FAQ: How does Acunetix reduce false positives?

Acunetix WVS is a heuristic scanner and not a signature based scanner, which by design is an efficient way of reducing false positives.
With the introduction of AcuSensor Technology, false positive reporting has been drastically reduced because vulnerability detection is no longer based on just the error messages returned from the server or web application, but also from information sent back to the scanner from the sensors installed on the web server.

Still, if a reported vulnerability happens to be a false positive one can mark it as ‘false positive’ from the vulnerability description, so next time a scan is launched against the same website or web application, the vulnerability will not show up again.

For a complete security assessment of a web application we always recommend automated scans to be supplemented with manual tests so one can verify and understand the automated scan results, which is why Acunetix WVS is also shipped with a set of advanced manual penetration testing tools.

You can also report a false positive by sending all the vulnerability technical details to support@acunetix.com.

View the complete FAQ

Share this post

Leave a Reply

Your email address will not be published.