I hope this is the right place to ask this question. So, perhaps some of you have heard of Nessus. It's a (network) vulnerability scanner and i have noticed that it also has a functionality to scan web-applications, thing is, it only focuses on the CGI. However, Tenable, the company behind Nessus also released Tenable WAS (web application scanning) which focuses on modern and traditional web-frameworks. So I've been wondering why they would have two software solutions that can do similar tasks. Are CGI vulnerabilities not the same as web vulnerabilities?
↧