■ In case of over-detection

Some items are judged based on the difference in response content when accessed multiple times and the difference in server response time.

These items may be detected excessively depending on the timing, so if they are not reproduced by "Rescan", they may be over-detected.If "Rescan" does not reproduce the problem, there is a possibility of over-detection.

The reason for detection should include "~the response body changed significantly." is listed as the reason for detection, the content is likely to be over-detected.

■When screen transitions cannot be reproduced

If the page to be detected cannot be reached during rescanning, the vulnerability may not be detected.


・The login ID and password have been changed and the user cannot log in.

・The configuration of the page has been changed: A→B→C has been increased to A→B→C'→C, etc.

In this case, it is necessary to review the scan settings and perform the scan again.