What is a False Positive in Cyber Security?
A false positive within cyber security refers to an alert or vulnerability that has been incorrectly flagged, usually caused by unpredictable behaviour which is triggered by a test case.
What is a false positive alert?
A false positive within cyber security refers to an alert or vulnerability that has been incorrectly flagged, usually caused by unpredictable behaviour which is triggered by a test case. The inaccuracies within the response can cause the scanning tools to highlight a flaw where none are present. An example of this would be a web server taking 20 milliseconds longer to respond, and the scanner believing a time-based SQL injection test was successfully executed.
What is a false negative in security?
A false negative is the opposite of a false positive in which a flaw may be overlooked or flagged as secure when in fact there is an underlying vulnerability present. False negatives are far more serious than false positives as they could leave a security flaw undetected. However, due to the paranoid nature of most scanning and pen-testing methodologies, they are also far less likely.]
How do you handle false positives?
False positives may utilise precious resources trying to remediate a vulnerability that didn’t exist, to begin with. This is where the consultant comes in, by analysing the output of tools and scans, a consultant can apply their knowledge and experience and identify potential false positives based on the initial details, they can then investigate these further and remove them the report once satisfied they do not present a risk.
If you like this blog post, find more content in our Glossary.