Related Tips & Info

Support Tip: WebInspect/WebInspect Enterprise: False Positive

Eknappen
Micro Focus Employee
0 Likes

Summary
What to do when a false positive is encountered in scan results.

Products
Fortify,Fortify WebInspect

Situation
Fortify Technical Support cannot advise customers whether a vulnerability is in fact a threat or not. We are able to check previously reported findings and report new challenges to the SSR team with the proper documentation. However, it is up to your developers and security team to consider whether vulnerabilities are false positives or not in the specific context of your environment.

After investigating, if your team finds WebInspect identified false vulnerabilities, they can be marked as such in the scan. Then the scan can be used to compare and eliminate the finding from future scans.

Read Full Support Article here. 

Support Article Reference Number (URL Name)
KM000006406

__________________________________

Elizabeth Knappen
CyberRes Community Manager

If you find this post useful, give it a ‘Like’ or use ‘Verify Answer’

Labels:

Support Tip
Comment List
Anonymous
Related Discussions
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.