Performing a web application scan
Nessus also supports web application scans. This can be used to audit and identify vulnerabilities in web applications.
Nessus plugins are effective enough to identify critical vulnerabilities from the OWASP Top 10. Nessus provides options for the user to provide authentication details in order to perform a detailed scan and report various vulnerabilities. As a part of web application tests, Nessus also scans for vulnerabilities in application servers, web servers, and databases; that is, end-to-end vulnerability scanning.
Getting ready
The Getting ready section for this recipe is same as the Getting ready section of theĀ Selecting a compliance scan policy section. This recipe will also require you to have studied and practiced the previous recipes in this chapter. Metasploitable consists of multiple vulnerable applications. In this recipe, we will be using DVWA to demonstrate Nessus' capability to perform web application tests:
The default login credentials...