Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise Edition

Configuring default false positive settings

  • Last updated: July 16, 2024

  • Read time: 1 Minute

This section explains how to configure the way Burp Suite Enterprise Edition handles false positives. You can configure whether Burp Suite Enterprise Edition remembers false positives, and the criteria it uses to recognize false positives.

By default, Burp Suite Enterprise Edition remembers false positive issues in future scans of the same site. If the same issue is reported again, it is automatically flagged as a false positive.

To configure the false positive settings:

  1. From the settings menu , select False positives.
  2. Use the toggle switch to select whether to Remember false positives for future scans of the site.
  3. Choose how Burp Suite Enterprise Edition matches newly reported issues with past issues that were flagged as false positives:

    • Look for matches based on the issue type and URL.
    • Look for matches based on the issue type anywhere on the site.

Note

Use Look for matches based on the issue type anywhere on the site with caution. For example, if you enable it, and you flag an SQL injection issue as being a false positive, then all future SQL injection issues reported for the site will automatically be flagged as false positives, even if they arise at different URLs.

Was this article helpful?