Application exclusions (Northstar)
Exclusions are used to suppress events. You might want to suppress events if you are using an external security control outside of the scope of Contrast's agent instrumentation. For example:
As an administrator, you need to change the HTML that shows up on your web page, even though this qualifies as a cross-site scripting (XSS) vulnerability. In this case, you can create an exclusion that prevents these changes from being reported.
You use an edge device to place the correct headers on outbound HTTP responses to stop clickjacking attacks. However, the issue might be appropriately reported because the application never provided the required protection.
When you test beta rules, you can use exclusions to suppress false positives.
If you are using Java, Node.js, .NET, Python, Go, or Ruby agents, you can add an application exclusion from an application's details panel in Explorer.
To view a list of existing exclusions, from the left navigation, select Explorer and select an application. From the details panel, select Exclusion rules.
To add application exclusions for a specific application, select an application in Explorer and, in the details panel, select Exclusion rules, and select Add exclusion.