Configure Credentials Settings in a Tenable Web App Scanning Scan
Required User Role: Scan Manager or Administrator
You can configure credentials in your Tenable Web App Scanning scans to allow the scanner to access protected areas of your web application. By providing authentication details, you ensure a more comprehensive vulnerability analysis of pages behind login screens, improving the depth and accuracy of your scan results.
Before you begin:
- (Cookie authentication) Determine the cookie authentication credentials for the web application you want to scan.
To configure credentials settings in a Tenable Web App Scanning scan:
- Create or edit a scan.
-
Click the Credentials tab.
The credentials details appear.
-
Do one of the following:
-
Add existing credentials.
The Previously Saved Credentials section of the Credentials plane contains any credentials where you have Can Use or Can Edit permissions.
-
(Optional) Search for a managed credential in the list by typing your search criteria in the text box and clicking the
button. -
In the Previously Saved Credentials section, click each saved credential you want to add.
The Credentials plane remains open.
- To remove a saved credential, click the
button in the row. - To edit saved credential, click the
button in the row.
-
-
Create new credentials.
-
Click the
Add Authentication Type dropdown list.The authentication types appear:
- HTTP Server Application
- Web Application Authentication
- Client Certificate Authentication
- Click the credential type you want to create:
The settings plane for that credential type appears.
- Configure the settings for the credentials type:
-
-
- Add user permissions.
-
Click Save to save the credentials changes.
Tenable Web App Scanning closes the settings plane and adds the credentials to the credentials table for the scan.
If you created new credentials, Tenable Web App Scanning adds the credentials to the credential manager.
- Click Save to save the scan changes.