False Negative
Understanding False Negative Security Vulnerabilities: Challenges and Solutions
Minimize False NegativesTable of Contents
What is a false negative?
Designing test cases that accurately identify defects in software can be challenging. As scanners run and tests are conducted, false negatives happen when problems aren’t picked up even though there are bugs or vulnerabilities in the application being tested. In the case of a false negative, the test passes when a bug or security vulnerability is in fact present or the functionality is not working as it should.
The more times testing tools and strategies give false negatives (as well as false positives), the less reliable and useful the results. Though both of these are a problem, a false negative is more damaging because it lets a problem go undetected, creating a false sense of security. Whereas a false positive may consume a lot of a tester’s energy and time, a false negative allows a bug to remain in the software. For this reason, software development teams need to use testing tools and strategies they can trust to accurately assess and report on the quality of their software.
Contrast is the clear customers’ choice
Contrast is named a Customers’ Choice in the 2021 Gartner Peer Insights “Voice of the Customer”: Application Security Testing report. With the highest percentage of 5-star ratings, this is the third consecutive year Contrast has received this powerful endorsement from customers.
Built for Developers. Trusted by Security.
Learn Secure Code
CROSS SITE SCRIPTING (XSS)
Learn about Cross site scripting (XSS) and how it affects your Java source code
SQL INJECTION
Learn about SWL injection and how it affects your Java source code
CLIENT SIDE INJECTION
Learn about client-side injection and how it can affect your source code