Burp Suite User Forum

Severity / Confidence Labeling - add option of CONFIRMED

Casey | Last updated: Dec 31, 2018 06:12PM UTC

When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've provided an option to flag something as a "False Positive", it would be really helpful to be able to flag/mark issues as confirmed as well. While the scanner sets severity and confidence on its own - it is quite common (and expected) for these to be inaccurate. By adding this option, it gives the end-user a way to flag issues in a manor the automated scan engine doesn't. This provides immediate visual feedback as to what issues have been confirmed, proven false, or still need to be researched or addressed. Thanks for the consideration! Keep up the awesome work! -Casey

Liam, PortSwigger Agent | Last updated: Jan 02, 2019 08:57AM UTC

Thanks for your request Casey. We've add this to our development backlog. Unfortunately, we can't provide an ETA.

Burp User | Last updated: Feb 19, 2019 04:43PM UTC

+1, this would be amazing:) I often report vulnerabilities, but it's hard to keep track about which are already reported, and which not - especially during ongoing scan; and marking them "false positives" is not very good.

Hannah, PortSwigger Agent | Last updated: Feb 19, 2019 04:54PM UTC

If you right-click on an issue, there is an option in the context menu to change the confidence and severity of the issue, as well as the ability to mark it as a false positive.

Burp User | Last updated: May 13, 2019 02:55PM UTC

+1 for me as well.

Burp User | Last updated: Dec 23, 2019 09:47AM UTC

I want to be able to change the issue severity and confidence but currently I don't see any such feature. Any updates on this?

You need to Log in to post a reply. Or register here, for free.