Tenable.io Web Application Scanning Questions

Miriam Tover
Content Specialist
IT Central Station

Hi Everyone,

What do you like most about Tenable.io Web Application Scanning?

Thanks for sharing your thoughts with the community!

Julia Frohwein
Content and Social Media Manager
IT Central Station

Please share with the community what you think needs improvement with Tenable.io Web Application Scanning.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover
Content Specialist
IT Central Station

If you were talking to someone whose organization is considering Tenable.io Web Application Scanning, what would you say?

How would you rate it and why? Any other tips or advice?

Application Security Questions
BjarneMattila
User at a retailer
Jan 25 2021

I'm aware that some apps collect data from other apps and often these data are private data. These data can and will be stored "somewhere" in the world - and eventually sold or exchanged with even more "data collectors" for all kind of purposes (marketing, crime, fraud and hacking). As you (acc. GDPR) have to describe how your protect private data from being distributed - outside your company, you will need a secure setup on your mobile devices.   


On a private smart phone (BYOD) or corporate phones with private user profiles, users are making private backups of smart phones - with all smart phone data. When an employee ends his career at a company, these data will still be available on the private backup- and can be restored into a new smart phone.


How do you avoid these situations?


With BYOD devices (Bring Your Own Device), the challenges are even more complex. Often the users do not want two smart phones to handle and often they like to use their private smart phones for work. 


To me the solution is quite simple. Use corporate smart phones and allow private data outside a corporate container on the smart phone with business apps only..... BUT that's (with my experience) not how the companies / organizations are handling the smart phones challenges. 


What's your experience ? 

Rony_Sklar
IT Central Station
Jan 13 2021

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 


What are some of the threats that may be associated with using 'fake' cybersecurity tools?


What can people do to ensure that they're using a tool that actually does what it says it does?

SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
Manoj Kumar Kemisetty
Sap Advanced Business Application Programming Consultant at Accenture
Sep 24 2020

Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?

Purushothaman KStatic tool we can use Fortify or IBM Appscan. SonarQube widely used for… more »
Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
Steven KlusenerPlease have a look at the TICS framework, offered by www.tiobe.com, it is… more »
Menachem D Pritzker
Director of Growth
IT Central Station
Aug 10 2020

On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass.


Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber.


The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned.


How could Twitter have been better prepared for this? How do you rate their response?

Ken ShauretteFor some good information from a leading expert check out the webinar today 7/17… more »
Ken ShauretteI like the potential for catching an unusual activity like that with our… more »
Russell WebsterSpan of control, Solid RBAC, Privileged Access Management (PAM) 
Rony_Sklar
IT Central Station

Many companies wonder about whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?

Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
Oscar Van Der MeerFor application security you ideally need SAST, SCA and DAST. You need all three… more »
Russell WebsterBoth. They are not in competition with each other. SAST is used for analyzing… more »
Rony_Sklar
IT Central Station

Which single application security tool provides the best overall protection?

Kangkan GoswamiThe best source to know the OWASP risks is the OWASP website. For top 10 risks… more »
CK Low
User

I am researching application security software for my organization. We provide systems to the airline industry.


Which products provide both vulnerability scanning and quality checks?


Which one(s) do you recommend and why?


Thanks,


CK

TundeOgunkoyaWhilst it may appear as though the real solution to a question like yours is to… more »
Wanda ThomasIt depends if the application is a web app. Does it have a database? Are the… more »
davidstromBurp Suite from PortSwigger (pen testing and vuln scans) and WebGoat from OWASP… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Oct 09 2020

Let the community know what you think. Share your opinions now!

reviewer1434390I would check the authentication steps required. How does the data storage work… more »