Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise Edition

Handling false positives

  • Last updated: July 16, 2024

  • Read time: 2 Minutes

This section explains how to mark issues discovered by Burp Suite Enterprise Edition as false positives. You may want to do this if manual testing shows that an issue is not really present, or if you are aware of the issue but do not want to rectify it.

Mark an issue as a false positive

When you mark an issue as a false positive, your username and the date are stored. Other users can see this information. To mark an issue as a false positive:

  1. From the top menu, select Scans.
  2. Select the scan you want to view.
  3. Select the Issues tab.
  4. Select the issue, or expand the issue and select the relevant URLs.
  5. In the Actions column, click FP.
  6. In the pop-up window, select the issues you want to mark as false positives:

    • This issue: Mark only this instance of the issue as a false positive.
    • This issue and all existing issues with the same type for the site: Mark all issues of the same type as false positives across the whole site.
    • This issue and all existing issues with the same type and URL for the site: Mark issues of the same type and URL as false positives.
  7. If necessary, enter a note.
  8. Click OK.

In the Issues window, the selected issues are now moved to the bottom of the list, labeled False positive, and grayed out. They are also removed from the statistics and charts displayed in the dashboards.

Note

Marking an issue as false positive does not affect future scans. To configure future scans to mark certain issues by default, refer to Configuring default false positive settings.

Was this article helpful?