Forum Discussion

Devlin_T_149357's avatar
Jan 13, 2018

Question on JSON Content Profiles

Hello all

 

We are testing a new application through ASM. Some POST submissions from the client send the data in JSON format. Some responses from the server to client GET requests are also in JSON format.

 

As ASM’s job is to protect the application is it correct to say that the settings in the JSON Content Profile are primarily concerned with analysing and enforcing the JSON data sent by the client rather than the response from the server? Or is it looking at both the request and response?

 

Thank you

 

  • JSON Content Profile are primarily concerned with analysing and enforcing the JSON data sent by the client. Also note that JSON parameters can be analyzed in code 13.x. In older codes, you can put controls around JSON block.

     

  • ASM examines only JSON requests , not responses.