A false positive is like a false alarm; the web application security scanner indicates that your website is vulnerable while in reality it is not. False positives prolong and hinder the process of securing web applications since a manual follow-up from the person who is securing the website is needed to verify all detected vulnerabilities. Therefore the allocated time is spent manually verifying false positives rather than focusing on what should be done to secure the websites and web applications.
NETSPARKER IS THE FIRST AND ONLY SCANNER WITH Proof-Based Scanning Technology
To eliminate the time wasting chore of verifying the scanners findings and ensuring there are no false positives, Netsparker has been designed from the ground up to go beyond what other web application security scanners do; it actively confirms whether the identified web vulnerabilities are real or not. In other words Netsparker simulates an actual penetration tester.
Netsparker dynamically executes custom attacks to exploit suspected vulnerabilities in a safe and non-destructive manner. Netsparker is able to conclusively prove that an identified web application vulnerability is real and also generates either a Proof of Exploit or Proof of Concept. If Netsparker is unable to absolutely confirm a vulnerability, the vulnerability is marked as "Possible". This indicates that it requires manual verification, but, if Netsparker marks a vulnerability as confirmed, you can trust it.
The result: Dead accurate Web Application Security Scans.
Read Proof-Based Web Vulnerability Scanning Technology for more detailed information on this unique technology and watch the short video below.