False Positive
Balancing Sensitivity and Specificity: Managing False Positive Security Vulnerabilities
Learn How to Minimize False PositivesTable of Contents
What is false positive?
False positives occur when a scanning tool, web application firewall (WAF), or intrusion prevention system (IPS) incorrectly flag a security vulnerability during software testing. False positives describe the situation where a test case fails, but in actuality there is no bug and functionality is working correctly. Because false positives need to be checked out and this can be a time-consuming process, they typically eat up valuable IT bandwidth that should be applied to more important tasks.
High rates of false positives are efficiency disrupters, having a drag effect on IT software development and testing teams. While a false positive is improperly indicating the presence of a problem when in reality one does not exist (the software is functioning as intended), the false negative is the opposite, giving you a false senses of security by indicating you don’t have a vulnerability when in fact you do.
Contrast is the clear customers’ choice
Contrast is named a Customers’ Choice in the 2021 Gartner Peer Insights “Voice of the Customer”: Application Security Testing report. With the highest percentage of 5-star ratings, this is the third consecutive year Contrast has received this powerful endorsement from customers.
Built for Developers. Trusted by Security.
Learn Secure Code
CROSS SITE SCRIPTING (XSS)
Learn about Cross site scripting (XSS) and how it affects your Java source code
SQL INJECTION
Learn about SWL injection and how it affects your Java source code
CLIENT SIDE INJECTION
Learn about client-side injection and how it can affect your source code