We are using Tenable.io Web Application Scanning for security assurance, workability management, and patch management.
Director of Cyber Security at a outsourcing company with 501-1,000 employees
Simple deployment, priced well, and reliable
Pros and Cons
- "The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
- "Tenable.io Web Application Scanning could improve by offering faster fuzzing."
What is our primary use case?
What is most valuable?
The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful.
What needs improvement?
Tenable.io Web Application Scanning could improve by offering faster fuzzing.
For how long have I used the solution?
I have been using Tenable.io Web Application Scanning for approximately one year.
Buyer's Guide
Application Security Tools
October 2024
Find out what your peers are saying about Tenable, Invicti, PortSwigger and others in Application Security Tools. Updated: October 2024.
814,572 professionals have used our research since 2012.
What do I think about the stability of the solution?
Tenable.io Web Application Scanning is stable.
What do I think about the scalability of the solution?
We have not had any problems with the scalability of Tenable.io Web Application Scanning.
How are customer service and support?
I provide support to my customers. I have not run into an issue that I needed to contact the support from Tenable.io Web Application Scanning.
How was the initial setup?
The initial deployment of Tenable.io Web Application Scanning is easy.
I rate the initial setup of the Tenable.io Web Application Scanning a five out of five.
What about the implementation team?
We did the deployment of the solution.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage.
What other advice do I have?
If customers need a cost-efficient way to do very good ramification scanning and vulnerability management, this is the right solution. It's a valuable piece of technology.
I rate Tenable.io Web Application Scanning a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Technical Consultant at a tech consulting company with 51-200 employees
A good automated scanning solution but could be more flexible with customization
Pros and Cons
- "It is fully automated."
- "The report customization needs to be better."
What is our primary use case?
Our primary use case for the solution is automated scanning. It doesn't require scripting knowledge or any of those suites or other tools. So it is fully automated, and we provide the credentials and URL. The tool does all scanning and will show the result per the requirement.
What is most valuable?
We find the scanning and reporting features most valuable.
What needs improvement?
For the OWASP there is a predefined dashboard but a detailed report template would have been perfect . The report customization needs to be better. It can be more flexible in the customization. Additionally, the API Scanning features can be improved.
For how long have I used the solution?
We have been using the solution for a couple of years and currently use Tenable.io and Tenable Vulnerability Management, which are grouped in a single dashboard.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
I rate customer service and support a six out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used Qualys WAS previously but the exact scanning and reporting features we were looking was not there.
How was the initial setup?
The initial setup is straightforward. It uses the external scanners provided, so it does not require additional effort to configure it in our WAS. Furthermore, it does not require any time to deploy because it comes pre-configured with Tenable.io Web Application Scanning.
What's my experience with pricing, setup cost, and licensing?
The minimum license starts from $3,578.
What other advice do I have?
I rate the solution a seven out of ten. The solution is good, but the API scanning features and the flexibility of the report customization can be improved. My advice to new users considering the solution is to go through the documentation on YouTube videos provided by Tenable, and you can get started right away.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Application Security Tools
October 2024
Find out what your peers are saying about Tenable, Invicti, PortSwigger and others in Application Security Tools. Updated: October 2024.
814,572 professionals have used our research since 2012.
Senior Information Security Analyst at a computer software company with 10,001+ employees
It provides the end analysis results covering all the published vulnerabilities and information on the market
Pros and Cons
- "Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
- "It isn't easy to manage vulnerabilities in Tenable."
What is our primary use case?
I'm a security consultant using Tenable to help our clients perform vulnerability analysis.
What is most valuable?
Tenable provides the end analysis results covering all the published vulnerabilities and information on the market.
What needs improvement?
It isn't easy to manage vulnerabilities in Tenable.
For how long have I used the solution?
I have been using Tenable for around two years.
What do I think about the stability of the solution?
The stability is quite good. Tenable is probably the best among similar solutions.
What do I think about the scalability of the solution?
Tenable is scalable.
How was the initial setup?
The configuration is straightforward. It's easy to use and understand. You don't need to be a cyber security professional to use this solution.
What other advice do I have?
I ratate Tenable.io Web Application Scanning eight out of 10. Tenable.io is still reliable, and we would recommend it depending on your needs. Tenable.io is a general solution, so it may not have specific features you need for your use case.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT Manager at a manufacturing company with 10,001+ employees
Good reporting and integration, but it needs a user-friendly dashboard
Pros and Cons
- "The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
- "It would be great if there were a dashboard that is more user-friendly."
What is our primary use case?
We primarily use Tenable.io to scan all of our assets to identify vulnerabilities and determine risk percentages for each.
What is most valuable?
The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities.
This solution integrates well with other products.
What needs improvement?
It would be great if there were a dashboard that is more user-friendly.
We had some trouble integrating with ZeroNorth that required we contact technical support. This is an area that could be improved.
We are currently running several different scanners and it would be nice to see all of them in one place. For example, Tenable.io is used for assets, whereas we have different solutions for mobile and websites. Having all of these integrated into a single dashboard would be helpful.
For how long have I used the solution?
I have been using Tenable.io for more than a year.
What do I think about the stability of the solution?
In general, we do not have problems with stability. We did have an instance where the agents went down, but problems only occur once in a while.
What do I think about the scalability of the solution?
The scalability is decent and has not been a problem. We have approximately 50 users.
If this solution continues to work well then we will gradually increase usage to cover all of our assets.
How are customer service and technical support?
The technical support is responsive and they worked on our problem quickly. That said, it depends on how quickly support is needed. The SLA is one or two days, although that depends on the agreement.
When we contacted support during the integration with ZeroNorth, our agents went down and it took a week to come up again. I think that the response and resolution time from technical support could be improved, which would lead to less downtime.
Overall, I would say that they are responsive.
What's my experience with pricing, setup cost, and licensing?
The pricing is okay.
Which other solutions did I evaluate?
We evaluated several other products using a proof of concept for each. Tenable.io did well in comparison.
What other advice do I have?
For assets, this is a good product and I recommend it. We have done some other PoCs and in comparison, I think Tenable.io did well.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Specialist at a security firm with 51-200 employees
Collects the vulnerabilities on the hostnames and sends them to the cloud
Pros and Cons
- "It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
- "They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
What is our primary use case?
I work for a security company, and I implement Tenable for our customers. I just implement this technology. I'm not working with the users.
Our main use case is for implementing and starting scans for the whole company or a specific host. It is used for creating reports or dashboards for the vulnerabilities of the whole company. As a product for web application scanning, the results are uploaded to the cloud, and the management is on the cloud, but we can implement an on-premises scanner, or we can scan the on-premises web applications of our customers.
What is most valuable?
It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on.
What needs improvement?
They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap.
For how long have I used the solution?
I have been working for this company for two years and eight months, and I have had many opportunities to implement Tenable.
What do I think about the stability of the solution?
It is a cloud solution. It has 100% reliability.
What do I think about the scalability of the solution?
Being a cloud solution, it must be scalable.
How are customer service and support?
In general, it is fast. In some cases, we need L3 support, which can take some time, but overall, it is really fast. As compared to other vendors who implemented such solutions, the support is fast.
How was the initial setup?
It is a complex solution. Tenable.io is an enterprise solution. So, it is not that easy to set up.
The deployment duration varies depending on the size of a company. It can take five days, and it can also take a month.
What about the implementation team?
We have our own team. The number of people required for its deployment varies, but we have been able to implement it for most of the projects with just three people.
For its maintenance, we have five or six people in support.
What other advice do I have?
I would rate it a nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees
User-friendly GUI, simple to manage, the support is excellent and quick to respond
Pros and Cons
- "Tenable.io Web Application Scanning is very easy to use."
- "The reporting has a very limited customization capability."
What is our primary use case?
Tenable.io Web Application Scanning is very useful for scanning container exposure, and also for scanning all of the external IP addresses for any organization using Tenable predefined scanners.
What is most valuable?
It's a good product. It works as expected.
Tenable.io Web Application Scanning is very easy to use.
It provides very reliable results.
It is very useful.
The GUI is very easy to use, for anyone.
It is easily managed by someone who lacks prior knowledge, information, or experience.
What needs improvement?
The reporting in Tenable.io Web Application Scanning is not as good as the reporting in Tenable SC. Tenable SC's reporting is extremely powerful.
The reporting has a very limited customization capability. It would be beneficial if this feature could be enhanced.
For how long have I used the solution?
I have been using Tenable.io Web Application Scanning for three years.
What do I think about the stability of the solution?
Tenable.io Web Application Scanning is extremely stable.
What do I think about the scalability of the solution?
Tenable.io Web Application Scanning is very easy to scale.
The scalability surpasses Tenable.sc. All of the resources are based on the cloud. You don't need to add any extra resources if you want to add any external scanning or any internal scanners for the hardware specifications. This solution is very scalable.
How are customer service and support?
I have dealt with technical support once. They were very good and very responsive.
Which solution did I use previously and why did I switch?
I have also worked with Tenable SC. Asset management is a bit different.
How was the initial setup?
There is no need to install anything. You get it pre-installed from the vendor.
You have access to the GUI, and log in with your credentials.
What's my experience with pricing, setup cost, and licensing?
It follows the same licensing scheme as Tenable.io and Tenable SC.
A separate license is required for support.
I can't be certain, but I believe the fees are determined by the number of IP addresses or users.
What other advice do I have?
I would recommend this solution to others who are interested in using it.
I would rate Tenable.io Web Application Scanning an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at a tech consulting company with 51-200 employees
Multi-faceted solution that offers good replication testing and vulnerability assessment
Pros and Cons
- "Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
- "I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
What is most valuable?
Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product.
What needs improvement?
I would like for them to add intervening proxy, whereby you can alter the get/put requests. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing traffic packets which will actually help you in exploiting any vulnerability in detail.
What do I think about the stability of the solution?
It is quite stable. We haven't had any bugs.
What do I think about the scalability of the solution?
There is no need to scale, because generally the customers, whenever they scan their applications, they generally take a couple of applications at a time. And Tenable.io is already cloud instituted so you don't have to worry about that aspect.
How are customer service and technical support?
I never needed to contact support. It is very easy to understand and easy to configure.
What other advice do I have?
I would rate it an eight out of ten.
To make it a ten, I would like for there to be more flexibility for the testers.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about Tenable, Invicti, PortSwigger, and more!
Updated: October 2024
Product Categories
Application Security ToolsPopular Comparisons
SonarQube Server (formerly SonarQube)
Checkmarx One
Microsoft Azure Application Gateway
F5 BIG-IP Local Traffic Manager (LTM)
Fortinet FortiWeb
Fortify on Demand
Sonatype Lifecycle
CrowdStrike Falcon Cloud Security
Imperva Web Application Firewall
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about Tenable, Invicti, PortSwigger, and more!
Quick Links
Learn More: Questions:
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
- Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
- SAST vs. DAST: Which is better for application security testing?