Get to the Bottom of False Positives (1/4): What is a false positive and what are the common causes?
While most false positives result from the misconfiguration of scans, this video series will help you understand what causes them and how to avoid or reduce them. After watching this video, you will be able to:
- Identify the common causes of false positives.
- Identify engineered false positvies (CWE 259: hard-coded password, CWE 321: hard-coded cryptographic key).
- Find resources that will help you review the scan results and discuss any false positive potentials.
Timestamps for video:
0:00 – 0:48 - Intro
0:49 – 1:49 - Common argument for false positives.
1:50 – 2:09 - The definition of false positive.
2:10 – 2:56 - How Veracode improves the findings of flaws.
2:57 – 3:49 - Examples of engineered false positives (CWE 259: hard-coded password, CWE 321: hard-coded cryptographic key) and the reasons for reporting them.
3:50 – 4:05 - The cause of most false positives – misconfiguration of scans and how to determine if that’s the case.
4:06 – 4:27 - Veracode’s low false positive rate in the industry.