Deon
Apr 29, 2011Nimbostratus
ASM - False Positive Multiple Decoding Evasion Technique
I am fairly new to ASM and we have just put in place our first ASM policy. I am seeing false positives show up in reporting and customers are reporting the blocking page. The most common issue appears to be that the user has entered a percent symbol as part of an input parameter. In most cases it is the password entry parameter. The percent symbol is encoded as %25 by the browser. ASM decodes the %25 and then it notices the percent still there so it then thinks the user has encoded the value twice. In this case it is not that it has been encoded twice but the parameter value actually has a percent symbol in it. What is the workaround in ASM to allow for parameter values to contain a percent symbol?
Thanks
-Deon