Tenable.io Web Application Scanning Reviews

We use it to find vulnerabilities, but Tenable.io Web Application Scanning does not include remediation; we remediate with other products. We use the dashboard to find vulnerabilities and attempt to find solutions to these vulnerabilities, but Tenable.io Web Application Scanning does not have remediation capabilities.

We use it to find compliance with OWASP Top 10 threats.

Tenable.io Web Application Scanning does not have automation beyond scheduling scans; the only automatic feature is scan scheduling.

In each scan, the advanced scan option allows us to run the scan with compliance, and we use this feature.

Tenable.io Web Application Scanning helps us determine whether there is penetration audit exposure to our system and web application.

It is a good solution; we use it to scan public applications, and it helps us identify whether there are vulnerabilities or CVEs that hackers can exploit.

We also use the intuitive dashboard.

Neutral

I did not decide to switch.

We do not have an idea of how much we have to pay approximately, but comparing to other products, Tenable.io Web Application Scanning is expensive.

I think Tenable.io Web Application Scanning is the best option on the market at the moment. My review rating for this product is nine out of ten.

I have at least three use cases. One is for ITDR solutions for threat detection. Another is the vulnerability scanning process that I designed and implemented across five companies based on Gartner implementation papers, and one is for OT.

Now that the license is centralized, it's a significant feature to manipulate assets based on their functions. It provides a centralized view from end-to-end to its assets' identities and vulnerabilities. 

One of the greatest features is Kubernetes. The automated scanning capability is pretty standard in the market, and Tenable's prioritization engine helps improve the security posture.

The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine. This is one key area for improvement.

From Tenable itself, I have close to three to five years of experience. Additionally, I did some three or four implementations over the course of my career.

The solution is stable.

Scalability is very easy. It uses distributive engines by default, making it scalable as a default setting.

Tenable services in Brazil are regional services. The global services would be rated around nine, while the global and local services are around seven or eight out of ten. We usually have to talk to the reseller, who then escalates it to Tenable.

Positive

People usually use Microsoft Defender. It does vulnerability scanning at some level but not in the active manner Tenable does. Tenable has all three fronts, whereas Defender does not run through vulnerability engines at the same time.

The setup is pretty straightforward and is plug and play. The engines report back to the cloud platform, and the documentation is centralized and easy to follow.

The security team consisted of around five to six professionals, mostly security analysts, security architects, and a network engineer. The company's size is about 30,000 employees.

The ROI is feasible when considering the mean time to resolve. Security metrics help determine how long it takes to solve a vulnerability, and once the product is installed, you can see the difference. A business impact analysis on costs makes it easy to calculate the ROI.

The pricing is market standard and comparable to the competition.

I would recommend Tenable.io Web Application Scanning to others. 

I rate the overall solution a nine out of ten.

Neutral

It's nice to work with because it gives good results for web application scanning according to OWASP Top 10 and NISC. It's also a very simple tool to use.

It supports cybersecurity strategy. For me, it works. AndI sell this tool to my customers, and they are also happy with it.

It has good dashboard capabilities and gives good results with priority ratings, asset criticality ratings, and exposure scores for vulnerabilities. It also provides automated web application scanning, which customers appreciate because it doesn't disturb the web application or hamper the business. While testing the web application, sometimes it happens that the website or application goes down. But with Tenable.io Web Application Scanning, it doesn't affect the business. It has good unified web application scanning and exposure management.

We would like some additional features. Sometimes it lags with different cloud environments. Private clouds are becoming more common, and the integration lags with those compared to AWS, Azure, or GCP.

So that would be room to improve.

I have been using it for three years. 

We haven't yet contacted Tenable's technical support because we have a good team trained in Tenable tools. 

We don't need support directly, but sometimes, if we need it, we raise a ticket with Tenable.

Tenable has a good support system. We are not unhappy with the tool, and neither are our customers. After raising the ticket, they have a very short turnaround time for queries. They reply very soon. 

We work with Tenable Nessus products, including SecurityCenter, Nessus Expert, and Nessus Professional, and also with Tenable.io Web Application Scanning.

It's very easy to deploy. They have datasheets and videos ready, and Tenable team also supports deployment.

It takes a maximum of half an hour to an hour. If you have a good computer, it can be deployed very easily.

It saves time, but the cost of the tool is a bit high. That should be reduced for SME or SMB customers. It's for enterprises or some of our customers who use it for their clients, scanning web applications and giving them automated and manual results.

If there are many changes in the web application, it may save around 20% to 23% of the time. This is because it runs automated web application scanning alongside normal operations without affecting the business. It also avoids the downtime that sometimes happens during vulnerability scanning, which can affect business.

The last time I sold it to a customer, it was around $7,000 per year. You have to renew the license annually.

It's not a perpetual license. It's a SaaS-based application. For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes.

Overall, I would rate it an eight out of ten. We deploy it for customers, and it's very easy to deploy. Some people are worried about the cost, but we try to sell it at a good rate, less than the online price.

The fundamental objective of this product is to enhance the overall security, be it through verification within the organization or at the user's end.

All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. We utilize scanning and troubleshooting functionalities and are thoroughly satisfied with their detailed services.

Reducing the number of application-related attacks and consolidating them into a standard platform would be highly beneficial. Currently, some attacks are detected while others are not. It would be advantageous to have a more sophisticated detection system to identify and address all types of attacks promptly.

We have been using the solution for more than two years. 

Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten.

Since the solution works on the Cloud, it's highly scalable. We use it two to three times a month and have around three users for the product. I rate the scalability a nine out of ten.

The technical support should be improved.

Neutral

We switched to Tenable.io Web Application Scanning from other solutions due to pricing, reporting capabilities, and the user-friendly interface.

The setup of the solution is straightforward. It involves installing the package and gaining access. It took no time at all since we deployed it on the cloud. We assigned the necessary configurations, and everything was set up and ready to go within a few seconds. I would rate the setup as a perfect ten.

The process was as simple as pressing a button, and I handled all the setup myself.

The Return on Investment is substantial. I rate it a nine out of ten. 

The application is extremely affordable. There are no additional costs involved with licensing.  

I recommend the solution to all. 

We use the solution to get the daily scans and to know the vulnerabilities of the environment.

The solution's instant reports feature is the most effective for detecting threats.

The solution's dashboards could be improved and made more user-friendly. The solution should provide easier access to dashboards and reports.

I have been using Tenable.io Web Application Scanning for two years.

Tenable.io Web Application Scanning is a stable solution.

Tenable.io Web Application Scanning is a scalable solution. Around 10 to 12 users are using the solution in our organization.

The solution's technical support is good. We usually use the solution's community support.

Positive

The solution’s initial setup was straightforward.

It took around a week for the solution’s deployment. Around two to three people are needed to deploy the solution.

Tenable fits into our overall security strategy for web apps. We use the solution whenever we need to do web app scanning. Tenable has helped us identify critical vulnerabilities. We scan all the public-facing websites, and the solution has helped secure them. Tenable.io Web Application Scanning is around 90% to 95% accurate in identifying vulnerabilities, which has helped us increase productivity.

We encountered a few false positives with Tenable.io Web Application Scanning. We just waited a few days, and then the vendor released statements saying those were false positives.

Tenable.io Web Application Scanning is a great tool that provides instant reports.

Overall, I rate the solution eight and a half or nine out of ten.

We use the solution for testing and applications. It is for scanning web applications that we deploy for customers. We provide the solution to clients. It does help them check for vulnerabilities on web applications.

It's good for scanning data sources as well. It works for both web applications and data. You can scan for weaknesses even at the operating system level. It is effective at uncovering all kinds of vulnerabilities. 

It works well with the cloud.

The solution allows for the prioritization of vulnerabilities. You don't just get a report, you get the vulnerabilities ranked so that you can handle the most critical items first. 

It is scalable.

The initial setup is straightforward. 

Pricing is reasonable. 

The solution should offer different controls. The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers. 

I've used the solution for about a year. 

My understanding, the solution is stable. I'd rate the solution eight out of ten. 

If a customer has 500 IPs, they get 500 licenses. If they get more in the future, they just buy more licenses. It's very simple to scale. 

We have a few clients using the solution right now. There are about three customers using it.

We haven't had a lot of challenges with the solution and therefore have not really contacted technical support.

The initial setup is easy for us. It's very straightforward. The deployment time depends on what you need and what will be up and running. It depends on the number of applications you will be scanning. 

There are two options: one for on-premises options and another which is for cloud-centric customers. 

The cloud is very simple to set up. You just do scoping of the work and scoping of the licensing and then get started. 

We do have a few people on staff, including network engineers, that can set up and deploy the solution. 

The pricing is pretty reasonable. Customers do not complain about the price. 

I'd rate the solution eight out of ten. 

The solution is primarily used for vulnerability scanning.

We are using it for our internal network and scanning for access in our internal network.

For example, sometimes, there are some vulnerabilities in the system that are happening and are unexpected. We use this for finding these vulnerable cases in that system, like blocks4j, and then deal with them. If there's a patch required, we handle advice on patching the system to remove the vulnerability. I put in patch requests and handle reports. 

The product provides system viability and helps us avoid risks. You can be sure, after a system scan, that your system is in good health. The product provides comprehensive details and reports to help us understand everything and handle any patches in order to keep our system safe. Basically, it's very good at helping us mitigate risk.

The solution is stable.

It's scalable. 

The dashboard could be more user-friendly. They should add more functionality to it. 

I'd prefer if they shared more pricing information

I've used the solution for about 14 months. 

It's stable and reliable. It knows my search environment. There are no bugs or glitches. It doesn't crash or freeze.

We can scale the solution up and out. It's able to expand. 

When we run into any problems, technical support is very helpful. I'm satisfied with the level of service on offer. 

We also use Qualys and NexPac. However, Tenable is very good in terms of its dashboard.

I'm not sure how straightforward the solution is in terms of the initial setup.

I'd prefer more transparency in the pricing. I don't have any details in regard to the exact pricing. 

I'm a customer and end-user.

I'd rate the product eight out of ten. So far, I have been mostly satisfied with the product, although, of course, any product can always improve. 

We mainly use Tenable.io Web Application Scanning to scan vulnerabilities for web application deployment.

The most effective feature of the product is the ability to scan the entire environment. It provides reports by merging data from web application scans, endpoints, and other assets.

The platform's technical support services could be better.

We have been using Tenable.io Web Application Scanning for five years.

I rate the platform's stability a ten out of ten.

We are working with five Tenable.io Web Application Scanning customers. It is suitable for small to medium businesses. I rate the scalability an eight out of ten.

The support ticketing system needs improvement. Whenever we create tickets, they are directed to a general support team. Routing the case to the relevant specialized personnel with L3 engineering skills takes time.

Neutral

We have a team of five administrators to manage the deployment and maintenance of the platform. I rate the initial setup process a seven out of ten.

I rate the product's pricing a four out of ten.

Implementing Tenable.io Web Application Scanning has been beneficial in identifying numerous vulnerabilities within application code.

I rate its scanning capabilities in terms of user-friendliness an eight out of ten. It can be integrated with different system security products.

Overall, I rate it an eight out of ten.

We are using Tenable.io Web Application Scanning for security assurance, workability management, and patch management.

The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful.

Tenable.io Web Application Scanning could improve by offering faster fuzzing.

I have been using Tenable.io Web Application Scanning for approximately one year.

Tenable.io Web Application Scanning is stable.

We have not had any problems with the scalability of Tenable.io Web Application Scanning.

I provide support to my customers. I have not run into an issue that I needed to contact the support from Tenable.io Web Application Scanning.

The initial deployment of Tenable.io Web Application Scanning is easy.

I rate the initial setup of the Tenable.io Web Application Scanning a five out of five.

We did the deployment of the solution.

The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage.

If customers need a cost-efficient way to do very good ramification scanning and vulnerability management, this is the right solution. It's a valuable piece of technology.

I rate Tenable.io Web Application Scanning a nine out of ten.