Handling false positives
As with any automated scanning tool, Burp Suite Enterprise Edition might occasionally highlight issues that you decide are false positives. This could be because you decide after manual testing that the issue is not really present, or it could be that you are aware of the issue but want to keep this behavior despite the potential vulnerabilities that are associated with it.
You can mark it as a false positive by either clicking the "Mark as false positive" button from the issue details page, or by hovering over an issue in the list of scan results and clicking the "FP" icon that appears on the right of the page.
Issues marked as false positives will be labeled as such in the list of issues and "grayed out". They will also be removed from the statistics and metrics displayed in the dashboards.
When you mark an issue as a false positive, you will be prompted to decide whether you want to mark other similar issues as false positives too. You can choose from the following options:
- This issue: marks only the selected instance of the issue as a false positive.
- This issue and all existing issues with the same type for the site: automatically marks all issues of the same type as false positives across the whole site.
This issue and all existing issues with the same type and URL for the site: automatically marks issues of the same type as false positives but only if the URL is an exact match. For example, if you selected the issue found at
http://example.comand marked it as a false positive, even if the same issue was found at
https://example.com, it would not be automatically treated as a false positive if you select this option.
- All issues of this type in the current scan only: marks all issues of this type as false positives but only for the current scan.
Note that the option you select here only applies to issues that have already been found by scans. Issues found by future scans will be unaffected by these changes. Instead, they will be marked as false positives based on the global setting defined by the administrator user.