How do you confirm a potential False Positive issue in IBM Security AppScan Enterprise, or how do you get additional explanations for a vulnerability?
You receive a vulnerability and you suspect the vulnerability is a false positive, and you want to confirm that, or you need additional explanations on the vulnerability.
Write in the support ticket why you suspect it is a false positive, and upload data generated as follows:
- Access the Security Issues report created for your scan.
- Click on the Issue id of the vulnerability in question to view the issue details.
- Select the Request\Response tab, and generate three files as follows:
- Click Download Original HTTP Traffic... and save the file.
- Do the same for Download Test HTTP Traffic...
- Take a screenshot of the Request\Response page (showing "Issue Type" and "Variant Properties"), and save it.
- Upload the three files to your support ticket (as described in How to upload data to a support ticket).