NimbostratusHello Experts
I enabled the ASM for MDM airwatch. In learning suggestion, I am getting weird parameters and they are almost 2000 parameters. I am not sure how to handle this. Either accept or make one generic parameter. Attached is snapshot.
EmployeeThat is interesting. Try to narrow down the problem. If you use a different browser, do the parameters still display that way? Are you sure that the language encoding for the application security policy matches the web application you are trying to protect?
EmployeeFull disclosure: I am not familiar with Airwatch. But I also noticed that you don't have the usual parameter name/value pairs that are easier for a human to interpret. Are these XML tags of some sort? If so, you will need an XML profile to parse that content.
EmployeeYou will have to start by building a new security policy using the XML option in the Deployment Wizard. Before you start, you need to find out if XML rules are specified either in a WSDL file or other XML schema doc. Read this first:
EmployeeYou should be able to create an XML content profile. When you create it (Application Security:Content Profiles:XML profiles) you will see options in the GUI for choosing and uploading supporting schema files (if they are used.) You should also see tabs for XML specific attack signatures, meta characters, and sensitive data configuration.
The XML profile can be applied to URLs or parameters. If you know the names of XML data-based parameters, you can change their parameter value type (from the properties screen for the parameter) to "XML data". ASM will then prompt you to either assign the XML profile, if it exists, or create a new one. Since you're in blocking mode, go ahead and stage any parameters that are part of this new arrangement to avoid false positives.