FALSE POSITIVE

Back To Listing

What is FALSE POSITIVE?

False positives occur when a scanning tool, web application firewall (WAF), or intrusion prevention system (IPS) incorrectly flag a security vulnerability during software testing. False positives describe the situation where a test case fails, but in actuality there is no bug and functionality is working correctly. Because false positives need to be checked out and this can be a time-consuming process, they typically eat up valuable IT bandwidth that should be applied to more important tasks.

High rates of false positives are efficiency disrupters, having a drag effect on IT software development and testing teams. While a false positive is improperly indicating the presence of a problem when in reality one does not exist (the software is functioning as intended), the false negative is the opposite, giving you a false senses of security by indicating you don’t have a vulnerability when in fact you do.

Contrast Community Edition

Release Secure Software Faster... No Security Expertise Needed!

Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.