In ASM, does XPath injection attack signature include XML External Entity attack? https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing.
It is challenging because the attack signatures hyperlink popups a list of attack signatures, but there is no way to find out what exactly is included for each attack. How do we know if ASM is protecting or not?
ASM already covers the use of XML External Entities using signature 200018030.
You can test to be sure that ASM is protecting.
I tested the signature and it is NOT triggered! Any ideas?
Thanks and regards
To add to what Tikka suggested, we have Signature ID 200018030 as well as Signature ID 200018018 that should provide protection against the XML External Entity injection attack vector.