AnsweredAssumed Answered

QID: 90780 How do you prove mitigation of XSS within the Web App Scan?

Question asked by brian.kunick on Jan 24, 2013
Latest reply on Jun 7, 2013 by Bernie Weidel

"If you have tested the site via a dedicated Web Application Scan, and confirmed the site is not vulnerable to XSS, we can also accept this as a false positive based on that evidence. In this case you can submit this as a False Positive Request, with comments such as "A Web Application Scan has confirmed the site is not vulnerable to XSS", and we should also be able to approve this for PCI Compliance."

What is there to look for in the Web App Scan to meet the evidence for the request above from Qualys?