Home > News > Top Stories > Tenable Unveils Comprehensive Web Application and API Scanning Capabilities for Nessus Expert

Web Security Tools, Cloud Security

Tenable Unveils Comprehensive Web Application and API Scanning Capabilities for Nessus Expert

Tenable Unveils Comprehensive Web Application and API Scanning

Tenable®, the Exposure Management company, today announced web application and API scanning in Tenable Nessus Expert, new features that provide simple and comprehensive vulnerability scanning for modern web applications and APIs.

Web application and API scanning in Nessus Expert are dynamic application security testing (DAST) features that enable security practitioners to proactively identify and assess web applications and APIs for known vulnerabilities. This includes OWASP Top 10 vulnerabilities in custom application code and known vulnerabilities found in third-party components.

Backed by Tenable Research, Nessus provides broad and accurate vulnerability coverage for web applications and APIs – spanning web application servers, content management systems, web frameworks, programming languages and JavaScript libraries. The result is fewer false positives and negatives, ensuring security practitioners know the true risks in their applications.

“Web applications are under siege and the security practitioners in charge of protecting them face numerous challenges,” said Glen Pendley, chief technology officer, Tenable. “With Nessus Expert – the gold standard in vulnerability assessment – we’re tackling the crux of these challenges head on by widening visibility into web applications and APIs. Whether the apps are running on-prem or in the public cloud, Nessus Expert assesses their exposures and provides security practitioners, consultants and pentesters with actionable results quickly.”

Nessus Expert is the industry’s first vulnerability assessment solution that spans traditional IT assets and the dynamic modern attack surface, including the external attack surface, cloud infrastructure and now, web applications and APIs. This new feature and functionality enables security practitioners to:

  • Set-up new web app and API scans and easily generate comprehensive results

  • Rapidly discover known vulnerabilities and cyber hygiene issues using predefined scan templates for SSL/TLS certificates and HTTP header misconfigurations

  • Identify all web applications, APIs and underlying components owned by a given organization

  • Confidently and safely scan environments without disruptions or delays

About Tenable

Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Spotlight

More featured news

Spotlight

Related News

Cloud Security

Google Cloud Next 2023 Embraces Generative AI for Safer Digital Future

Google | September 18, 2023

Google reveals its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. Alphabet and Google CEO Sundar Pichai's keynote emphasizes Google's AI-first approach and the transformative impact of AI across industries. Google introduces innovative security updates and trends, highlighting its commitment to enhancing cybersecurity capabilities. Google Cloud extends Duet AI to three key products in preview mode, empowering security teams to address complex cybersecurity challenges more efficiently. Google unveiled its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. This significant revelation follows the broader accessibility of generative AI, made possible earlier this year by technologies like ChatGPT. Google's strategic endeavor aims to harness the potential of AI to combat cybersecurity challenges. Additionally, the event featured a keynote address by Alphabet and Google CEO Sundar Pichai, who underscored the transformative influence of AI across sectors and emphasized Google's extensive history of adopting an AI-first approach. During the conference, Google seized the opportunity to introduce innovative security updates and trends, signifying its commitment to enhancing cybersecurity capabilities for its customers. These developments come at a time when the integration of AI technologies in addressing cybersecurity concerns has gained substantial attention and recognition. Alphabet and Google CEO Sundar Pichai, a prominent figure in the technology industry, initiated the conference, reiterating the profound influence of AI across various sectors, industries, and business functions. His emphasis on Google's decade-long dedication to an AI-first approach solidified the company's leadership position in this transformative era. Furthermore, Google unveiled significant developments in the conference, including expanding Vertex AI with over 100 foundation models and introducing enhancements like PaLM 2, supercomputing capabilities, and the fifth-gen Tensor Processing Units. However, their commitment to democratizing AI was highlighted, demonstrated through customer stories and live demos. Google Cloud's developer advocate, Priyanka Vergadia, showcased Duet AI, an intelligent chatbot assistant that streamlines developers' tasks, saving time and enhancing security. Duet AI automates deployments, configures applications correctly, aids in debugging, and strengthens security. Its preview release marks a step towards achieving shift-left and DevSecOps goals, empowering developers to secure their code effectively and allowing security teams to scale their efforts. The research conducted by ESG and ISSA highlights the challenges faced by cybersecurity professionals. A significant majority (63%) have found their roles increasingly complex over the past two years. A closer look reveals that the surge in complexity (81%), rising workloads, and growing cyberthreats (59%), as well as understaffing issues (46%), are the primary factors contributing to this challenge. In response to these evolving demands, Google Cloud has taken a proactive step by extending the application of Duet AI to three key products, now available in preview mode. These applications empower security teams with Mandiant Threat Intelligence for threat analysis, Google Chronicle for accelerated SecOps processes, and Google Security Command Center for risk mitigation. A live demonstration showcased how Duet AI streamlines security analysts' workflows, making threat detection and response more efficient and enhancing overall security posture management. Google Cloud announced Mandiant Hunt for Chronicle Security Ops in preview, boosting threat hunting with expert Mandiant insights. Agentless vulnerability scanning (powered by Tenable) in preview detects OS, software, and network vulnerabilities on Google Compute Engine VMs. Custom posture findings and threat detectors are now available in the Security Command Center. Cloud Firewall Plus, in preview, enhances firewall service with advanced threat protection (Palo Alto Networks). These updates, utilizing Duet AI in preview, demonstrate Google Cloud's dedication to cybersecurity innovation, with specific availability details to come. The conference also highlighted partner offerings in the ever-evolving cloud security landscape.

Read More

Security Audit and Compliance

Lumen Enhances its SASE Solution with New Security Features Addition

Lumen Technologies | September 13, 2023

Lumen Technologies announces the launch of key security enhancements to its industry-leading secure access service edge product. The company’s SASE Solutions represents a first-of-its-kind, fully digital experience for purchasing, configuring, and overseeing enterprise SASE. The latest features incorporated into Lumen SASE Solutions are security service edge and cloud-hosted gateways. On September 12, 2023, Lumen Technologies, a leading provider of Secure Access Service Edge (SASE) solutions, committed to advancing human progress through technology facilitating the connection of people, data, and applications, announced the addition of key enhancements to its landmark SASE product. The addition of new features makes lumen SASE solutions even more simplified and flexible for customers. Lumen SASE Solutions represents a pioneering, entirely digital experience for purchasing, configuring, and managing enterprise SASE. This is a significant step in Lumen's ongoing efforts to drive innovation and foster growth. Notably, the SASE product improvements launch are a direct outcome of valuable customer feedback. The Lumen SASE approach focuses on simplification in order to deliver flexible, secure, and scalable SASE solutions to organizations of all sizes and industries. Senior Director of SASE Product Management at Lumen, Darren Wolner, said, There has been a rapid adoption of cloud-based services as more organizations implement hybrid work, but security is paramount to any cloud-based experience. This means savvy organizations soon realized a whole new set of requirements and challenges. We quickly enhanced the product to fit their requirements. [Source – Cision PR Newswire] Darren mentioned that Lumen has a strong focus on meeting customer wants and needs. He cited the latest SASE updates as a prime illustration of this commitment. The new capabilities added to Lumen SASE Solutions include: Security Service Edge (SSE) SSE encompasses a suite of integrated, cloud-centric security capabilities, which feature cloud-hosted gateways. These capabilities are designed to ensure secure access to websites, facilitate the safe sharing of sensitive data, and manage user permissions for software-as-a-service (SaaS) applications. These solutions are delivered in partnership with prominent SD-WAN and security providers. Cloud-hosted Gateways Cloud-hosted gateways offer organizations the flexibility to adopt 'grow as they go' network and security management features as they scale without the necessity of on-premises equipment. In addition to the global expansion of Lumen technologies, customers based in the US can now deploy premise-based SASE services to locations in EMEA and Canada. Pete Finalle, Research Manager with IDC, stated, The new, hybrid perimeter – encompassing the main office down to the remote workforce – has collided with multi-cloud resources. This has created numerous networking and security complexities that are difficult to solve without a customer outcomes-based approach, which few companies can provide. [Source – Cision PR Newswire] Finalle pointed out that Lumen has a distinctive position to deliver real business outcomes through a comprehensive, cloud-based network security stack. This stack significantly benefits from Lumen's presence in both network and cloud infrastructure. Additionally, he mentioned that the company's digital customer experience and managed approach to resolving the intricate security and networking challenges allow them to mitigate the deployment and management difficulties that frequently hinder the adoption of SASE.

Read More

Network Threat Detection

Juniper Networks Unveils the Industry’s First Distributed Security Services Architecture for Unmatched Scalability and Operational Simplicity

Business Wire | October 20, 2023

Juniper Networks (NYSE: JNPR), the leader in secure, AI-driven networks, today announced the expansion of its Connected Security portfolio with new products and capabilities that empower organizations to seamlessly extend security services and Zero Trust policies across distributed data center environments. The new Juniper Connected Security Distributed Services Architecture uniquely integrates Juniper’s unified security management paradigm with best-in-class routing and AI-Predictive Threat Prevention to bring much-needed operational simplicity and scale to data center security. In addition, four new high-performance firewall platforms deliver unmatched performance in a compact footprint that minimizes cost, space and power consumption. With the adoption of edge computing, multicloud, 5G and IoT, business data is increasingly distributed across geographically dispersed locations, making it harder to secure and manage. To adapt to this changing environment, organizations need a new modern data center architecture that delivers reliability through automated data center operations, scalable performance to support the most stringent workloads (e.g., AI model training) and comprehensive data security, regardless of where the data resides. The newest enhancements to Juniper’s Connected Security portfolio provide a secure bridge for customers to facilitate their transition to a modern data center, at their own pace. This is achieved via the following unique innovations: Juniper’s Connected Security Distributed Services Architecture: Juniper is the first in the industry to deliver an architecture design that fully decouples the forwarding and security services layers that have traditionally been combined in a single firewall appliance. By decoupling these layers, customers can utilize their existing Juniper MX series routers as an intelligent forwarding engine and load balancer. This unique design gives customers independent scaling flexibility without chassis limitations, multi-path resiliency and cost efficiency. When coupled with Juniper Security Director Cloud, the operational experience is as simple as managing one logical element, regardless of the quantities and form factors of any additional firewall engines added to the architecture. AI-Predictive Threat Prevention: Building on Juniper’s Adaptive Threat Profiling and Encrypted Traffic Insights, AI-Predictive Threat Prevention automatically generates custom signatures unique to the customer’s environment through a proxy-less architecture. Coupled with AI, customers gain even more effective malware prevention at line rate. Additionally, the enhanced URL filtering solution provides more granular control, with more than 200 categories to choose from and support for up to 200 languages, as well as a new portal for better insights on web content and easy recategorization. The AI-powered security solution enables customers and partners to predict and find real threats faster, leaving human experts to focus on more strategic security tasks. Four new best-in-class high-performance firewalls: The new Juniper Networks SRX firewalls (SRX1600, SRX2300, SRX4300, SRX4700) are 1RU in size, scale up to 1.4 Tbps and include built-in Zero Trust capabilities, delivering the industry’s highest firewall throughput performance per rack unit. The new platforms feature wire-speed MACsec along with natively embedded TPM 2.0 chips and cryptographically signed device IDs that allow security administrators and network operators to easily verify the trust posture of devices remotely and mitigate the risks of supply chain attacks. These new firewalls, like the whole SRX family, support industry-standard EVPN-VXLAN Type 5 integration, providing full fabric awareness to security operators and allowing them to respond to threats faster. When combined with Juniper’s Connected Security Distributed Services Architecture, these additions to the Juniper SRX series family offer customers even more options to build and expand their data center architectures securely and with sustainability objectives top of mind.

Read More

Cloud Security

Google Cloud Next 2023 Embraces Generative AI for Safer Digital Future

Google | September 18, 2023

Google reveals its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. Alphabet and Google CEO Sundar Pichai's keynote emphasizes Google's AI-first approach and the transformative impact of AI across industries. Google introduces innovative security updates and trends, highlighting its commitment to enhancing cybersecurity capabilities. Google Cloud extends Duet AI to three key products in preview mode, empowering security teams to address complex cybersecurity challenges more efficiently. Google unveiled its pioneering approach to applying generative AI in cybersecurity at the Google Cloud Next conference in San Francisco. This significant revelation follows the broader accessibility of generative AI, made possible earlier this year by technologies like ChatGPT. Google's strategic endeavor aims to harness the potential of AI to combat cybersecurity challenges. Additionally, the event featured a keynote address by Alphabet and Google CEO Sundar Pichai, who underscored the transformative influence of AI across sectors and emphasized Google's extensive history of adopting an AI-first approach. During the conference, Google seized the opportunity to introduce innovative security updates and trends, signifying its commitment to enhancing cybersecurity capabilities for its customers. These developments come at a time when the integration of AI technologies in addressing cybersecurity concerns has gained substantial attention and recognition. Alphabet and Google CEO Sundar Pichai, a prominent figure in the technology industry, initiated the conference, reiterating the profound influence of AI across various sectors, industries, and business functions. His emphasis on Google's decade-long dedication to an AI-first approach solidified the company's leadership position in this transformative era. Furthermore, Google unveiled significant developments in the conference, including expanding Vertex AI with over 100 foundation models and introducing enhancements like PaLM 2, supercomputing capabilities, and the fifth-gen Tensor Processing Units. However, their commitment to democratizing AI was highlighted, demonstrated through customer stories and live demos. Google Cloud's developer advocate, Priyanka Vergadia, showcased Duet AI, an intelligent chatbot assistant that streamlines developers' tasks, saving time and enhancing security. Duet AI automates deployments, configures applications correctly, aids in debugging, and strengthens security. Its preview release marks a step towards achieving shift-left and DevSecOps goals, empowering developers to secure their code effectively and allowing security teams to scale their efforts. The research conducted by ESG and ISSA highlights the challenges faced by cybersecurity professionals. A significant majority (63%) have found their roles increasingly complex over the past two years. A closer look reveals that the surge in complexity (81%), rising workloads, and growing cyberthreats (59%), as well as understaffing issues (46%), are the primary factors contributing to this challenge. In response to these evolving demands, Google Cloud has taken a proactive step by extending the application of Duet AI to three key products, now available in preview mode. These applications empower security teams with Mandiant Threat Intelligence for threat analysis, Google Chronicle for accelerated SecOps processes, and Google Security Command Center for risk mitigation. A live demonstration showcased how Duet AI streamlines security analysts' workflows, making threat detection and response more efficient and enhancing overall security posture management. Google Cloud announced Mandiant Hunt for Chronicle Security Ops in preview, boosting threat hunting with expert Mandiant insights. Agentless vulnerability scanning (powered by Tenable) in preview detects OS, software, and network vulnerabilities on Google Compute Engine VMs. Custom posture findings and threat detectors are now available in the Security Command Center. Cloud Firewall Plus, in preview, enhances firewall service with advanced threat protection (Palo Alto Networks). These updates, utilizing Duet AI in preview, demonstrate Google Cloud's dedication to cybersecurity innovation, with specific availability details to come. The conference also highlighted partner offerings in the ever-evolving cloud security landscape.

Read More

Security Audit and Compliance

Lumen Enhances its SASE Solution with New Security Features Addition

Lumen Technologies | September 13, 2023

Lumen Technologies announces the launch of key security enhancements to its industry-leading secure access service edge product. The company’s SASE Solutions represents a first-of-its-kind, fully digital experience for purchasing, configuring, and overseeing enterprise SASE. The latest features incorporated into Lumen SASE Solutions are security service edge and cloud-hosted gateways. On September 12, 2023, Lumen Technologies, a leading provider of Secure Access Service Edge (SASE) solutions, committed to advancing human progress through technology facilitating the connection of people, data, and applications, announced the addition of key enhancements to its landmark SASE product. The addition of new features makes lumen SASE solutions even more simplified and flexible for customers. Lumen SASE Solutions represents a pioneering, entirely digital experience for purchasing, configuring, and managing enterprise SASE. This is a significant step in Lumen's ongoing efforts to drive innovation and foster growth. Notably, the SASE product improvements launch are a direct outcome of valuable customer feedback. The Lumen SASE approach focuses on simplification in order to deliver flexible, secure, and scalable SASE solutions to organizations of all sizes and industries. Senior Director of SASE Product Management at Lumen, Darren Wolner, said, There has been a rapid adoption of cloud-based services as more organizations implement hybrid work, but security is paramount to any cloud-based experience. This means savvy organizations soon realized a whole new set of requirements and challenges. We quickly enhanced the product to fit their requirements. [Source – Cision PR Newswire] Darren mentioned that Lumen has a strong focus on meeting customer wants and needs. He cited the latest SASE updates as a prime illustration of this commitment. The new capabilities added to Lumen SASE Solutions include: Security Service Edge (SSE) SSE encompasses a suite of integrated, cloud-centric security capabilities, which feature cloud-hosted gateways. These capabilities are designed to ensure secure access to websites, facilitate the safe sharing of sensitive data, and manage user permissions for software-as-a-service (SaaS) applications. These solutions are delivered in partnership with prominent SD-WAN and security providers. Cloud-hosted Gateways Cloud-hosted gateways offer organizations the flexibility to adopt 'grow as they go' network and security management features as they scale without the necessity of on-premises equipment. In addition to the global expansion of Lumen technologies, customers based in the US can now deploy premise-based SASE services to locations in EMEA and Canada. Pete Finalle, Research Manager with IDC, stated, The new, hybrid perimeter – encompassing the main office down to the remote workforce – has collided with multi-cloud resources. This has created numerous networking and security complexities that are difficult to solve without a customer outcomes-based approach, which few companies can provide. [Source – Cision PR Newswire] Finalle pointed out that Lumen has a distinctive position to deliver real business outcomes through a comprehensive, cloud-based network security stack. This stack significantly benefits from Lumen's presence in both network and cloud infrastructure. Additionally, he mentioned that the company's digital customer experience and managed approach to resolving the intricate security and networking challenges allow them to mitigate the deployment and management difficulties that frequently hinder the adoption of SASE.

Read More

Network Threat Detection

Juniper Networks Unveils the Industry’s First Distributed Security Services Architecture for Unmatched Scalability and Operational Simplicity

Business Wire | October 20, 2023

Juniper Networks (NYSE: JNPR), the leader in secure, AI-driven networks, today announced the expansion of its Connected Security portfolio with new products and capabilities that empower organizations to seamlessly extend security services and Zero Trust policies across distributed data center environments. The new Juniper Connected Security Distributed Services Architecture uniquely integrates Juniper’s unified security management paradigm with best-in-class routing and AI-Predictive Threat Prevention to bring much-needed operational simplicity and scale to data center security. In addition, four new high-performance firewall platforms deliver unmatched performance in a compact footprint that minimizes cost, space and power consumption. With the adoption of edge computing, multicloud, 5G and IoT, business data is increasingly distributed across geographically dispersed locations, making it harder to secure and manage. To adapt to this changing environment, organizations need a new modern data center architecture that delivers reliability through automated data center operations, scalable performance to support the most stringent workloads (e.g., AI model training) and comprehensive data security, regardless of where the data resides. The newest enhancements to Juniper’s Connected Security portfolio provide a secure bridge for customers to facilitate their transition to a modern data center, at their own pace. This is achieved via the following unique innovations: Juniper’s Connected Security Distributed Services Architecture: Juniper is the first in the industry to deliver an architecture design that fully decouples the forwarding and security services layers that have traditionally been combined in a single firewall appliance. By decoupling these layers, customers can utilize their existing Juniper MX series routers as an intelligent forwarding engine and load balancer. This unique design gives customers independent scaling flexibility without chassis limitations, multi-path resiliency and cost efficiency. When coupled with Juniper Security Director Cloud, the operational experience is as simple as managing one logical element, regardless of the quantities and form factors of any additional firewall engines added to the architecture. AI-Predictive Threat Prevention: Building on Juniper’s Adaptive Threat Profiling and Encrypted Traffic Insights, AI-Predictive Threat Prevention automatically generates custom signatures unique to the customer’s environment through a proxy-less architecture. Coupled with AI, customers gain even more effective malware prevention at line rate. Additionally, the enhanced URL filtering solution provides more granular control, with more than 200 categories to choose from and support for up to 200 languages, as well as a new portal for better insights on web content and easy recategorization. The AI-powered security solution enables customers and partners to predict and find real threats faster, leaving human experts to focus on more strategic security tasks. Four new best-in-class high-performance firewalls: The new Juniper Networks SRX firewalls (SRX1600, SRX2300, SRX4300, SRX4700) are 1RU in size, scale up to 1.4 Tbps and include built-in Zero Trust capabilities, delivering the industry’s highest firewall throughput performance per rack unit. The new platforms feature wire-speed MACsec along with natively embedded TPM 2.0 chips and cryptographically signed device IDs that allow security administrators and network operators to easily verify the trust posture of devices remotely and mitigate the risks of supply chain attacks. These new firewalls, like the whole SRX family, support industry-standard EVPN-VXLAN Type 5 integration, providing full fabric awareness to security operators and allowing them to respond to threats faster. When combined with Juniper’s Connected Security Distributed Services Architecture, these additions to the Juniper SRX series family offer customers even more options to build and expand their data center architectures securely and with sustainability objectives top of mind.

Read More

More featured news