Forum Discussion

Zafer_101134

Nimbostratus

Jan 14, 2011

asm capabilities encoded request

Hi i m doing Xss attack to the ASM with

app sec

BIG-IP Access Policy Manager (APM)

security

hooleylist

Cirrostratus

Jan 20, 2011

Hi Zafer,

ASM doesn't currently provide an option to base64 decode request components. But most web servers won't do this either so it's not a problem. If the web application does base64 decode whatever request component you're putting the base64 encoded attack string in, then you'd have a potential issue.

What kind of app are you testing?

Aaron

Recent Discussions

ports are showing open on online scanning tool
Dec 26, 2024
Pooja_Varekar208
Upgrade F5 BIGIP
Dec 26, 2024
Ollie_Alderson
DNS HM Probe issue
Dec 26, 2024
mustansirt
Is XFF a must for ASM WAF DoS
Dec 26, 2024
Emil_Tr
Switch ssl profile based on weak cipher detection via IRULE
Dec 26, 2024
aliasgar215

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

asm capabilities encoded request

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

BIG-IP Meets DoD’s Needs for Next Level Logging Capabilities

Base32 Encoder and Decoder

HTML encoding proc

BER and DER: Why Encoding and Decoding Matter

Python SDK Cookbook: Encoding URLs and Using Proxies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS