Hi Nathan,
I do usally test my ASM functionality with the "Nimda Worm" signature (aka. a IIS specific Escaped Character Decoding Command Execution Vulnerability).
the Test-URI is rather handy and simple:
http://www.example.com/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
Note: The string "/..%255c../" is the actual attack signature and would double decode on the serverside to "%5c" in the first round (security validated by IIS) and on the second round to "\" (not security validated by IIS).
And the ASM response blocking functionality can be testet with an Error Page sending an unknown [HTTP::status] of lets say 666.
Cheers, Kai