A false positive is like a false alarm; the web application security scanner indicates that your website is vulnerable while in reality it is not. False positives prolong and hinder the process of securing web applications since a manual follow-up from the person who is securing the website is needed to verify all detected vulnerabilities. Therefore allocated time is spent manually verifying false positives rather than focusing on what should be done to secure the websites and web applications.
To eliminate the time wasting chore of false positives, Netsparker has been designed from the ground up to go beyond what other web application security scanners do and actively confirms whether detected web vulnerabilities are real or not. In other words Netsparker simulates an actual penetration tester.
Netsparker dynamically executes custom attacks to exploit suspected vulnerabilities in a safe and non-destructive manner. Netsparker is able to conclusively prove when a detected web application vulnerability is real. If Netsparker is unable to absolutely confirm a vulnerability, the vulnerability is marked as “Possible”. This indicates that it requires manual verification, but, if Netsparker marks a vulnerability as confirmed, you can trust it.
The result: False Positive Free Web Application Security Scans.