How do you confirm a potential False Positive issue in IBM Security AppScan Enterprise, or how do you get additional explanations for a vulnerability?
You receive a vulnerability and you suspect the vulnerability is a false positive, and you want to confirm that, or you need additional explanations on the vulnerability.
Generate data for the vulnerability from AppScan Enterprise and upload the data to a support ticket as follows:
- Access the Security Issues report created for your scan.
- Click on the Issue id of the vulnerability in question to view the issue details.
- Select the Request\Response tab, and perform as follows:
- Click Download Original HTTP Traffic... and save the file.
- Do the same for Download Test HTTP Traffic...
- Take a screenshot of the Request\Response page (showing "Issue Type" and "Variant Properties").
- Upload the data to your support ticket
(as described in How to upload data to a support ticket).