統一的 IT 與 Web 應用程式安全性：與 Security Center 整合的內部部署 Web App Scanning

On-prem web app scanning is now available within Tenable Security Center, offering comprehensive exposure management with accurate analysis, OWASP Top 10 coverage and easy setup. 以下是幾點須知。

In the world of cybersecurity, staying ahead of threats is a constant challenge. Over the past decade, web application security has evolved and become significantly more complex. The proliferation of application programming interfaces (APIs) has introduced a host of vulnerabilities, making API security a pressing concern. The rise in supply chain attacks has added another layer of complexity, as web applications increasingly rely on third-party components. In addition, the open source ecosystem faces growing threats, requiring increased security measures. 

According to a recent report from Verizon, web application attacks are involved in 25% of all breaches, making them the second most common attack pattern. This complexity makes it difficult for security teams to keep pace with evolving web app threats, especially when less-critical applications are often overlooked, leaving organizations vulnerable. Tenable recognizes these challenges and has unveiled a comprehensive solution that addresses them head-on, safeguarding critical assets and sensitive data.

Introducing on-prem web application scanning in Security Center

With Security Center’s latest 6.2 release, Tenable takes a significant step forward in bolstering your defenses against the modern attack surface by introducing web application security for customers who want their data managed onsite. 

Until now, we’ve offered our web application scanning capabilities via a software-as-a-service (SaaS) model in Tenable Vulnerability Management. With this Security Center release, you get the flexibility to deploy your web application scanning through either a cloud-based or on-premises approach. The seamless integration of Web App Scanning into the Security Center UI fortifies your security posture by providing an on-prem approach to identifying and addressing vulnerabilities across both your network infrastructure and web applications. Security Center will now not only identify weaknesses in traditional IT assets, but extend its reach to the security of web applications. 

Tenable Web App Scanning on-prem in Security Center is a game-changer for cybersecurity professionals. Here's why it matters:

Accurate and comprehensive vulnerability analysis: Tenable's Web App Scanning provides powerful vulnerability scanning for modern web applications. It minimizes false positives and negatives, ensuring that you understand the true risks associated with your web applications.

Full OWASP Top 10 coverage and beyond: Dynamic application security testing (DAST) identifies critical OWASP Top 10 Web Application Security Risks, such as cross-site scripting (XSS) and SQL injection. It also pinpoints vulnerable versions of third-party components, ensuring comprehensive vulnerability coverage.

Easy setup and rapid results: Predefined scan templates enable you to quickly identify common web application cyber hygiene issues related to SSL/TLS certificates and HTTP header misconfigurations. Setting up scans takes seconds, and the results are returned promptly.

Safe scanning for production environments: Web application scanning in Security Center ensures that your production web applications remain undisturbed while being thoroughly scanned for vulnerabilities.

Tenable's Web App Scanning empowers you to explore the next level of web application security within the Security Center UI. It allows you to stay ahead of evolving threats, secure your web applications effectively, and confidently defend your organization's digital assets. With real-time monitoring, comprehensive reporting and compliance alignment, this integrated solution equips security teams with the tools needed to safeguard critical assets and maintain a strong defense against modern adversaries.

There’s more in Security Center 6.2 beyond WAS

In addition to the integrated WAS capabilities, the Security Center 6.2 release also includes these additional features: 

• Accessible asset lists from domain inventory: Save time by creating an asset list based on user selected assets. This list could be used to generate scans rather than manually creating scans.
• Algorithm updates to ACR/AES: Security Center Plus customers will benefit from algorithm updates by our data science team ensuring consistent ACR/AES risk calculations, whether data is processed on-premises or in the cloud. These updates will maintain accurate risk assessments, aiding informed security decisions. Customers will need to apply the 6.2 release update to benefit from these improvements.
• Improvements to Security Center patching: Now you’ll have the ability to see and apply any patches directly from the Software Updates tool, rather than requiring a reboot to the system, as well as seeing the status of available patches (i.e., applied, missing).
• Custom classification banner: Elevate your web app or exported reports with personalized headers and footers. Now, you have the power to define your own text and choose a custom color for your classification banners. This feature empowers customers who demand classification banners to tailor their messaging and design according to their unique needs and preferences.

Get ready to explore the next level of web application security on-prem within the Security Center UI. With Tenable Web App Scanning, you can stay ahead of evolving threats, secure your web applications effectively, and confidently defend your organization's digital assets. Upgrade to the latest version of Tenable Security Center and tap into the full potential of these features.

Want to learn what Tenable Web App Scanning in Security Center can do? Attend our upcoming customer update webinar on November 9 at 10 am PDT / 1 pm EDT for a look into what's new and coming soon in Tenable Security Center 6.2.

深入瞭解

• Attend the Customer Update Webinar
• Read the Release Notes
• Schedule a Free Demo
• View the Tenable Security Center product page