Forum Discussion

2 Replies

  • Hi Zafer,



    ASM doesn't currently provide an option to base64 decode request components. But most web servers won't do this either so it's not a problem. If the web application does base64 decode whatever request component you're putting the base64 encoded attack string in, then you'd have a potential issue.



    What kind of app are you testing?



  • Hi hoolio



    the customer use apache tomcat.


    We tested several attack methods to the ASM and i can't find how to block encoded request based on hex and base64