Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
rohit_gemalto Valued Contributor.
Valued Contributor.

Retest always shows "Vulnerability Not Detected"

Everytime I run WebInspect on my application, it reports some vulnerabilities.

However, I always get "Vulnerability Not Detected" whenever I run a retest on those vulnerabilities.

Does that mean I can mark it as False Positive, if yes then why does it report as vulnerability in every run?

1 Reply
Micro Focus Expert
Micro Focus Expert

Re: Retest always shows "Vulnerability Not Detected"

The Retest should re-run the Steps associated with that finding, as listed in the GUI under the Issue's detailed information panes.  Once the Retest runs, the GUI should split and show you the Original vs. the Current Requests, and this allows you to use your human intuition to compare them, beyond the simple Thumbs Up/Down icon.

Is the Retest run having something different occur during its replay Steps, such as not successfully logging in, or another obvious issue?

I believe that if you change the Proxy setting for the WebInspect Default Scan Settings, to run through an intercept proxy (included Web Proxy, BURP, et al), then the Retest should run its Request traffic through that proxy, giving you an additional way to monitor it.  You may need to address the details of the differences with Fortify Support (https://softwaresupport.softwaregrp.com), and that sort of capture can be very helpful to compare with the normal scan traffic.

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.