The accuracy of the scan can be improved by marking false positives in the results. Before you validate the data elements consider the following scenarios.
Correct discovery of data elements
Privado uses multiple rules and heuristics to find data elements in the code:
Variations of data elements: These are easiest to spot for validations. For example, variations of First Name in code could be firstname, first_name, firstUserName ,etc.
Related to the data element: We also check for keywords which could indicate use of a certain data element. For example, Coupon is related to data element Offer Details and would be flagged in our discovery, another example is Stripe is related to data element Payment Information and would be flagged in our discovery.
Values of data elements: We also check for possible values of data element to find them in code. For example, Bank Account Details will have HSBCBank as a possible value to check or Gender will have Male/Female as possible value to check.
While checking the validation you should see if Privado predicted the correct expected data element based on any of the above rule type. Some examples of correct data element discovery are:
Incorrect discovery or false positives of data elements
In some cases, we might discover data elements that are false positive. We allow you to flag them as incorrect which further improves our discovery in future scans. Some examples of incorrect data elements:
Steps to validate a data element:
Click on occurrences, the code snippet will open. You will be prompted with the question, "Is this correct?"
If you select No, Privado will treat the result as False Positive.
If you select Yes, Privado will validate the data element.
Both responses will improve our scans in the future.
If you mark a data element as incorrect, Privado will remove the code snippet from the analysis. Privado will use the next occurrence of the data element to determine the confidence and update it in our results.