Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Why am I seeing duplicate findings of the same vulnerability?

Last Updated: Oct 12, 2018 10:56AM CEST

We use heuristics during filtering, which means that we try to automatically detect when two pages are the same or use the same backend code. The point of this is to avoid redundant crawling of pages or products that share the same code.

For example, this often occurs on an e-commerce site where the code showing product information is most likely the same regardless of the product. The difference lies in the content, for example, text and pictures. If there is an XSS-vulnerability on the product page, it is enough to warn about it on one product page instead of creating a new XSS-finding for every product there is, if we identify it to be the same code.

However, sometimes this fails. To ensure we do not remove any pages erroneously, the scanner will decide to treat a page as unique if it cannot say for certain that it is a duplicate of an already scanned page. When this happens, the scanner might create two, or for large sites many more, findings of seemingly the same vulnerability because the scanner has determined they are two different pages.

Use Paths to reduce duplicates:

You can use Paths feature if you would like to reduce duplicate finding by avoiding testing all pages using the same backend code. This feature can be found under your Scan settings. Learn more about Paths in this article on how to allow and disallow paths.

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete