we are trying to protect Web Services. We implemented Content Profile protection.
When testing, we generate an attack inside a value of a Web service query, for example:
valor ' or 1=1--
As is supposed, it generates an attack detection.
The problem is that the detection of this attack is done at URL (request) level, and not to a parameter or tag level. I am referring to a xml parameter or tag inside xml content,
If we need to make an exception for this attack, we have to disable the signature globally (for the entire profile).
So, it is possible to do expections at parameter or tag level using Content profiles?
Thanks and best regards