Configure Credentials Settings in a Tenable Web App Scanning Scan

Required Tenable Web App Scanning User Role: Scan Manager or Administrator

Before you begin:

• (Cookie authentication) Determine the cookie authentication credentials for the web application you want to scan.

To configure credentials settings in a Tenable Web App Scanning scan:

1. Create or edit a scan.

2. Click Credentials.

   The credentials details appear.

3. Next to Add Credentials, click the button.

   The Select Credential Type plane appears.

4. Do one of the following:

   • Add existing credentials.

     The Managed Credentials section of the Select Credential Type plane contains any credentials where you have Can Use or Can Edit permissions.

     1. (Optional) Search for a managed credential in the list by typing your search criteria in the text box and clicking the button.

     2. In the Managed Credentials section, click each managed credential you want to add.

        The Select Credential Type plane remains open.

     3. To close the Select Credential Type plane, click the button in the upper-right corner of the plane.
   • Create new credentials.

     1. In the Web Application Authentication section, click the credentials type you want to create:
        • HTTP Server Application
        • Web Application Authentication

        The settings plane for that credential type appears.

     2. In the first text box, type a name for the credentials.
     3. (Optional) In the second text box, type a description for the credentials.
     4. Configure the settings for the credentials type:
        • HTTP Server Application
        • Web Application Authentication
5. Add user permissions.

6. Click Save to save the credentials changes.

   Tenable Web App Scanning closes the settings plane and adds the credentials to the credentials table for the scan.

   If you created new credentials, Tenable Web App Scanning adds the credentials to the credential manager.

7. Click Save to save the scan changes.