Tenable.io Web Application Scanning Reviews

I'm a security consultant using Tenable to help our clients perform vulnerability analysis.

Tenable provides the end analysis results covering all the published vulnerabilities and information on the market. 

It isn't easy to manage vulnerabilities in Tenable. 

I have been using Tenable for around two years. 

The stability is quite good. Tenable is probably the best among similar solutions.

Tenable is scalable.

The configuration is straightforward. It's easy to use and understand. You don't need to be a cyber security professional to use this solution. 

I ratate Tenable.io Web Application Scanning eight out of 10. Tenable.io is still reliable, and we would recommend it depending on your needs. Tenable.io is a general solution, so it may not have specific features you need for your use case. 

We primarily use Tenable.io to scan all of our assets to identify vulnerabilities and determine risk percentages for each.

The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities.

This solution integrates well with other products.

It would be great if there were a dashboard that is more user-friendly.

We had some trouble integrating with ZeroNorth that required we contact technical support. This is an area that could be improved.

We are currently running several different scanners and it would be nice to see all of them in one place. For example, Tenable.io is used for assets, whereas we have different solutions for mobile and websites. Having all of these integrated into a single dashboard would be helpful.

I have been using Tenable.io for more than a year.

In general, we do not have problems with stability. We did have an instance where the agents went down, but problems only occur once in a while.

The scalability is decent and has not been a problem. We have approximately 50 users.

If this solution continues to work well then we will gradually increase usage to cover all of our assets.

The technical support is responsive and they worked on our problem quickly. That said, it depends on how quickly support is needed. The SLA is one or two days, although that depends on the agreement.

When we contacted support during the integration with ZeroNorth, our agents went down and it took a week to come up again. I think that the response and resolution time from technical support could be improved, which would lead to less downtime.

Overall, I would say that they are responsive.

The pricing is okay.

We evaluated several other products using a proof of concept for each. Tenable.io did well in comparison.

For assets, this is a good product and I recommend it. We have done some other PoCs and in comparison, I think Tenable.io did well.

I would rate this solution a seven out of ten.

I work for a security company, and I implement Tenable for our customers. I just implement this technology. I'm not working with the users. 

Our main use case is for implementing and starting scans for the whole company or a specific host. It is used for creating reports or dashboards for the vulnerabilities of the whole company. As a product for web application scanning, the results are uploaded to the cloud, and the management is on the cloud, but we can implement an on-premises scanner, or we can scan the on-premises web applications of our customers.

It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on.

They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap.

I have been working for this company for two years and eight months, and I have had many opportunities to implement Tenable.

It is a cloud solution. It has 100% reliability.

Being a cloud solution, it must be scalable.

In general, it is fast. In some cases, we need L3 support, which can take some time, but overall, it is really fast. As compared to other vendors who implemented such solutions, the support is fast.

It is a complex solution. Tenable.io is an enterprise solution. So, it is not that easy to set up.

The deployment duration varies depending on the size of a company. It can take five days, and it can also take a month.

We have our own team. The number of people required for its deployment varies, but we have been able to implement it for most of the projects with just three people.

For its maintenance, we have five or six people in support.

I would rate it a nine out of 10.

Our primary use case for the solution is automated scanning. It doesn't require scripting knowledge or any of those suites or other tools. So it is fully automated, and we provide the credentials and URL. The tool does all scanning and will show the result per the requirement.

We find the scanning and reporting features most valuable.

For the OWASP there is a predefined dashboard but a detailed report template would have been perfect . The report customization needs to be better. It can be more flexible in the customization. Additionally, the API Scanning features can be improved.

We have been using the solution for a couple of years and currently use Tenable.io and Tenable Vulnerability Management, which are grouped in a single dashboard.

The solution is scalable.

I rate customer service and support a six out of ten.

Neutral

We used Qualys WAS previously but the exact scanning and reporting features we were looking was not there.

The initial setup is straightforward. It uses the external scanners provided, so it does not require additional effort to configure it in our WAS. Furthermore, it does not require any time to deploy because it comes pre-configured with Tenable.io Web Application Scanning.

The minimum license starts from $3,578.

I rate the solution a seven out of ten. The solution is good, but the API scanning features and the flexibility of the report customization can be improved. My advice to new users considering the solution is to go through the documentation on YouTube videos provided by Tenable, and you can get started right away.

We used the solution to asses the security risk of our client's customer-facing platform. 

We can get detailed information about vulnerabilities. 

Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive. 

I have been working with the solution for more than half a year. 

I would rate Tenable.io Web Application Scanning's stability a nine out of ten. 

I alone use the product.

I would rate the tool's setup a seven out of ten. We encountered some challenges during the installation process. We have deployed it over the cloud which took about a week to complete. You need to make the environment ready, connect and scan it. 

Tenable.io Web Application Scanning is expensive for small businesses. 

I would rate the solution a nine out of ten. 

Tenable.io Web Application Scanning is very useful for scanning container exposure, and also for scanning all of the external IP addresses for any organization using Tenable predefined scanners.

It's a good product. It works as expected.

Tenable.io Web Application Scanning is very easy to use.

It provides very reliable results.

It is very useful. 

The GUI is very easy to use, for anyone.

It is easily managed by someone who lacks prior knowledge, information, or experience.

The reporting in Tenable.io Web Application Scanning is not as good as the reporting in Tenable SC. Tenable SC's reporting is extremely powerful.

The reporting has a very limited customization capability. It would be beneficial if this feature could be enhanced.

I have been using Tenable.io Web Application Scanning for three years.

Tenable.io Web Application Scanning is extremely stable.

Tenable.io Web Application Scanning is very easy to scale. 

The scalability surpasses Tenable.sc. All of the resources are based on the cloud. You don't need to add any extra resources if you want to add any external scanning or any internal scanners for the hardware specifications. This solution is very scalable.

I have dealt with technical support once. They were very good and very responsive.

I have also worked with Tenable SC. Asset management is a bit different.

There is no need to install anything. You get it pre-installed from the vendor.

You have access to the GUI, and log in with your credentials.

It follows the same licensing scheme as Tenable.io and Tenable SC.

A separate license is required for support.

I can't be certain, but I believe the fees are determined by the number of IP addresses or users.

I would recommend this solution to others who are interested in using it.

I would rate Tenable.io Web Application Scanning an eight out of ten.

Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product. 

I would like for them to add intervening proxy, whereby you can alter the get/put requests. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing traffic packets which will actually help you in exploiting any vulnerability in detail.

It is quite stable. We haven't had any bugs. 

There is no need to scale, because generally the customers, whenever they scan their applications, they generally take a couple of applications at a time. And Tenable.io is already cloud instituted so you don't have to worry about that aspect.

I never needed to contact support. It is very easy to understand and easy to configure. 

I would rate it an eight out of ten. 

To make it a ten, I would like for there to be more flexibility for the testers.