This video walks through configuring a web application scan template in Nessus Essentials and running a scan.
What's the first thing we need? A target web application! I chose to run Mutillidae, an intentionally vulnerable web app used as both a teaching tool and a scan target.
The command used in the video to run Mutillidae in a Docker container is:
sudo docker run --rm -it -p 80:80 citizenstig/nowasp
Clarification regarding "published and unknown web vulnerabilities", around the 3:27 mark: "published" vulnerabilities include things like vulnerable PHP or jQuery versions, "unknown" include things like unvalidated input or unescaped output that leads to vulnerabilities that have not been previously identified. The point still stands that a scanning tool like Nessus Essentials won't discover entirely novel attack vectors.
