Get to the Bottom of False Positives: Legitimate false positives and what you need to do.
While most false positives result from the misconfiguration of scans, this video series will help you understand what causes them and how to avoid or reduce them. After watching this video, you will be able to:
- Begin fixing flaws using the Triage Flaws page with the Veracode Platform (Veracode Analysis Center).
- Address any false positive flaws such as CWE 259: hard-coded password, CWE 321: hard-coded cryptographic key – using a mitigation proposal.
Timestamps for video:
0:00 – 0:20 - Intro
0:21 – 0:37 - How to navigate to the “triage flaws” page in the Analysis Center to begin review and fixing the flaws.
0:38 – 1:10 - How to access flaw details, which is not available on the pdf report, on the triage flaws page.
1:11 – 1:37 - Example of an engineered false positive – CWE 259: hard-coded password.
1:38 – 2:30 - How to propose a mitigation for a potential false positive.