False positive reduction is included as standard for those with a Vanguard subscription and as a bolt-on for Premium users.
Intruder's security experts will take a look into occurrences that have been flagged by users as false positives. A manual investigation will be carried out to try and determine whether the occurrence(s) are legitimate concerns or not; where possible, our experts will aim to cross-check findings against other security tools.
What are the benefits of false positive reduction?
The benefits are twofold:
Scanners don't always get it right and can inadvertently cause misdirected security efforts β wasting your precious time.
An investigation by a security expert, provides assurance that any findings have been reviewed by a second set of eyes, specifically those trained in this practice.
How can I get false positive reduction?
Once you've signed up to the Premium plan and purchased the bolt-on, feel free to reach out via the chatbot (or email us at [email protected]) and let us know that you'd like to redeem one of your FP reduction credits.
Please include:
The name of the issue
The occurence you'd like checked
Any other details you think would help with the investigation.
The support team will then escalate this to the security team, one of whom will come back to you once they've had a chance to investigate.
Why do scanners report false positives?
No automated tool is infallible; sometimes the scanners finds something that looks like a security weakness, but after manual review and with context, turns out to be benign.
eg. a delay in response from an application could be server load and on a different application it could be due to a time-based injection vulnerability.
Is it just applicable to Intruder?
Absolutely not, false positives are common with all vulnerability scanners, across the board.
What can I do about confirmed false positives?
We'd recommend snoozing them and marking as a false positive (instructions on how to do that can be found in this article.