How to confirm a potential False Positive issue in AppScan Enterprise

Technote (FAQ)


Question

How do you confirm a potential False Positive issue in IBM Security AppScan Enterprise, or how do you get additional explanations for a vulnerability?

Cause

You receive a vulnerability and you suspect the vulnerability is a false positive, and you want to confirm that, or you need additional explanations on the vulnerability.

Answer

Generate data for the vulnerability from AppScan Enterprise and upload the data to a support ticket as follows:

  1. Access the Security Issues report created for your scan.

  2. Click on the Issue id of the vulnerability in question to view the issue details.

  3. Select the Request\Response tab, and perform as follows:
    • Click Download Original HTTP Traffic... and save the file.
    • Do the same for Download Test HTTP Traffic...
    • Take a screenshot of the Request\Response page (showing "Issue Type" and "Variant Properties").
  4. Upload the data to your support ticket
    (as described in How to upload data to a support ticket).

Historical Number

00003242

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Security AppScan Enterprise
Reporting

Software version:

8.0, 8.5, 8.6, 8.7.0.0, 8.8

Operating system(s):

Windows

Software edition:

Enterprise

Reference #:

1298651

Modified date:

2009-08-19

Translate my page

Machine Translation

Content navigation