So Attack Signatures are the negative security that is built into ASM, the big power of ASM is in the policy design. So how much protection you will receive is based upon how well the rest of your policy is designed. Are you doing input validation of the parameters and restricting what type of input and/or meta-characters are allowed to be used within the parameter. If so then you should still have a good deal of protection because you are only allowing what is necessary. You are obviously losing some protection because if there is a known attack pattern that can be passed using characters or other input you have to allow for the application then yes it would get through. However using solid input validation both at the ASM and with in the application should give most of the protection you need.