← HeatShield Docs

False Positives vs. False Negatives

Information about security tools often refers to false positives and false negatives. Knowing these terms is not essential to using a Web Application Firewall (WAF), but understanding them can be helpful when you're reading about WAFs or other security tools.

Every security tool has false positives and false negatives. If it was possible to be 100% certain in all cases, security would be a completely solved problem. In cases where you're presented with statistics on false positives and false negatives, it is very helpful to understand the base rate fallacy.

False Positives: Safe Requests Incorrectly Identified as Malicious

If a security tool incorrectly identifies something as malicious when it is actually safe, this is called a false positive. The term "positive" refers to the fact that the purpose of the tool is to positively identify things that are malicious as malicious. Declaring something malicious that is actually safe is therefore considered a false positive.

For a Web Application Firewall, a false positive means blocking a request that is safe because the request appeared malicious.

False Negatives: Malicious Requests Incorrectly Identified as Safe

If a security tool incorrectly identifies something as safe when it is actually malicious, this is called a false negative. The term "negative" refers to the fact that the tool was looking for something malicious and decided what it looked at was not malicious. Declaring something safe that is actually malicious is therefore considered a false negative.

For a Web Application Firewall, a false negative means allowing a request that is malicious because the request appeared safe.

True Positives and True Negatives

Though less commonly discussed, the terms true positive and true negative are also used in classification systems such as security tools. These terms mean exactly what you'd expect for security tools: a true positive means correctly identifying something as malicious whereas a true negative means correctly identifying something as safe.

Advanced security for your WordPress sites