Tenable-Provided Tenable Web App Scanning Template Types
Tenable Web App Scanning provides scanner templates for specific scanning purposes.
Note: Each scan type (and template) supports families of plugins and individual plugins. For more information, see View Your Scan Plugins.
Tenable Web App Scanning provides the following scanner templates.
| Template | Description |
|---|---|
| API |
A scan that checks an API for vulnerabilities. This scan analyzes RESTful APIs described via an OpenAPI (Swagger) specification file. File attachment size is limited to 1 MB.
Tip: If the API you want to scan requires keys or a token for authentication, you can add the expected custom headers in the Advanced settings in the HTTP Settings section.
Note: The API scan template is available as a public beta. Its functionality is subject to change as ongoing improvements are made throughout the beta period.
Note: API scans support only one target at a time.
Note: Attaching an OpenAPI (Swagger) file larger than 1 MB to an API scan, results in an error message. For more information on this limit, see the Knowledge Article. For more information on Swagger specification files. see OpenAPI (Swagger) Specification.
|
| Config Audit |
A high-level scan that analyzes HTTP security headers and other externally facing configurations on a web application to determine if the application is compliant with common security industry standards. If you create a scan using the Config Audit scan template, Tenable Web App Scanning analyzes your web application only for plugins related to security industry standards compliance. |
| Log4Shell |
Detects the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j via local checks. |
| Overview |
A high-level preliminary scan that determines which URLs in a web application Tenable Web App Scanning scans by default. The Overview scan template does not analyze the web application for active vulnerabilities. Therefore, this scan template does not offer as many plugin family options as the Scan template. Note: This scan template is equivalent to the Web App Overview template in the classic Tenable Web App Scanning interface. |
| PCI | A scan that assesses web applications for compliance with Payment Card Industry Data Security Standards (PCI DSS) for Tenable PCI ASV. (This scan also allows you to view and edit the Request Redirect Limit. The default value for this limit is 3.) |
| Quick Scan |
A high-level scan similar to the Config Audit scan template that analyzes HTTP security headers and other externally facing configurations on a web application to determine if the application is compliant with common security industry standards. Does not include scheduling. If you create a scan using the Quick Scan scan template, Tenable Web App Scanning analyzes your web application only for plugins related to security industry standards compliance. |
| Scan |
A comprehensive scan that assesses web applications for a wide range of vulnerabilities. The Scan template provides plugin family options for all active web application plugins. If you create a scan using the Scan template, Tenable Web App Scanning analyzes your web application for all plugins that the scanner checks for when you create a scan using the Config Audit, Overview, or SSL TLS templates, as well as additional plugins to detect specific vulnerabilities. A scan run with this scan template provides a more detailed assessment of a web application and take longer to complete that other Tenable Web App Scanning scans. Note: This scan template is equivalent to the Web App Scan template in the classic Tenable Web App Scanning interface. |
| SSL TLS |
A scan to determine if a web application uses SSL/TLS public-key encryption and, if so, how the encryption is configured. When you create a scan using the SSL TLS template, Tenable Web App Scanning analyzes your web application only for plugins related to SSL/TLS implementation. The scanner does not crawl URLs or assess individual pages for vulnerabilities. |
The settings you can configure in a scan or in a user-defined scan template depend on the Tenable-provided scan template type you use to create your scan.