Launch a Remediation Scan
Required Tenable Web App Scanning User Role: Scan Operator, Standard, Scan Manager, or Administrator
On the Findings page or the Finding Details page, you can create a remediation scan to run a follow-up scan against existing scan results. Remediation scans allow you to validate whether your vulnerability remediation actions on the scan targets have been successful. If a remediation scan cannot identify a vulnerability on targets where the vulnerability was previously identified, the system changes the status of the vulnerability to Fixed.
To launch a remediation scan in the Tenable Web App Scanning interface:
- In the left navigation plane, click
Findings.The Findings page appears.
-
In the row, click the
button.A drop-down menu appears.
-
In the drop-down box, click
Launch Remediation Scan.The Create Remediation Scan configuration page appears.
(Optional) You can also access the
Launch Remediation Scan button in the Findings Details of a finding you select.Note: If your original scan configuration was for a multi-target scan, Tenable attempts to determine the correct target for remediation, but Tenable recommends that you double check the target and confirm.
Note: The configuration page displays the same scan template settings used to create the original scan except for three items: A file under Crawl Scripts is created and used by the remediation scan process. The Elements to Audit section under Assessment which displays aspects of the plugin to be remediated. The configured plugins are also different, as only the plugin and related dependencies are enabled.
-
(Optional) Enter your scan information.
-
Click Save to save the scan setup, or click Save and Run to launch the scan.
Note: You may get an error displaying the note "Could not reproduce vulnerability page for remediation." This scan note indicates that the scanner could not replicate the page seen in the vulnerability data. To remediate this finding, delete the application and try rerunning the original scan.
Tenable Web App Scanning launches the scan.
What to do next:
- In the Remediation Scans folder on the Scans page, do one of the following:
- Once the scan completes:
In the Remediation Scans folder, on the Scans page:
- Verify that the finding does not appear in your completed remediation scan by clicking on it and reviewing the list of findings.
On the Findings page:
- Verify that the status for the selected vulnerabilities is now Fixed on the assets that the remediation scan targeted.
Remediation Scan Plugin Considerations
There are plugin types that are not supported in remediation scans, and plugin types that are full-scan remediation only. These are listed in the following tables:
List of non-remediable plugins:
These are plugins for which remediation scanning is not meaningful, or not currently supported.
| Plugin Name | Plugin Number |
|---|---|
| OpenAPI Import Success | 112569 |
| OpenAPI Import Failed | 112570 |
|
Allowed HTTP Versions |
112613 |
|
API Detected |
112616 |
| Session Cookies Detected | 112798 |
| API Key Authentication Succeeded | 113010 |
| API Key Authentication Failed | 113011 |
| OpenAPI Import Failed | 112570 |
|
Allowed HTTP Versions |
112613 |
|
API Detected |
112616 |
| Session Cookies Detected | 112798 |
| API Key Authentication Succeeded | 113010 |
| API Key Authentication Failed | 113011 |
| OpenAPI Import Failed | 112570 |
|
Allowed HTTP Versions |
112613 |
|
API Detected |
112616 |
| Session Cookies Detected | 112798 |
| API Key Authentication Succeeded | 113010 |
| Bearer Token Authentication Succeeded | 113012 |
| Bearer Token Authentication Failed | 113013 |
|
Basic Authentication Detected |
113063 |
|
Kerberos Authentication Succeeded |
113224 |
| Kerberos Authentication Failed | 113225 |
| Client Certificate Authentication Succeeded | 113329 |
| Client Certificate Authentication Failed | 113330 |
| Performance Telemetry | 113393 |
| SOAP API Detected | 114166 |
|
gRPC Detected |
114167 |
|
Amazon Web Services Detected |
114199 |
| Google Cloud Platform Detected | 114200 |
| Microsoft Azure Detected | 114201 |
| Microsoft Entra ID Detected | 114202 |
| GraphQL Batching | 114211 |
|
HTTP/2 Cleartext Upgrade Support Detected |
114219 |
|
Serialized Data Detected |
114224 |
| Scan Information | 98000 |
| URI Blocked Due to Exclusion Rule | 98007 |
| Web Application Firewall Detected | 98008 |
| Web Application Sitemap | 98009 |
|
Network Timeout Encountered |
98019 |
|
HTTP Server Authentication Detected |
98024 |
| HTTP Server Authentication Succeeded | 98025 |
| HTTP Server Authentication Failed | 98026 |
| Login Form Authentication Failed | 98034 |
| Login Form Authentication Succeeded | 98035 |
|
Scan Logged-out Intermittently |
98043 |
|
Scan Aborted After Being Logged Out |
98044 |
| Allowed HTTP Methods | 98047 |
| Interesting Response | 98050 |
| Technologies Detected | 98059 |
|
Cookies Collected |
98061 |
|
DOM Elements Excluded |
98111 |
| Target Information | 98136 |
| Scan aborted after too many timeouts | 98137 |
| Screenshot | 98138 |
| Cookie Authentication Succeeded | 98139 |
|
Cookie Authentication Failed |
98140 |
|
Selenium Authentication Succeeded |
98141 |
| Selenium Authentication Failed | 98142 |
| Selenium Crawl Succeeded | 98143 |
| Selenium Crawl Failed | 98145 |
| External URLs | 98154 |
| Error Message | 98611 |
| Basic Authentication Without HTTPS | 98615 |
| Fetch/XHR Detected | 98772 |
Full-scan remediation plugins:
A full crawl of the application is performed for these plugins rather than the specific vulnerability page replicated. It may take longer for this form of remediation scan to run.
| Plugin Number | Plugin Name |
|---|---|
| HTTP to HTTPS Redirect Not Enabled | 112544 |
| Full Path Disclosure | 112550 |
|
JSON Web Token Weak Secret |
112697 |
|
API Versions Detected |
112714 |
| Microsoft FrontPage Insecure Extension Configuration | 112772 |
| GraphQL Detected | 112809 |
| GraphQL Introspection Enabled | 112894 |
| GraphQL Field Suggestions Detected | 112895 |
|
Power Apps OData Feeds Detected |
112949 |
|
Magento Administration Panel Login Form Bruteforced |
113117 |
| Magento Connect Manager Bruteforced | 113118 |
| Joomla Administration Panel Login Form Bruteforced | 113133 |
| Wordpress Administration Panel Login Form Bruteforced | 113136 |
| Drupal Administration Panel Login Form Bruteforced | 113137 |
| Weblogic Console Login Form Bruteforced | 113138 |
| OpenAPI Unencrypted Traffic Allowed | 113143 |
| Google Cloud Service Account Private Key Disclosure | 113150 |
| AWS Credentials Disclosure | 113164 |
| Apache mod_negotiation Alternative Filename Disclosure | 113165 |
| Stored Cross-Site Scripting (XSS) | 113250 |
| Login Form Cross-Site Request Forgery | 113332 |
| Web Cache Poisoning | 113338 |
| ASP.NET ViewState Remote Code Execution | 113340 |
| Amazon Cognito User Enumeration | 113371 |
| Amazon Cognito Insecure Permissions | 113374 |
| SQL Statement Disclosure | 113555 |
| External Backend API Detected | 114128 |
| Bearer Token Authentication Detected | 114136 |
| NTLM Authentication Detected | 114137 |
| Digest Authentication Detected | 114138 |
| Private IP Address Disclosure | 98077 |
| E-mail Address Disclosure | 98078 |
| Missing Subresource Integrity | 98647 |
| Invalid Subresource Integrity | 98649 |
| Source Code Passive Disclosure | 98779 |