How to confirm a potential False Positive in AppScan Enterprise
How do you confirm a potential False Positive issue in IBM Security AppScan Enterprise, or how do you get additional explanations for a vulnerability?
You receive a vulnerability and you suspect the vulnerability is a false positive, and you want to confirm that, or you need additional explanations on the vulnerability.
Write in the support ticket why you suspect it is a false positive, and upload data generated as follows:
- Access the Security Issues report created for your scan.
- Click on the Issue id of the vulnerability in question to view the issue details.
- Select the Request\Response tab, and generate three files as follows:
- Click Download Original HTTP Traffic... and save the file.
- Do the same for Download Test HTTP Traffic...
- Take a screenshot of the Request\Response page (showing "Issue Type" and "Variant Properties"), and save it.
- Upload the three files to your support ticket (as described in How to upload data to a support ticket).
More support for:
IBM Security AppScan Enterprise
Software version: 8.0, 8.5, 8.6, 22.214.171.124, 8.8, 9.0, 126.96.36.199, 9.0.1, 188.8.131.52, 9.0.2, 184.108.40.206
Operating system(s): Windows
Software edition: Enterprise
Reference #: 1298651
Modified date: 19 August 2009