Installation guide
76
The screen capture below is the “Web Application Tests Settings” input page:
Table 34 – Web Application Tests Settings
Option
Description
Enable web applications
tests
This check box enables web application tests and causes the settings below to be
evaluated during the test.
Maximum run time (min)
This option manages the amount of time in minutes spent per NASL script performing
web application tests. These NASL scripts are listed above. At the time of this writing,
there were 36 web application test NASLs. The run time of each script varies widely,
however the following generic formula applies to the Maximum_run_time:
scan_time = (num_scripts/max_checks)*Maximum_run_time
For example:
(36/5) * 60 = 432 minutes
This option defaults to 60 minutes and applies to all ports and CGIs for a given web
site.
Try all HTTP methods
By default, Nessus will only test using GET requests. This option will instruct Nessus
to also use “POST requests” for enhanced web form testing. By default, the web
application tests will only use GET requests, unless this option is enabled. Generally,
more complex applications use the POST method when a user submits data to the
application. This setting provides more thorough testing, but may considerably
increase the time required. When selected, Nessus will test each script/variable with
both GET and POST requests.
Combinations of
arguments values
This option manages the combination of argument values used in the HTTP requests.
This drop-down has five options:
one value – This tests one parameter at a time with an attack string, without trying