Categories
- All Categories
- Oracle Analytics and AI Learning Hub
- 44 Oracle Analytics and AI Sharing Center
- 20 Oracle Analytics and AI Lounge
- 278 Oracle Analytics and AI News
- 56 Oracle Analytics and AI Videos
- 16.2K Oracle Analytics and AI Forums
- 6.4K Oracle Analytics and AI Labs
- Oracle Analytics and AI User Groups
- 103 Oracle Analytics and AI Trainings
- 20 Oracle Analytics and AI Challenge
- Find Partners
- For Partners
OWASP Standards compatibility for OAS and Siebel application
Organization Name (Required - If you are an Oracle Partner, please provide the organization you are logging the idea on behalf of): Reckitt
Description (Required): OAS and Siebel application in Reckitt is being access through the Azure Application Gateway. We are using WAF on Application Gateway based on core rule Sets from OWASP. When we try to access the OAS and Siebel application through Application gateway in Prevention Mode, some of the URI is getting blocked since it is violating the OWASP Standards, so we have to access the application through Detection mode which is a security risk since it cant prevent the SQL injections or any vulnerabilities in the request.
Use Case and Business Need (Required): We need to make the OAS and Siebel application to follow all the OWASP Standards. Below are the URI requests which are getting blocked by the Azure WAF OWASP
1. tx.restricted_extensions - CRS rule- 920440
Solution - edit the .dll type of extensions from OAS application URL 'https://acceleratesso.reckitt.cloud/analytics/saw.dll' used for Siebel - OAS Integration
2. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI - CRS rule - 920220
Solution - edit the non-hexa values from app URI path
3. Multiple URL Encoding Detected - CRS rule 920230
Solution - edit "%u" symbol from arguments of http headers
Enhancement Request / Service Request: SR 3-29402404611