Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

This Is How to Do Simple, Fast and Accurate Web App Security

Web apps are the most common attack vector causing data breaches today. Here’s how Tenable.io Web Application Scanning, built by Tenable Research, can help security teams protect their web app estate.

It’s not an exaggeration to say that web apps power the world. Web apps provide critical news and information to key stakeholders, run marketing campaigns and transact sales, and help you engage and interact more effectively with your customers. As businesses become more digital, especially in the midst of current times, we’re seeing a sharp rise in the importance of web apps with numerous examples ranging from primary care providers deploying new telemedicine portals to local grocery stores standing up ecommerce services. To understand just how pervasive web apps are: We’re quickly approaching 2 billion unique web apps across the world.1

Because most web apps are easily accessible to external users by design, its pervasiveness is also its primary downfall. Web apps are notoriously vulnerable. In aggregate, we’re talking about tens of billions of high-risk web app vulnerabilities that threat actors can attack with exploits. It should be no surprise that web apps consistently remain the most common attack vector causing data breaches today.2

Modern web apps change constantly, making it very difficult for security teams to keep pace with continuous updates and newly disclosed vulnerabilities. Unfortunately, most organizations do not have adequate application security resources.3 On top of that, many solutions are cost-prohibitive and difficult to use without extensive expertise. Too few security teams have a holistic process to secure web apps alongside their IT assets, which creates even more complexity.

The result is the vast majority of web apps are not assessed for critical vulnerabilities that could bring a business to its knees and halt all customer transactions or lead to a loss of confidential customer data.

You don’t need a PhD to secure PHP

One of the easiest ways to cut through application security complexity is to extend existing platforms you have in place today to protect your web apps. Not only does this simplify your security tech stack, but you can also take advantage of workflows you are already familiar with to launch new scans, analyze scan results, prioritize vulnerabilities and customize reporting. This is especially critical for security organizations that don’t have a team of appsec PhDs at the ready. 

This is why we created Tenable.io Web Application Scanning. The product is designed by security practitioners for security practitioners. Users can quickly configure scans in minutes, instead of spending hours or days of manual tuning to yield meaningful results. It was built by Tenable Research – the largest vulnerability research team in the industry – to deliver comprehensive and accurate vulnerability coverage of your web apps. 

As new dangerous web app vulnerabilities are discovered by our Security Response Team, vulnerability detections are quickly added to Tenable.io Web App Scanning, so that users can detect and remediate them. In the case of a recent WordPress plugin attack, new vulnerability detections were released within hours. And, all web apps assessed by Tenable.io Web App Scanning integrate into the Tenable.io asset view alongside your traditional IT and cloud assets for unified visibility across your attack surface. 

Tenable.io Web App Scanning Asset View

Announcing exciting, new capabilities in Tenable.io Web App Scanning

Tenable.io Web App Scanning just got a whole lot better. Starting on April 30 for new Tenable.io Web App Scanning customers, we’re releasing several important, new product enhancements. If you’re an existing Tenable.io Web App Scanning customer, you’ll be able to take advantage of these new capabilities in just a few short weeks to ensure you have a seamless product experience. The new capabilities include:

  • Fully integrated dashboards for unified visibility. Tenable.io Web App Scanning data is now fully integrated into Tenable.io dashboards and widget library. Create new customized dashboards and widgets to combine IT, cloud and web app vulnerability data into a single unified view. This helps you analyze and drill into web apps as you would with other assets across your attack surface to find and fix the vulnerabilities that matter most. 

Tenable.io Web App Scanning Dashboard

  • Single-page app support for enhanced detections. A new state-of-the-art scanning engine now supports dynamic, JavaScript-based single-page apps invisible to many web app scanners. Additional vulnerability detections include support for Apache Solr, new plugins for source-code-leakage vulnerabilities, and dozens of component vulnerabilities in PHP, Joomla and Drupal.
  • Fast discovery of common web app flaws. Predefined scan templates enable you to quickly identify common web app cyber hygiene issues related to SSL/TLS certificates and HTTP header misconfigurations. These scans take seconds to configure and minutes to get results for quick insights.

Tenable.io Web App Scanning Scan Template

And, because it is built by Tenable Research, Tenable.io Web App Scanning gains all the benefits this world-class research organization provides: number one in CVE coverage, number one in scan accuracy and speed of new vulnerability detections. This gives you confidence that your development teams aren’t wasting time remediating false positives or missing vulnerabilities that could be leveraged by an attacker.

Try Tenable.io Web App Scanning for free

Beginning on April 30, we are providing all Tenable.io customers access to Tenable.io Web App Scanning for free for 30 days, even if you had previously evaluated it in the past. Customers will receive evaluation invites and be able to opt in directly in Tenable.io. See firsthand how web app security data integrates into your existing dashboards and workflows for unified visibility.

Not yet a Tenable.io customer? No problem. You can still try Tenable.io Web App Scanning for free to see how easy it is to quickly configure new web app scans and analyze results.

Learn more about Tenable.io Web App Scanning

Looking to learn more before starting your free eval? Join us for an upcoming webinar,“RCEs and Remote Employees. How Vulnerable Are Your Web Apps?” on May 20. We’ll share the latest research insights into web app vulnerabilities and threats, along with an in-depth demo of Tenable.io Web App Scanning. Save your spot. Register now.

Start free trial


1. https://www.internetlivestats.com/total-number-of-websites/
2. 2019 Data Breach Investigations Report, Verizon, 2019
3. The Life and Times of Cybersecurity Professionals 2018, ESG, 2019

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Get FREE Advanced Support

with purchase of Nessus Professional

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.