by Cody Dumont
August 21, 2023
The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This report provides details of vulnerability data discovered by Tenable Web App Scanning.
Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application before deployment.
Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The report provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided, which displays any detected applications that are found to be vulnerable to Log4J exploits.
The report and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.
The requirements for this dashboard are:
- Tenable Security Center 6.2.0
- Tenable Web Application Scanner
Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.
Chapters
Executive Summary: The Tenable Web App Scanning Overview report provides details of vulnerability data discovered by Tenable Web App Scanning, beginning with summary dashboard style view for leadership team.
Web Application Vulnerability Statistics: This chapter combines the data collected from Nessus and Tenable Web App Scanner, providing a holistic view of vulnerabilities based on scanning the physical asset as well as the web application asset.
OWASP 2021 Vulnerability Summary: Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, provides risk managers insight into methods used by adversaries to exploit common flaws and misconfigurations.
Log4Shell: This chapter provides trending analysis along with vulnerability details related to log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. Tenable recommends prioritizing these applications immediately for remediation efforts.