Tenable adds comprehensive web application, API scanning capabilities to its Nessus Expert

Exposure management company Tenable announced Wednesday web application and API scanning in Tenable Nessus Expert. These features provide simple and comprehensive vulnerability scanning for modern web applications and APIs.

Nessus Expert is a vulnerability assessment solution that spans traditional IT assets and the dynamic modern attack surface, including the external attack surface, cloud infrastructure and now, web applications and APIs. 

The new feature and functionality enables security practitioners to set-up new web app and API scans and easily generate comprehensive results, and rapidly discover known vulnerabilities and cyber hygiene issues using predefined scan templates for SSL/TLS certificates and HTTP header misconfigurations. It also helps identify all web applications, APIs and underlying components owned by a given organization, and scan environments without disruptions or delays.

Web application and API scanning in Nessus Expert are dynamic application security testing (DAST) features that enable security practitioners to proactively identify and assess web applications and APIs for known vulnerabilities. This includes OWASP Top 10 vulnerabilities in custom application code and known vulnerabilities found in third-party components. 

Backed by Tenable Research, Nessus provides broad and accurate vulnerability coverage for web applications and APIs – spanning web application servers, content management systems, web frameworks, programming languages and JavaScript libraries. The result is fewer false positives and negatives, ensuring security practitioners know the true risks in their applications. 

“Web applications are under siege and the security practitioners in charge of protecting them face numerous challenges,” Glen Pendley, chief technology officer at Tenable, said in a media statement. “With Nessus Expert – the gold standard in vulnerability assessment – we’re tackling the crux of these challenges head on by widening visibility into web applications and APIs. Whether the apps are running on-prem or in the public cloud, Nessus Expert assesses their exposures and provides security practitioners, consultants and pentesters with actionable results quickly.”

Earlier this month, Tenable launched its ExposureAI, a new set of generative AI capabilities and services available on the Tenable One exposure management platform. The move delivers a large repository of threat, vulnerability, and asset data, enabling ‘unprecedented’ intelligence to identify and mitigate cyber risk.

Industrial Cyber News Desk

Industrial Cyber News Desk