Have an aggravating problem here and any help would be great. Basically one of our clients beefed up their security and implemented OWASP. Now, some of our existing site functionality is returning a security violation. I narrowed down one of the major issues to the RadTab. Once a page containing a RadTabStrip strip posts back, the OWASP returns a security violation. Unfortunately, we don't have access to the logs and the client has given us a few snippets but they seem to be SQL Injection related and also pattern matching on the view state.
I then created a blank page with one RadTabStrip with 4 RadTab/RadPageViews, each containing a letter of the alphabet and one button that would post back. Upon clicking the button, the security violation threw. So I am about 99.99% positive it is returning a false-positive with something the RadTab is posting back. I then modified one of our existing pages to implement JQuery tabs instead of the RadTabs. This worked successfully, but the problem is this would be a somewhat lengthy overhaul and was hoping someone out there might have an idea for me. Now please note that the client refuses to make any exceptions in the OWASP security. Frustrating, but this is what I have to deal with.
I then created a blank page with one RadTabStrip with 4 RadTab/RadPageViews, each containing a letter of the alphabet and one button that would post back. Upon clicking the button, the security violation threw. So I am about 99.99% positive it is returning a false-positive with something the RadTab is posting back. I then modified one of our existing pages to implement JQuery tabs instead of the RadTabs. This worked successfully, but the problem is this would be a somewhat lengthy overhaul and was hoping someone out there might have an idea for me. Now please note that the client refuses to make any exceptions in the OWASP security. Frustrating, but this is what I have to deal with.