Scan Types in Tenable Web App Scanning
Scan types in Tenable Web App Scanning scans are available to help you quickly start your scans with the appropriate level of options.
Did You Know? Scanning: 65% of WAS customers prefer to run a Quick Scan.
Scan Type Coverage Details
| Scan Type / Duration | Description | Prerequisite | Settings based on default Scan Template | Selected Plugins |
|---|---|---|---|---|
| Quick scan
Three minutes or less |
This scan focuses on configuration issues related to SSL/TLS and HTTP security headers. The web application is not crawled. | DOM Exploration disabled Unauthenticated No crawling |
Not applicable as there is no crawling. | HTTP Security Header
All SSL/TLS All |
| Basic Scan
Under an hour |
This scan focuses on misconfigurations and component vulnerabilities, but the generic vulnerabilities (RCE, XSS, SQLi, etc.) are not tested. | DOM Exploration disabled Unauthenticated |
Assessment
Scan Type: Custom Elements to Audit: Links: true Headers: false Parameter Names: false JSON Elements: true UI Forms: false Cookies: false Forms: true Parameter Values: true XML Elements: true UI Inputs: false Advanced Target Scan Max Time:01:00:00 Number of URLs to Crawl and Browse: 100 Path Directory Depth: 5 Page DOM Element Depth: 3 Slow down the scan when network congestion is detected Disabled |
Authentication & Session
Only: Basic Authentication Detected Basic Authentication Without HTTPS Access Restriction Bypass Via Origin Spoof Unencrypted Password Form Password Field With Auto-Complete Exposed Session Token Weak Session Management Detected Component Vulnerability All Data Exposure All HTTP Security Header All SSL/TLS All Web Applications All except: PHP Object Deserialization Java Object Deserialization Python Object Deserialization Server-Side Request Forgery Path Traversal Response Splitting Client Side Prototype Pollution Web Cache Poisoning Web Cache Deception Unvalidated Redirect DOM Unvalidated Redirect HTTP Parameter Pollution Web Servers All |
| Standard Scan
A few hours |
This scan focuses on misconfigurations, component vulnerabilities, and common generic vulnerabilities (RCE, XSS, SQLi, etc.). Uncommon and blind vulnerabilities are not covered. | DOM Exploration disabled Unauthenticated |
Assessment
Scan Type: Custom Elements to Audit: Links: true Headers: false Parameter Names: false JSON Elements: true UI Forms: false Cookies: false Forms: true Parameter Values: true XML Elements: true UI Inputs: false Advanced Target Scan Max Time:03:00:00 Number of URLs to Crawl and Browse: 400 Path Directory Depth: 5 Page DOM Element Depth: 3 Slow down the scan when network congestion is detected Disabled |
Authentication & Session
Only: Basic Authentication Detected Basic Authentication Without HTTPS Access Restriction Bypass Via Origin Spoof Unencrypted Password Form Password Field With Auto-Complete Exposed Session Token Weak Session Management Detected Code Execution Code Injection Code Injection PHP Input Wrapper Operating System Command Injection Component Vulnerability All Cross Site Request Forgery All Cross Site Scripting Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) in HTML tag Cross-Site Scripting (XSS) in attribute context Cross-Site Scripting (XSS) in path Cross-Site Scripting (XSS) in event tag of HTML element Cross-Site Scripting (XSS) in script src XSSI Dot Net XSS Cross-Site Scripting (XSS) Stored Data Exposure All File Inclusion All HTTP Security Header All Injection XML External Entity XPath Injection SQL Injection NoSQL Injection LDAP Injection Host Header Injection Server-Side Template Injection Client-Side Template Injection Content Injection Expression Language Injection JSONP Injection Server Side Include Injection SSL/TLS All Web Applications All except PHP Object Deserialization Java Object Deserialization Python Object Deserialization Web Servers All |
| Custom Scan
Variable |
Maximum possible level of scan coverage. | DOM Exploration enabled Authentication available |
Assessment
Scan Type: Assessment: Extensive Credentials Bruteforcing: Enabled Advanced Target Scan Max Time: 99:00:00 |
All Plugins |
Note: Each scan type (and scan template) supports families of plugins and individual plugins. For more information, see View Your Scan Plugins.