Finding a different number of vulns is normal, because it depends on many factors, among which the load of the target machine in the moment of scan, which can trigger more or fewer timeouts.
The scan with less false positives may be more useful because the percent of real vulns is higher. It should be cleaned from the false positive vulns. It's a good idea reconfiguring the web server to avoid replying 200 OK to every request, at least while the scan is running.
Comments
0 comments
Please sign in to leave a comment.