False results of a security scan

​A security scan can generate report with inaccurate information. Two types of false results can be listed.

False positive - is a record that shows that vulnerability is present, however this result is inaccurate.

False negative - is a condition where a vulnerability is present, however it is omitted from the security report.

Comments

Post a Comment

Popular posts from this blog

Absolute and relative path in HTML pages

HTML documents can have relative or absolute links to other web pages. Relative links keeps a visitor on the same web site. Relative links are pointers to other web pages on the same web site. They just contain this page filename. Absolute links on other hand contain full path including protocol and domain name to access the page. Absolute links can point to the same web site or they can point to a different web site.
Read more

goto PHP operator

goto operator will skip execution of code and continue execution of a code that follows a label to which goto operator points to. If code has many goto operators, than this code probably needs a revision. It is possible to write code that executes without goto operators.
Read more

Data at rest protection

There a few ways to prevent a loss or theft of data that is stored. Theft of the data can be prevented by implementing encryption of the data. Even if an intruder is able to access the data, it will not make sense. Backup solution means that a version of data is available in the backup. It is important to have proper data included in the backup, test the backups and store backup in a secure offsite location, since data in backups maybe sensitive. Backups need to be tested regularly to ensure that they work. Redundancy at hardware level means that multiple copies of data is made and it is located on more than one server. Snapshots allow a user to go back to a version of a file that was available on certain day. It is possible to implement redundancy of the data for real-time access to it. It can be done by having data stored in multiple servers (ideally locations) or disks.
Read more