Tenable.io Web App Scanning

Scenario	Hardware Recommendations
WAS Scanning up to 4 concurrent web applications	CPU: (4) 2 GHz cores Core Ram: 16GB RAM Hard Drive: 25GB

Scenario

Hardware Recommendations

WAS Scanning up to 4 concurrent web applications

CPU: (4) 2 GHz cores

Core Ram: 16GB RAM

Hard Drive: 25GB

Tenable.io Web Application Scanning

WAS Scan Notification Support
- Customers can now be notified as soon as a WAS scan launched from the new UI completes by setting up a list of email addresses in their scan configuration.
Improved Scan Configuration Validation
- The Web Application Scanning v2 API now returns more specific error messages when validating user input. WAS no gives the user the exact errors identified on each field specified by the user.
- WAS scan configuration pages take benefit of the improved API response payload to provide to customers the exact validation error identified in the scan configuration or template.
New version of Tenable.io WAS Chrome Extension 1.1.0 has been released.
- Users are now able to specify the type of scan, the scanner and the description to associate to the scans to be created from the extension.
- The link included in the new scan creation success message, now directly opens scan configuration page in Tenable.io Web Application Scanning new UI instead of the scans page.
WAS API changes:
- WAS scan configuration endpoints have been updated to support new notifications property.
- WAS scan configuration endpoints error payloads have been updated to now include invalid field and associated error message.

Bug Fixes

Bug Fix	Defect ID
Fixed vulnerabilities are still visible in WAS dashboard	00986197
Managed Credentials cannot be configured for WAS scan templates in Classic UI	01039460
Old WAS scans still marked as pending	01045941, 01077595, 01084005
Scan results cannot be accessed in new UI	01074204
Unable to launch scan migrated from classic UI	01070881
Email configuration is missing in new UI	01077241
Error when updating WAS user defined template	01081345
Plugin details cannot be accessed from scan results	01083195
WAS Statistics Widget provides incorrect scan statistics	01084359
Disabled schedule scans still launch on classic UI	01091776, 01090684
Drill-down from WAS executive dashboard widgets leads to an error	01092501
WAS asset still appears in Classic UI	01094815
Recast rules do not reject WAS plugins with IDs 112xxx	01093693
Fixed issues where the has_agent attribute was not properly applied to the assets.	01051804

Bug Fixes	Defect ID
Potential false positive for plugin 98097 Backdoor Detection	01102018
False positive detected for plugin 98115 SQL Injection	01096635
Login form identified failed when submitting login form	01085182, 01086614, 01081382
False Positive detected for plugin 98649 Invalid Subresource Integrity	01095125

Bug Fixes

Defect ID

Potential false positive for plugin 98097 Backdoor Detection

01102018

False positive detected for plugin 98115 SQL Injection

01096635

01085182, 01086614, 01081382

False Positive detected for plugin 98649 Invalid Subresource Integrity

01095125

Bug Fixes	Defect ID
Wrong Certificate Lifetime computation leading to plugin 112563 to be raised	01113348

Bug Fixes	Defect ID
Selenium authentication failures due to alert dialog	01116671

Bug Fixes	Defect ID
Selenium authentication failure due to not visible select HTML elements	01033292

Bug Fixes	Defect ID
Plugin 98220 Detection Inconsistencies	01099930, 01104770
Authentication Failed plugin not included in scan results	01102514
Tenable Core WAS Proxy does not support '#' characters in credentials	01038393

Bug Fixes

Defect ID

Plugin 98220 Detection Inconsistencies

01099930, 01104770

Authentication Failed plugin not included in scan results

01102514

Tenable Core WAS Proxy does not support '#' characters in credentials

01038393

Bug Fixes	Defect ID
Selenium authentication fails when element to detect is not displayed	01106323

Product	Bug Fix	Defect ID
Web Application Scanning	Addressed a bug that caused WAS scan fails to start with error	01077595
User templates not displaying credentials	n/a
User template editing and saving error	n/a
Fix pagination issues on WAS templates table	n/a
Eliminate excess white space in templates view	n/a
Copy a scan removes main shared scan	n/a
Headers are modified when copying a user template	n/a
Scan action ordering WAS different from VM	n/a
Unable to start migrated scan in new UI	n/a

Product

Bug Fix

Defect ID

Web Application Scanning

Addressed a bug that caused WAS scan fails to start with error

01077595

User templates not displaying credentials

n/a

User template editing and saving error

n/a

Fix pagination issues on WAS templates table

n/a

Eliminate excess white space in templates view

n/a

Copy a scan removes main shared scan

n/a

Headers are modified when copying a user template

n/a

Scan action ordering WAS different from VM

n/a

Unable to start migrated scan in new UI

n/a

Product	Bug Fix	Defect ID
Web Application Scanning	HTML contents in Nessus scan export	01060404, 01066389
Plugin updates not reflected in scan edit page	01056318
WAS new UI not allowing changes for a scan	01063011

Product

Bug Fix

Defect ID

Web Application Scanning

HTML contents in Nessus scan export

01060404, 01066389

Plugin updates not reflected in scan edit page

01056318

WAS new UI not allowing changes for a scan

01063011

Product	Bug Fix	Defect ID

Web Application Scanning	Addressed error when opening shared WAS scan configuration Addressed error in WAS templates section for accounts with WAS expired license Addressed a 404 message received for accounts with an expired WAS license when trying to access WAS scans	n/a

Product

Bug Fix

Defect ID

Web Application Scanning

Addressed error when opening shared WAS scan configuration
Addressed error in WAS templates section for accounts with WAS expired license
Addressed a 404 message received for accounts with an expired WAS license when trying to access WAS scans

n/a

Bug Fixes	Defect ID
False positive detected in plugin 98112 Cross-Site Request Forgery	01070561
False Positive detected in plugin 98098 Source Code Disclosure	01072340

Bug Fixes	Defect ID
Scan time limit may not be honored under rare circumstances, leading scan to be aborted by Tenable.io platform	01070195
False positive detected for wildcard certificates on Plugin 112541 SSL/TLS Certificate Common Name Mismatch	01088497

Tenable.io Web App Scanning

Solution Overview

Create new scans in seconds and get actionable results in minutes with Tenable.io Web App Scanning