2023-10-17 23:0:0 Author: www.tenable.com(查看原文) 阅读量:12 收藏
On-prem web app scanning is now available within Tenable Security Center, offering comprehensive exposure management with accurate analysis, OWASP Top 10 coverage and easy setup. Here’s what you need to know.
In the world of cybersecurity, staying ahead of threats is a constant challenge. Over the past decade, web application security has evolved and become significantly more complex. The proliferation of application programming interfaces (APIs) has introduced a host of vulnerabilities, making API security a pressing concern. The rise in supply chain attacks has added another layer of complexity, as web applications increasingly rely on third-party components. In addition, the open source ecosystem faces growing threats, requiring increased security measures.
According to a recent report from Verizon, web application attacks are involved in 25% of all breaches, making them the second most common attack pattern. This complexity makes it difficult for security teams to keep pace with evolving web app threats, especially when less-critical applications are often overlooked, leaving organizations vulnerable. Tenable recognizes these challenges and has unveiled a comprehensive solution that addresses them head-on, safeguarding critical assets and sensitive data.
Introducing on-prem web application scanning in Security Center
With Security Center’s latest 6.2 release, Tenable takes a significant step forward in bolstering your defenses against the modern attack surface by introducing web application security for customers who want their data managed onsite.
Until now, we’ve offered our web application scanning capabilities via a software-as-a-service (SaaS) model in Tenable Vulnerability Management. With this Security Center release, you get the flexibility to deploy your web application scanning through either a cloud-based or on-premises approach. The seamless integration of Web App Scanning into the Security Center UI fortifies your security posture by providing an on-prem approach to identifying and addressing vulnerabilities across both your network infrastructure and web applications. Security Center will now not only identify weaknesses in traditional IT assets, but extend its reach to the security of web applications.
Tenable Web App Scanning on-prem in Security Center is a game-changer for cybersecurity professionals. Here's why it matters:
Accurate and comprehensive vulnerability analysis: Tenable's Web App Scanning provides powerful vulnerability scanning for modern web applications. It minimizes false positives and negatives, ensuring that you understand the true risks associated with your web applications.
Full OWASP Top 10 coverage and beyond: Dynamic application security testing (DAST) identifies critical OWASP Top 10 Web Application Security Risks, such as cross-site scripting (XSS) and SQL injection. It also pinpoints vulnerable versions of third-party components, ensuring comprehensive vulnerability coverage.
Easy setup and rapid results: Predefined scan templates enable you to quickly identify common web application cyber hygiene issues related to SSL/TLS certificates and HTTP header misconfigurations. Setting up scans takes seconds, and the results are returned promptly.
Safe scanning for production environments: Web application scanning in Security Center ensures that your production web applications remain undisturbed while being thoroughly scanned for vulnerabilities.
Tenable's Web App Scanning empowers you to explore the next level of web application security within the Security Center UI. It allows you to stay ahead of evolving threats, secure your web applications effectively, and confidently defend your organization's digital assets. With real-time monitoring, comprehensive reporting and compliance alignment, this integrated solution equips security teams with the tools needed to safeguard critical assets and maintain a strong defense against modern adversaries.
There’s more in Security Center 6.2 beyond WAS
In addition to the integrated WAS capabilities, the Security Center 6.2 release also includes these additional features:
- Accessible asset lists from domain inventory: Save time by creating an asset list based on user selected assets. This list could be used to generate scans rather than manually creating scans.
- Algorithm updates to ACR/AES: Security Center Plus customers will benefit from algorithm updates by our data science team ensuring consistent ACR/AES risk calculations, whether data is processed on-premises or in the cloud. These updates will maintain accurate risk assessments, aiding informed security decisions. Customers will need to apply the 6.2 release update to benefit from these improvements.
- Improvements to Security Center patching: Now you’ll have the ability to see and apply any patches directly from the Software Updates tool, rather than requiring a reboot to the system, as well as seeing the status of available patches (i.e., applied, missing).
- Custom classification banner: Elevate your web app or exported reports with personalized headers and footers. Now, you have the power to define your own text and choose a custom color for your classification banners. This feature empowers customers who demand classification banners to tailor their messaging and design according to their unique needs and preferences.
Get ready to explore the next level of web application security on-prem within the Security Center UI. With Tenable Web App Scanning, you can stay ahead of evolving threats, secure your web applications effectively, and confidently defend your organization's digital assets. Upgrade to the latest version of Tenable Security Center and tap into the full potential of these features.
Want to learn what Tenable Web App Scanning in Security Center can do? Attend our upcoming customer update webinar on November 9 at 10 am PDT / 1 pm EDT for a look into what's new and coming soon in Tenable Security Center 6.2.
Learn more
Brittany Isaacs
Brittany Isaacs is a Product Marketing Manager at Tenable, with primary responsibility for shaping messaging, positioning and devising go-to-market plans for Tenable Security Center and Tenable Vulnerability Management. She uses her extensive experience in product and strategic marketing across various industries to help strengthen the vulnerability management story. Before joining Tenable, Brittany held roles as a Product Marketing Manager at Availity and ISC2, where she played a pivotal role in elevating market awareness and driving demand for their cybersecurity certification suite.
Related Articles
- Cloud
- SecurityCenter
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Tenable Vulnerability Management
Formerly Tenable.io
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank You
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Try Tenable Nessus Professional Free
FREE FOR 7 DAYS
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
NEW - Tenable Nessus Expert
Now Available
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro Trial.
Buy Tenable Nessus Professional
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
BUY
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
65 assets
Choose Your Subscription Option:
Thank You
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Try Tenable Web App Scanning
Formerly Tenable.io Web Application Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Buy Tenable Web App Scanning
Formerly Tenable.io Web Application Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Try Tenable Lumin
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Buy Tenable Lumin
Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank You
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Request a demo of Tenable Security Center
Formerly Tenable.sc
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Request a demo of Tenable OT Security
Formerly Tenable.ot
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Request a demo of Tenable Identity Exposure
Formerly Tenable.ad
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Request a Demo of Tenable Cloud Security
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Thank You
Thank you for your interest in Tenable Cloud Security. A representative will be in touch soon.
See
Tenable One
In Action
Exposure management for the modern attack surface.
See Tenable Attack Surface Management In Action
Formerly Tenable.asm
Know the exposure of every asset on any platform.
Thank You
Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.
Try Tenable Nessus Expert Free
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Buy Tenable Nessus Expert
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Try Nessus Expert Free
FREE FOR 7 DAYS
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Buy Tenable Nessus Expert
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
如有侵权请联系:admin#unsafe.sh