Veracode (http://www.veracode.com/) has certain parameter encoding libraries that it trusts. Others are labeled as flaws. If I'm satisfied with another method of parameter encoding that is meant to stop XSS, can I tell Veracode to stop listing uses of it as a flaw? If so, how?
Asked
Active
Viewed 500 times
1 Answers
1
You can group all these instances and mark them as false positives. I would think Veracode provides an option to write a custom rule, so it ignores these instances when they occur.
Steven Volckaert
- 1,193
- 8
- 15
hindiuniversity
- 99
- 1
- 5