I recently had this question from a few students in our training sessions :
- They want to create an Option Profile to be able to exclude a few QID's from a WAS v2 Scan.
We can use the search-list feature to create a "Limit scan to these QID's" but we cant do the reverse like "Don't scan for these QID's".
They have encountered many XSS attacks and they were all false positives and support did confirm them as FP's but the report looks bad and there is no way to disable a QID in WAS v2 nor can they just select no to report against those FP's.
What is the suggested approach.