Application Auditing

Tenable Network Security offers many different types of audit policies for desktop and server applications for many different standards such as DISA STIG, Center for Information Security and vendor recommendations.

Desktop applications such as Adobe Reader can be tested for secure configurations. In some cases, a policy may have direct security impact such as Tenable's audit policy to check that Adobe Reader has had JavaScript disabled. In other cases, you may want to make sure that all browsers have been configured to use the local web proxy settings.

A key desktop application to audit is antivirus. In addition to Tenable Nessus's credentialed audit that identifies antivirus software and ensures threat signatures are up to date, Tenable offers configuration audit policies for all common antivirus solutions. In the enterprise, there are often many ways to configure antivirus products and Tenable offers audit policies for BitDefender, CA, Kaspersky and many others.

Tenable also offers many hardening audit policies for server applications such as Apache and IIS. Audit policies are also included for architectures and frameworks such as VMware ESX as well as Tomcat.