I am using WebInspect 10.50.
Recently, I faced this situation-
An application scan was initiated in WebInspect. It was an authenticated scan for which login macro was recorded.
Once the scan got completed, my team started validating the findings. We found that each and every issue was found to be false positive. Then we realised that the application team had changed the password.
Then the credentials of the application were updated. After making the changes in the login macro, we still found that all the findings were found to be false positive while retesting the vulnerability in WI. Manual retest proved that the issue was a genuine one.
My question is - Does the tool incorporate the new credentials while the scan is going on ? What is the best way to deal in such scenario ?