Reduce False Positives Through Data Flow Analysis

Presented by

Jacob Martel, CA Veracode Solutions Architect

About this talk

Why are false positives a costly headache for enterprises when testing for security flaws? The short answer is that they cause development teams to spend time - expensive time that they cannot afford to waste- trying to sort out which flaws they need to fix. False positives may create the image of a security flaw within an automated testing solution, but in actuality, it may not be. Therefore, the time spent trying to sort out the real flaws affects overall developer productivity – and more importantly your time to market. Watch this 20-minute webinar to learn how you can reduce false positives within your application security testing environment. Learn how the following considerations must be analyzed and assessed in order to save your development team’s time and productivity: •Flaws that have already been mitigated by the application design or the operating environment •Applications that already utilize custom validation routines, intrusion detection processes or restricted file access that mitigate the risk of a flaw •Initial findings through automated tests that incorrectly default to flaw status
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (395)
Subscribers (31074)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at