Non-vulnerables

During a scan, AppScan® sends many thousands of test variants to the site it is testing. The responses to many of these indicate that they do not pose a security threat of any kind, and by default AppScan® discards all these "non-vulnerable" results.

  • Non-vulnerables are not displayed by default. You can configure AppScan® to save all non-vulnerables and dipslay them if required by enabling the Save non-vulnerables information checkbox from the Test options.
  • Once enabled, after the scan completes, the Non-vulnerables list is displayed on the Navigation bar.
  • Tests originally identified as non-vulnerable but later marked as vulnerable can only be reverted to non-vulnerables.