Tenable Web App Scanning is a dynamic application security testing (DAST) solution that scans running web applications and APIs to identify vulnerabilities. The tool crawls web applications through the front end to create a site map of pages, links, and forms, then interrogates the site to detect security issues. The solution identifies OWASP Top 10 vulnerabilities including cross-site scripting (XSS) and SQL injection in custom application code, as well as vulnerable versions of third-party components. It can detect misconfigurations, certificate issues, and server-side weaknesses that expose applications to reconnaissance or man-in-the-middle attacks. Tenable Web App Scanning offers fast scanning capabilities with quick scans completing in two minutes or less for common security hygiene issues. The tool supports modern web applications including single page applications built on popular frameworks. The solution is available as both a cloud-based SaaS offering and through on-premises deployment via Tenable Security Center integration. It includes role-based access control for managing user permissions and scan visibility. Users can create customizable dashboards and reports, with the ability to integrate IT, cloud, and web application vulnerability data into unified views. The tool supports automated testing schedules and can be extended into CI/CD environments. It is FedRAMP-authorized for government use cases.