Tenable, known for its Exposure Management solutions, has introduced a significant advancement with the inclusion of web application and API scanning capabilities within Tenable Nessus Expert. This new offering delivers a seamless and comprehensive approach to vulnerability scanning for contemporary web applications and APIs.
Marked as dynamic application security testing (DAST) features, the web application and API scanning in Nessus Expert empowers security experts to proactively assess both web applications and APIs for well-known vulnerabilities. This assessment extends to pinpointing OWASP Top 10 vulnerabilities present in custom application code and known vulnerabilities originating from third-party components.
With Tenable Research's backing, Nessus encompasses an extensive and precise spectrum of vulnerability coverage for web applications and APIs. This encompasses various aspects such as web application servers, content management systems, web frameworks, programming languages, and JavaScript libraries. The outcome is a significant reduction in false positives and negatives, equipping security experts with accurate insights into the actual risks associated with their applications.
Glen Pendley, Chief Technology Officer at Tenable, emphasized the challenges faced by security practitioners safeguarding web applications and highlighted Nessus Expert as a robust solution. He stated, "With Nessus Expert – the gold standard in vulnerability assessment – we’re tackling the crux of these challenges head on by widening visibility into web applications and APIs."
Nessus Expert is a pioneering solution within the vulnerability assessment realm, spanning both traditional IT assets and the dynamic landscape of the modern attack surface. This includes not only internal systems but also the cloud infrastructure and, as the recent addition emphasizes, web applications and APIs. This expanded functionality empowers security practitioners to:
Effortlessly configure new scans for web applications and APIs, yielding comprehensive results.
Swiftly uncover known vulnerabilities and hygiene issues by utilizing predefined scan templates for SSL/TLS certificates and HTTP header misconfigurations.
Identify all web applications, APIs, and their underlying components associated with a specific organization.
Conduct thorough scans of environments with confidence and safety, devoid of disruptions or delays.
This leap forward underscores Tenable's commitment to addressing the evolving challenges of cybersecurity, enabling professionals to proactively fortify their systems against an increasingly sophisticated threat landscape.
Comments