THE_BLUE
Feb 13, 2021Cirrostratus
unblock illegal parameters
what is the best practice for ASM policy? If I have unchecked "illegal parameter" from policy, is this risky? or we can mitigate this by doing sth.
It depends on what you are trying to achieve... Could you provide a little bit more information about what issue you trying to solve by disabling this violation?
I have dynamic parameters, so each time asm block the parameter. That's why I'm asking if i have unchecked this violation is it risky ?
note that all parameter value with meta characters will be blocked.
so how illegal parameters affect website security?
There is no 100% correct answer is it risky or not - it depends on application.
If you know all parameters, which are allowed in your app, then defining such list and forbid all other parameter will be a good protection.
The more strict configuration you define, the better protection you will get.
As I see, there are several ways how you can avoid block by "Illegal parameter" violation without disabling it:
Thanks, Ivan