While Nessus has traditionally been a network vulnerability scanner, it contains quite a bit of functionality that can be used to identify vulnerabilities in custom web applications. This is not to say that Nessus will replace your favorite web application testing tool (or methodology), but it does provide useful information that can be used as the foundation for web application assessments or to indicate that deeper testing is warranted. There are two different approaches when performing web application testing. The first is part of a larger so-called "blind" test, where you are given a range of IP addresses and asked to test the devices and systems within those ranges. The web applications running within this space will usually be tested generically, but they may not specifically test for web vulnerabilities in a general scan. You need to first find and enumerate which web applications are running and then run targeted scans that specifically look for web vulnerabilities. The second form of testing is when you are given the URL, and typically credentials, to the web application and asked to test it specifically. Nessus can help with both of these tasks, and provide valuable information that will help with your testing. Nessus provides some of the first steps to web application testing, such as identifying the web server software and technologies, detecting vulnerabilities in common/popular web application software and rudimentary CGI application testing. This post focuses on using Nessus for network-based testing, and describes several compliance based checks that provide very thorough testing of web application environments, including scanning to test for the OWASP PHP security specifications and Apache CIS Benchmarks .