Uploaded by Florian Goutaudier

Quick Positioning- Tenable.io WAS vs Nessus WAS

PRODUCT COMPARISON:
Tenable.io WAS vs Nessus WAS
Last updated 9/4/2018
Use the following tables to help you understand key differences between Tenable.io Web Application Scanning and the legacy
Nessus Web Application Scanning product. Table 1 provides a high-level summary comparison, and Table 2 provides specific
comparison details.
Features
Tenable.io WAS
Legacy Nessus WAS
VM & WAS
Unified Visibility
✓
-
Safe Scanning
✓
-
Advanced
Authentication
✓
✖︎
Manual Crawling
✓
✖︎
OWASP
Top 10 Project
Support
✓
✖︎
Known Vulnerability
Detection
-
✓
Unknown
Vulnerability
Detection
✓
-
Modern Framework
Support
✓
✖︎
High Detection
Accuracy
✓
-
Table 1: Summary of capabilities between Tenable.io WAS and legacy Nessus WAS
COPYRIGHT 2018 TENABLE, INC. ALL RIGHTS RESERVED. TENABLE NETWORK SECURITY, NESSUS, SECURITYCENTER, SECURITYCENTER CONTINUOUS VIEW AND LOG CORRELATION ENGINE ARE REGISTERED TRADEMARKS OF TENABLE, INC. TENABLE,
TENABLE.IO, ASSURE, AND THE CYBER EXPOSURE COMPANY ARE TRADEMARKS OF TENABLE, INC. ALL OTHER PRODUCTS OR SERVICES ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS.
1
Features
Tenable.io WAS
Legacy Nessus WAS
Web application assets are integrated in the same
Tenable.io dashboard as other assets automatically for
unified visibility.
Web application assets can be integrated into
SecurityCenter by creating additional filters to customize the
dashboard. No asset integration is available in Tenable.io.
Safe Scanning
Users can create a list of blocked urls to exclude from scans
and define customized scan performance thresholds to
avoid application disruption.
Users can define customized scan performance thresholds to
avoid application disruption.
Advanced
Authentication
Supports a broad range of authentication options such as
forms, cookies, NTLM and Selenium scripts to address most
web application requirements. Automatically detect when
authentication is required and validate when authentication
has been successfully configured.
Supports only login forms and cookie-based authentication.
The product is unable to automatically detect or validate
successful authentication.
Manual Crawling
Records manual crawling of web applications using Selenium
to assess and validate user-defined workflows. This is an
important capability for assessing Single Page Applications.
Manual crawling is not available.
The product is purpose-built for the OWASP Top 10 and
provides out-of-the-box vulnerability assessment and
reporting aligned to OWASP risk categories.
OWASP Top 10 is not supported out-of-the-box. Users can
create custom dashboards to manually align specific
vulnerabilities to OWASP risk categories.
Known Vulnerability
Detection
Detects known or specified vulnerabilities related to Content
Management Systems (WordPress, Joomla! And Drupal).
New CVE plugins supporting web application servers,
language engines, web frameworks and JavaScript libraries
will be available in 3Q 2018.
Supports a leading range of known or specified
vulnerabilities based on CVE plugins.
Unknown
Vulnerability
Detection
Detects unknown or unspecified vulnerabilities in support of
OWASP Top 10 without the need for specific CVE plugins.
Provides detection of generic cross-site scripting and
injection vulnerabilities in support of OWASP Top 10.
Modern Framework
Support
Supports web applications built with modern web frameworks
such as HTML5, JavaScript, AJAX and Single Page Applications,
as well as traditional web frameworks.
Modern web framework support is not available.
Leading vulnerability detection accuracy with minimal false
positives and negatives across all web applications.
Strong vulnerability detection accuracy across web
applications built using traditional frameworks.
VM & WAS
Unified Visibility
OWASP
Top 10 Project
Support
High Detection
Accuracy
Table 2: Details of capabilities between Tenable.io WAS and legacy Nessus WAS
For More Information: Please visit tenable.com
Contact Us: Please email us at sales@tenable.com or visit tenable.com/contact
COPYRIGHT 2018 TENABLE, INC. ALL RIGHTS RESERVED. TENABLE NETWORK SECURITY, NESSUS, SECURITYCENTER, SECURITYCENTER CONTINUOUS VIEW AND LOG CORRELATION ENGINE ARE REGISTERED TRADEMARKS OF TENABLE, INC. TENABLE,
TENABLE.IO, ASSURE, AND THE CYBER EXPOSURE COMPANY ARE TRADEMARKS OF TENABLE, INC. ALL OTHER PRODUCTS OR SERVICES ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS.
2