Separating False Positives from Legitimate Violations

Imagine you make yourself a cup of tea and now want to extract the tannins and caffeine from the homogeneous mixture. How do you do it? Similarly, when building and protecting applications, you brew ...

Published Dec 06, 2019

Version 1.0

ASM Advanced WAF

Ret. Employee

Joined June 08, 2019

Ret. Employee

Joined June 08, 2019

Icon for Altostratus rank

Altostratus

Jan 03, 2020

Nice one Isaac! I had to do this exact task last month for one of my customers. We moved through a few iterations of the WAF policy and narrowed down the list of false positives with each iteration as we "strengthened" the solvent. It took about a week but they we very pleased in the end and were able to rollout their application globally.