IBM Support

How to confirm a potential False Positive in AppScan Enterprise



How do you confirm a potential False Positive issue in IBM Security AppScan Enterprise, or how do you get additional explanations for a vulnerability?


You receive a vulnerability and you suspect the vulnerability is a false positive, and you want to confirm that, or you need additional explanations on the vulnerability.


Write in the support ticket why you suspect it is a false positive, and upload data generated as follows:

  1. Access the Security Issues report created for your scan.
  2. Click on the Issue id of the vulnerability in question to view the issue details.
  3. Select the Request\Response tab, and generate three files as follows:
    - Click Download Original HTTP Traffic... and save the file.
    - Do the same for Download Test HTTP Traffic...
    - Take a screenshot of the Request\Response page (showing "Issue Type" and "Variant Properties"), and save it.
  4. Upload the three files to your support ticket (as described in How to upload data to a support ticket).


Historical Number


Document information

More support for: IBM Security AppScan Enterprise

Component: Reporting

Software version: 9.0,, 9.0.1,, 9.0.2,, 9.0.3,,,

Operating system(s): Windows

Reference #: 1298651

Modified date: 05 December 2018