You can improve the accuracy of the scan results by marking false positives in the results. Before you validate the data elements consider the following cases.
Correct discovery of data elements
We use multiple rules and heuristics to find data elements in the code:
- Variations of data elements: These are easiest to spot for validations. For example, variations of First Name in code could be firstname, first_name, firstUserName ,etc.
- Related to the data element: We also check for keywords which could indicate use of a certain data element. For example, Coupon is related to data element Offer Details and would be flagged in our discovery, another example is Stripe is related to data element Payment Information and would be flagged in our discovery.
- Values of data elements: We also check for possible values of data element to find them in code. For example, Bank Account Details will have HSBCBank as a possible value to check or Gender will have Male/Female as possible value to check.
While checking the validation you should see if we predicted the right data element based on any of the above rule type. Some examples of correct data element discovery:
Incorrect discovery of data elements
In some cases, we might discover data elements that are false positive. We allow you to flag them as incorrect which further improves our discovery in future scans. Some examples of incorrect data elements:
Steps to validate a data element:
Click on occurrences, the code snippet will open. You will see the question, Is this correct? If you mark it No, we treat the result as False Positive. If you mark it Yes, we validate the data element. Both responses will improve our scans in the future.
If you mark a data element as incorrect, we will remove that code snippet from the analysis. We will use the next occurrence of the data element to determine the confidence and show it in our results.