A false positive is like a false alarm. Web application security scanners can indicate that your website is vulnerable when it isn’t. False positives prolong and hamper the process of securing web applications, since a manual follow-up is needed to verify each detected vulnerability. Time is spent manually verifying false positives rather than securing web applications and web services.
The ultimate goal of scanning technology is to automate repetitive tasks, reduce human errors, eliminate the time consuming and difficult process of manually verifying the scanner’s findings, and weed out false positives. Netsparker achieves this by actively determining whether identified web vulnerabilities are real. In order to do this, Netsparker simulates the activities of a real penetration tester.
Netsparker dynamically exploits suspected vulnerabilities in a safe and non-destructive way. This results in conclusive proof that an identified web application vulnerability is genuine. When it exploits a vulnerability, Netsparker generates a Proof of Exploit that highlights the impact of that vulnerability. If Netsparker is unable to confirm a vulnerability, it is marked for manual verification. However, if Netsparker marks a vulnerability as confirmed, you can trust that it is real.
For more detailed information about our exclusive technology, see Proof-Based Scanning™.
Try our fully customizable and scalable scanning software today. No payment is required and we will not ask for your credit card details.