Plugin Settings in Tenable Web App Scanning Scans

Required Tenable Web App Scanning User Role: Scan Manager or Administrator

Configure Plugin settings to specify the plugins and plugin families you want the scanner to use as it scans your web application.

When you create and launch a scan, Tenable Web App Scanning uses plugins in various plugin families, each designed to identify certain types of finding or vulnerabilities, to analyze your web application. Tenable Web App Scanning uses the 98000-98999 and 112290-117290 plugin ID ranges for scanning. For more information about Tenable Web App Scanning plugin families, see the Tenable Web App ScanningTenable Web App Scanning Plugin Families site.

Note: Tenable Web App Scanning displays only the first detected 25 instances of an individual plugin per scan in your scan results. If you see 25 instances of a single plugin in your scan results, Tenable recommends taking remediation steps to address the corresponding vulnerability and then rescanning your target.

You can configure Plugin settings when you create a scan or user-defined scan template and select the API, Overview, (Basic) Scan, Standard Scan, or Custom template or scan type. For more information, see View Your Scan Plugins.

Tip: If you want to save your settings configurations and apply them to other scans, you can create and configure a user-defined scan template.

The plugins settings contain the following sections:

All Enabled

A toggle you can click to enable or disable all plugins simultaneously.

Plugins Table

Column Description Actions
Name Specifies the plugin family to which the grouped plugins belong.
  • View the name of each plugin family.
  • Select the column to sort the table alphabetically or by family name.
Total Specifies the number of plugins in the plugin family.
  • View the number of plugins in the family.
  • Select the column to sort the table by number of plugins in each family.
Status Toggle that allows you to specify if you want the scanner to use the plugins in the plugin family to analyze your target.
  • Click the Status toggle to disable the plugins in the plugin family.
  • (Optional) To enable a disabled plugin family, click the Status toggle.

In the plugins table, you can view details about or disable individual plugins.

To view details about individual plugins:

  1. In the table, click the row for the family that contains a plugin you want to view.

    A plugin family details plane appears, displaying the name, ID, and status for each plugin in the family in a paginated list.

  2. (Optional) To locate a specific plugin, in the Search box, type the name or ID.
  3. Click the plugin for which you want to view details.

To disable individual plugins:

  1. In the table, click the row for the family that contains the plugin you want to disable.

    A plugin family details plane appears, displaying the name, ID, and status for each plugin in the family in a paginated list.

  2. (Optional) To locate a specific plugin, in the Search box, type the name or ID.
  3. In the Status column, select the check box next to the plugin you want to disable.
  4. (Optional) To enable a disabled plugin, select the check box.
  5. Click Save.

    The details plane disappears.

    Tenable Web App Scanning updates your plugin selections.