Tenable Enhances Web App and API Scanning for Nessus Expert

Tenable, the Exposure Management company, announced web app and API scanning in Tenable Nessus Expert, new features that provide simple and comprehensive vulnerability scanning for modern web applications and APIs.

The dynamic application security testing (DAST) features for web applications and API scanning within Nessus Expert have been designed to empower security professionals with the capability to actively detect and evaluate potential vulnerabilities present in web applications and APIs. This comprehensive functionality covers a range of security concerns, including OWASP's Top 10 vulnerabilities present in custom application code.

Additionally, the scanning also extends to identifying vulnerabilities that are commonly found within third-party components integrated into the applications and APIs. This combined approach allows organizations to adopt a proactive stance towards security by addressing both internal and external vulnerabilities that could pose risks to their systems and data.

Backed by Tenable Research, Nessus provides broad and accurate vulnerability coverage for web applications and APIs – spanning web application servers, content management systems, web frameworks, programming languages, and JavaScript libraries. The result is fewer false positives and negatives, ensuring security practitioners know the true risks in their applications.

“Web applications are under siege and the security practitioners in charge of protecting them face numerous challenges,” said Glen Pendley, chief technology officer, of Tenable. “With Nessus Expert – the gold standard in vulnerability assessment – we’re tackling the crux of these challenges head-on by widening visibility into web applications and APIs. Whether the apps are running on-prem or in the public cloud, Nessus Expert assesses their exposures and provides security practitioners, consultants, and pen-testers with actionable results quickly.”

Nessus Expert is the industry’s first vulnerability assessment solution that spans traditional IT assets and the dynamic modern attack surface, including the external attack surface, cloud infrastructure, and now, web applications and APIs.

This new feature and functionality enables security practitioners to:

-Set up new web app and API scans and easily generate comprehensive results

-Rapidly discover known vulnerabilities and cyber hygiene issues using predefined scan templates for SSL/TLS certificates and HTTP header misconfigurations

-Identify all web applications, APIs, and underlying components owned by a given organization

-Confidently and safely scan environments without disruptions or delays.