Scanning web applications with Nessus offers the end user several new configuration options in the Nessus client. You should take into account:
- Number of web servers and applications being scanned
- Size of the applications (e.g. how many parameters does each CGI application have?)
- Depth and scope of the scan with respects to the type of tests being performed and how exhaustive they should be.
This video demonstrates how to setup Nessus to scan a web application using the new options: