cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Should data that may contain OWASP triggers be base64 encoded?

RexBloom
Copper Contributor

‎Aug 20 2021 11:04 AM

‎Aug 20 2021 11:04 AM

Should data that may contain OWASP triggers be base64 encoded?

I have an Application Gateway with a WAF that is blocking simple passwords that contain a ^

 

What is the best-practice for allowing special characters in a password field so the WAF does not see this as a potential SQL injection attack?

 

I am considering a base64 encoding but am looking to verify this is the correct route to take.

1,929 Views
0 Likes
2 Replies
Reply
2 Replies
Surya_Singh

‎Sep 01 2021 12:32 AM - edited ‎Sep 01 2021 12:34 AM

‎Sep 01 2021 12:32 AM - edited ‎Sep 01 2021 12:34 AM

Re: Should data that may contain OWASP triggers be base64 encoded?

@RexBloom  we had same experience and we fixed it.

There are two quick option to fix it:

  1. Encrypt request body to base64,  
  2. Create an Exclusion rules

For us point #1 was the best solution.

 

2 Likes
Reply
RexBloom

‎Sep 20 2021 11:43 AM

‎Sep 20 2021 11:43 AM

Re: Should data that may contain OWASP triggers be base64 encoded?

Did you encrypt the whole body or only the password field?
0 Likes
Reply