Core + Tenable Web App Scanning, you can monitor and manage your Tenable Web App Scanning processes through the secure Tenable Core platform.

  • Tenable Web App Scanning in Tenable Nessus Expert - Tenable Web App Scanning in Tenable Nessus Expert allows you to scan and address web application vulnerabilities that traditional Tenable Nessus scanners, Tenable Nessus Agents, or Tenable Nessus Network Monitor cannot scan.

  • Tenable Web App Scanning Docker Image - You can deploy Tenable Web App Scanning as a Docker image to run on a container. The base image is an Oracle Linux 8 instance of Tenable Web App Scanning. You can set up your Tenable Web App Scanning instance with environment variables to deploy the Docker image with configuration settings automatically. Once the Docker image is deployed, you can also update it, or collect scanner logs.

  • Tenable Web App Scanning CI/CD Application Scan - You can deploy the Tenable Web App Scanning Docker image as a continuous integration and continuous delivery/continuous deployment (CI/CD) tool to run Tenable Web App Scanning scans on software before merging it. Scanning your CI/CD applications and services at any point in your application's lifecycle can greatly improve your security stance by finding vulnerabilities as early as possible.