ENTERPRISE

Handling false positives

• Last updated: March 8, 2023

• Read time: 2 Minutes

This section explains how to mark issues discovered by Burp Suite Enterprise Edition as false positives. You may want to do this if manual testing shows that an issue is not really present, or if you are aware of the issue but do not want to rectify it.

Mark an issue as a false positive

To mark an issue as a false positive:

1. From the top menu, select Scans.
2. Select the scan you want to view.
3. Select the Issues tab.
4. Expand the issue and select the URL from the list.
5. In the Actions column, click FP.

6. In the pop-up window, select a reason:

   • This issue: Mark only this instance of the issue as a false positive.
   • This issue and all existing issues with the same type for the site: Mark all issues of the same type as false positives across the whole site.
   • This issue and all existing issues with the same type and URL for the site: Mark issues of the same type and URL as false positives.
   • All issues of this type in the current scan only: Mark all issues of this type as false positives but only for the current scan.
7. Click Mark as false positive.

In the Issues window, the selected issues are now moved to the bottom of the list, labeled False positive, and grayed out. They are also removed from the statistics and charts displayed in the dashboards.