Tenable.io Web Application Scanning Reviews

We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities. 

Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific. 

I have been working with the product for two years. 

Tenable.io Web Application Scanning is scalable. We have two users for the product. We don't use it extensively. 

We deployed the tool using in-house resources. 

I rate the product a two out of ten. I am unsatisfied with the product and don't recommend it.  

We are using Tenable.io Web Application Scanning for security assurance, workability management, and patch management.

The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful.

Tenable.io Web Application Scanning could improve by offering faster fuzzing.

I have been using Tenable.io Web Application Scanning for approximately one year.

Tenable.io Web Application Scanning is stable.

We have not had any problems with the scalability of Tenable.io Web Application Scanning.

I provide support to my customers. I have not run into an issue that I needed to contact the support from Tenable.io Web Application Scanning.

The initial deployment of Tenable.io Web Application Scanning is easy.

I rate the initial setup of the Tenable.io Web Application Scanning a five out of five.

We did the deployment of the solution.

The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage.

If customers need a cost-efficient way to do very good ramification scanning and vulnerability management, this is the right solution. It's a valuable piece of technology.

I rate Tenable.io Web Application Scanning a nine out of ten.

I work for a security company, and I implement Tenable for our customers. I just implement this technology. I'm not working with the users. 

Our main use case is for implementing and starting scans for the whole company or a specific host. It is used for creating reports or dashboards for the vulnerabilities of the whole company. As a product for web application scanning, the results are uploaded to the cloud, and the management is on the cloud, but we can implement an on-premises scanner, or we can scan the on-premises web applications of our customers.

It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on.

They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap.

I have been working for this company for two years and eight months, and I have had many opportunities to implement Tenable.

It is a cloud solution. It has 100% reliability.

Being a cloud solution, it must be scalable.

In general, it is fast. In some cases, we need L3 support, which can take some time, but overall, it is really fast. As compared to other vendors who implemented such solutions, the support is fast.

It is a complex solution. Tenable.io is an enterprise solution. So, it is not that easy to set up.

The deployment duration varies depending on the size of a company. It can take five days, and it can also take a month.

We have our own team. The number of people required for its deployment varies, but we have been able to implement it for most of the projects with just three people.

For its maintenance, we have five or six people in support.

I would rate it a nine out of 10.

We used the solution to asses the security risk of our client's customer-facing platform. 

We can get detailed information about vulnerabilities. 

Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive. 

I have been working with the solution for more than half a year. 

I would rate Tenable.io Web Application Scanning's stability a nine out of ten. 

I alone use the product.

I would rate the tool's setup a seven out of ten. We encountered some challenges during the installation process. We have deployed it over the cloud which took about a week to complete. You need to make the environment ready, connect and scan it. 

Tenable.io Web Application Scanning is expensive for small businesses. 

I would rate the solution a nine out of ten. 

Our primary use case for the solution is automated scanning. It doesn't require scripting knowledge or any of those suites or other tools. So it is fully automated, and we provide the credentials and URL. The tool does all scanning and will show the result per the requirement.

We find the scanning and reporting features most valuable.

For the OWASP there is a predefined dashboard but a detailed report template would have been perfect . The report customization needs to be better. It can be more flexible in the customization. Additionally, the API Scanning features can be improved.

We have been using the solution for a couple of years and currently use Tenable.io and Tenable Vulnerability Management, which are grouped in a single dashboard.

The solution is scalable.

I rate customer service and support a six out of ten.

Neutral

We used Qualys WAS previously but the exact scanning and reporting features we were looking was not there.

The initial setup is straightforward. It uses the external scanners provided, so it does not require additional effort to configure it in our WAS. Furthermore, it does not require any time to deploy because it comes pre-configured with Tenable.io Web Application Scanning.

The minimum license starts from $3,578.

I rate the solution a seven out of ten. The solution is good, but the API scanning features and the flexibility of the report customization can be improved. My advice to new users considering the solution is to go through the documentation on YouTube videos provided by Tenable, and you can get started right away.

Tenable.io Web Application Scanning is very useful for scanning container exposure, and also for scanning all of the external IP addresses for any organization using Tenable predefined scanners.

It's a good product. It works as expected.

Tenable.io Web Application Scanning is very easy to use.

It provides very reliable results.

It is very useful. 

The GUI is very easy to use, for anyone.

It is easily managed by someone who lacks prior knowledge, information, or experience.

The reporting in Tenable.io Web Application Scanning is not as good as the reporting in Tenable SC. Tenable SC's reporting is extremely powerful.

The reporting has a very limited customization capability. It would be beneficial if this feature could be enhanced.

I have been using Tenable.io Web Application Scanning for three years.

Tenable.io Web Application Scanning is extremely stable.

Tenable.io Web Application Scanning is very easy to scale. 

The scalability surpasses Tenable.sc. All of the resources are based on the cloud. You don't need to add any extra resources if you want to add any external scanning or any internal scanners for the hardware specifications. This solution is very scalable.

I have dealt with technical support once. They were very good and very responsive.

I have also worked with Tenable SC. Asset management is a bit different.

There is no need to install anything. You get it pre-installed from the vendor.

You have access to the GUI, and log in with your credentials.

It follows the same licensing scheme as Tenable.io and Tenable SC.

A separate license is required for support.

I can't be certain, but I believe the fees are determined by the number of IP addresses or users.

I would recommend this solution to others who are interested in using it.

I would rate Tenable.io Web Application Scanning an eight out of ten.

Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product. 

I would like for them to add intervening proxy, whereby you can alter the get/put requests. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing traffic packets which will actually help you in exploiting any vulnerability in detail.

It is quite stable. We haven't had any bugs. 

There is no need to scale, because generally the customers, whenever they scan their applications, they generally take a couple of applications at a time. And Tenable.io is already cloud instituted so you don't have to worry about that aspect.

I never needed to contact support. It is very easy to understand and easy to configure. 

I would rate it an eight out of ten. 

To make it a ten, I would like for there to be more flexibility for the testers. 

I have at least three use cases. One is for ITDR solutions for threat detection. Another is the vulnerability scanning process that I designed and implemented across five companies based on Gartner implementation papers, and one is for OT.

Now that the license is centralized, it's a significant feature to manipulate assets based on their functions. It provides a centralized view from end-to-end to its assets' identities and vulnerabilities. 

One of the greatest features is Kubernetes. The automated scanning capability is pretty standard in the market, and Tenable's prioritization engine helps improve the security posture.

The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine. This is one key area for improvement.

From Tenable itself, I have close to three to five years of experience. Additionally, I did some three or four implementations over the course of my career.

The solution is stable.

Scalability is very easy. It uses distributive engines by default, making it scalable as a default setting.

Tenable services in Brazil are regional services. The global services would be rated around nine, while the global and local services are around seven or eight out of ten. We usually have to talk to the reseller, who then escalates it to Tenable.

Positive

People usually use Microsoft Defender. It does vulnerability scanning at some level but not in the active manner Tenable does. Tenable has all three fronts, whereas Defender does not run through vulnerability engines at the same time.

The setup is pretty straightforward and is plug and play. The engines report back to the cloud platform, and the documentation is centralized and easy to follow.

The security team consisted of around five to six professionals, mostly security analysts, security architects, and a network engineer. The company's size is about 30,000 employees.

The ROI is feasible when considering the mean time to resolve. Security metrics help determine how long it takes to solve a vulnerability, and once the product is installed, you can see the difference. A business impact analysis on costs makes it easy to calculate the ROI.

The pricing is market standard and comparable to the competition.

I would recommend Tenable.io Web Application Scanning to others. 

I rate the overall solution a nine out of ten.