False Positives

A false positive is an error in the result data where a web security vulnerability is reported to be present while in reality it is not present (i.e. the result is false). These kinds of errors are considered common in web application security assessments.

While there are many factors at play and there is always a chance for a false-positive to appear from time to time, WebReaver takes a number of precautionary steps to ensure that this number is kept to a minimum level. In particular WebReaver is heavily tested against real world web applications and many false positives are eliminated by improving the testing engine strategies. Additionally, we are using a unique reporting system which generates signatures (almost like a DNA) for each vulnerability in order to ensure that it is not accidentally misreported.

In other words, WebReaver does not claim to be false-positive-free although you will rarely find any misreported results as part of your reports.