Advanced Scan Configuration

There are several ways to create or edit a Scan Configuration.

Edit the options in the AppSpider user interface.
Edit the options under Advanced options in the user interface.
Download and edit the Scan Configuration XML file.

In this article we will go over accessing the advanced options within AppSpider and using the Scan configuration file.

Advanced options settings

The panel allows you to configure the advanced options. You may sort the settings by name, value, or description.

This panel contains the same information located in the Scan configuration XML file.

Scan configuration XML file

You can edit an existing scan configuration file or provide a new custom file.

File structure

The Scan Configuration file is an XML file and has a hierarchical structure. The top-level data structure in the file is ScanConfig. Everything else in the file resides below ScanConfig in the hierarchy.

There are 3 types of elements in the Scan configuration file:

Scalar - Options that have a single value. For example, ScanName.
Composite Object - An object that can contain other heterogeneous elements such as Scalars, Composite Objects and Lists. For example, the top-level object in the Scan Configuration file, the ScanConfig object is a Composite Object.
List - Options that can have a list of values. Lists cannot contain other Lists directly.

Scalar types

Scalar values in the Scan configuration file can be of 1 of the following types:

String - A String type.
LargeString - A String type optimized for large strings
UniqueString - A string type optimized for string that most likely be repeated multiple times.
LargeUniqueString - A string type optimized for large strings that a likely to be repeated multiple times.
LargeCompressedString - A string type that store strings in compressed form.
ByteNumber - A one-byte number
WordNumber - A two-byte number
Number - A four-byte number
LargeNumber - An eight-byte number
Enumeration - A data type consisted on named predefined values.
Float - A four-byte floating point number
Double - An eight-byte floating point number
Boolean - A boolean type. Boolean is not an enumerated type; it is stored as a Number with values either 0 or 1.
- 1 = TRUE
- 0 = FALSE
Date - Store Date data. It is stored in the format YYYY-MM-DD HH:MM:SS
Duration - Store time duration data. It is stored in the format [DD Day[s]] HH:MM::SS, where DD is the number of days, and square brackets show optional elements.

Enumerated types

Many Scalar elements in the Scan configuration file have Enumeration types. Enumeration type is stored as an integer but allows a user to reference integer values by their symbolic name. An enumerated type value can be set using either its numeric or symbolic form. For example, the following 2 lines from Scan configuration file are equivalent because 'High' is enumerated value defines as '4'.


xml
1
      <Severity>High</Severity>
2
      <Severity>4</Severity>

Bitmasks

Some Enumerated Types can be BitMasks, where the value of an element is defined by several bits. Enumerated values of BitMasks are defined so they do not have same bit set and can be used in a bitwise-OR operation to produce the final value. Multiple bits that are set in the bitmask are separated with character '|' for example:


xml
1
<AttackPoints>Directory|File|Parameter</AttackPoints>

For Enumerated Types, the values of the Bitmasks can be set using either numeric or symbolic form. The following 2 lines below are equivalent because value Parameter is defined as 16.


xml
1
  <AttackPoints>Directory|File|Parameter</AttackPoints>
2
  <AttackPoints>Directory|File|16</AttackPoints>

Default values

When a new Scan configuration file is created all Scalar Elements are assigned their default values. Default values are configured so that they produce best results for majority of web sites. Even if an element is not present in the Scan configuration file AppSpider will use the default value of the element.

Scan configuration schema changes

AppSpider development is an ongoing process. Developers frequently come across new types of web sites that require some special treatment and require new ways of configuring a scan execution. As a result, the number of parameters in the Scan configuration increases with every major release of AppSpider. To avoid any problems with Scan Configuration files created by the previous versions of AppSpider or by user's programs only new elements are added to the scan configuration files and all existing elements and their meaning are preserved.

XML file example

When you create or export a ScanConfig file it generated a file with the objects and fields.

To get more information on what is in each object see Scan Configuration Parameters.

XML File example


xml
1
<?xml version="1.0"?>
2
<ScanConfig>
3
  <Name>webscantest</Name>
4
  <AppVersion>7.0</AppVersion>
5
  <Log>1</Log>
6
  <DetailedLogging>0</DetailedLogging>
7
  <IncludeTraffic>0</IncludeTraffic>
8
  <WindowsErrors>0</WindowsErrors>
9
  <UseSystemDsn>0</UseSystemDsn>
10
  <Recrawl>0</Recrawl>
11
  <PauseOnRecoverableError>1</PauseOnRecoverableError>
12
  <ExecuteCommandLineURL></ExecuteCommandLineURL>
13
  <NotifyScanDoneURL></NotifyScanDoneURL>
14
  <JavaScriptEngine>Chrome</JavaScriptEngine>
15
  <MaxDatabaseSize>1073741824</MaxDatabaseSize>
16
  <MaxTrafficFiles>0</MaxTrafficFiles>
17
  <CrawlConfig>
18
    <MaxDomain>100</MaxDomain>
19
    <MaxCrawlResults>5000</MaxCrawlResults>
20
    <MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
21
    <MaxPerDirCrawlResults>500</MaxPerDirCrawlResults>
22
    <MaxPerLinkCrawlResults>50</MaxPerLinkCrawlResults>
23
    <MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
24
    <MaxPerDirChildNodes>300</MaxPerDirChildNodes>
25
    <MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
26
    <MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
27
    <MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
28
    <MaxPerQueryCrawlResults>400</MaxPerQueryCrawlResults>
29
    <RecursionDepth>2</RecursionDepth>
30
    <MaxDirDepth>15</MaxDirDepth>
31
    <DiscoveryDepth>-1</DiscoveryDepth>
32
    <UrlRepetitionTolerance>25</UrlRepetitionTolerance>
33
    <SequenceRepetitionTolerance>5</SequenceRepetitionTolerance>
34
    <MaxReportedImages>500</MaxReportedImages>
35
    <MaxReportedLinks>2500</MaxReportedLinks>
36
    <MaxReportedComments>500</MaxReportedComments>
37
    <MaxReportedScripts>500</MaxReportedScripts>
38
    <MaxReportedEmails>500</MaxReportedEmails>
39
    <MaxReportedForms>500</MaxReportedForms>
40
    <MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
41
    <MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
42
    <MaxBrowserDOMDepth>4</MaxBrowserDOMDepth>
43
    <MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
44
    <MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
45
    <MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
46
    <MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
47
    <NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
48
    <MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
49
    <MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>
50
    <MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>
51
    <CrawlPrioritization>Smart</CrawlPrioritization>
52
    <FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
53
    <ServerErrorRegex></ServerErrorRegex>
54
    <InvalidURLRegexAttack><![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]></InvalidURLRegexAttack>
55
    <InvalidURLRegexCrawl><![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]></InvalidURLRegexCrawl>
56
    <PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>
57
    <LockCookies>0</LockCookies>
58
    <CaseSensitivity>Case Sensitive</CaseSensitivity>
59
    <UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
60
    <SaveReferences>0</SaveReferences>
61
    <UseBrowser>1</UseBrowser>
62
    <ShowBrowser>0</ShowBrowser>
63
    <StayOnPort>0</StayOnPort>
64
    <RestrictToMacro>0</RestrictToMacro>
65
    <RestrictToManualCrawling>0</RestrictToManualCrawling>
66
    <RestrictToSeedList>0</RestrictToSeedList>
67
    <RestrictToWebService>0</RestrictToWebService>
68
    <RestrictToSelenium>0</RestrictToSelenium>
69
    <RestrictToSwagger>0</RestrictToSwagger>
70
    <ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
71
    <PageEqualThreshhold>0.95</PageEqualThreshhold>
72
    <PageSimilarThreshhold>0.8</PageSimilarThreshhold>
73
    <ExperimentalCrawling>Disabled</ExperimentalCrawling>
74
    <Flash>1</Flash>
75
    <EnableAdvancedParsers>1</EnableAdvancedParsers>
76
    <SearchForUrls>1</SearchForUrls>
77
    <CookieCommaSeparator>1</CookieCommaSeparator>
78
    <MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
79
    <BlacklistContactForms>0</BlacklistContactForms>
80
    <FrameworksCrawlConfig>
81
      <EnableFrameworksCrawling>1</EnableFrameworksCrawling>
82
      <FrameworkConfigList>
83
        <FrameworkConfig>
84
          <Name>ReactJS</Name>
85
          <DefaultConfigVersion>2</DefaultConfigVersion>
86
          <Enabled>1</Enabled>
87
          <HEAD>1</HEAD>
88
          <DetectionRegex>createReactRootIndex</DetectionRegex>
89
          <HealthcheckString>react</HealthcheckString>
90
          <FileName>fm.react.min.js</FileName>
91
          <GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>
92
          <GetAllEventsDelay>0</GetAllEventsDelay>
93
          <GetVersionStringScript></GetVersionStringScript>
94
        </FrameworkConfig>
95
        <FrameworkConfig>
96
          <Name>AngularJS</Name>
97
          <DefaultConfigVersion>1</DefaultConfigVersion>
98
          <Enabled>1</Enabled>
99
          <HEAD>0</HEAD>
100
          <DetectionRegex>ng-controller</DetectionRegex>
101
          <HealthcheckString>angular</HealthcheckString>
102
          <FileName>angular-hook-bundle.min.js</FileName>
103
          <GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>
104
          <GetAllEventsDelay>0</GetAllEventsDelay>
105
          <GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>
106
        </FrameworkConfig>
107
        <FrameworkConfig>
108
          <Name>KnockoutJS</Name>
109
          <DefaultConfigVersion>1</DefaultConfigVersion>
110
          <Enabled>1</Enabled>
111
          <HEAD>0</HEAD>
112
          <DetectionRegex>data-bind</DetectionRegex>
113
          <HealthcheckString>ko</HealthcheckString>
114
          <FileName>ko-hook-bundle.min.js</FileName>
115
          <GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>
116
          <GetAllEventsDelay>5000</GetAllEventsDelay>
117
          <GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>
118
        </FrameworkConfig>
119
        <FrameworkConfig>
120
          <Name>AngularLib</Name>
121
          <DefaultConfigVersion>2</DefaultConfigVersion>
122
          <Enabled>1</Enabled>
123
          <HEAD>0</HEAD>
124
          <DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>
125
          <HealthcheckString></HealthcheckString>
126
          <FileName>angular-4-hook-bundle.min.js</FileName>
127
          <GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>
128
          <GetAllEventsDelay>5000</GetAllEventsDelay>
129
          <GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>
130
        </FrameworkConfig>
131
        <FrameworkConfig>
132
          <Name>ReactLib</Name>
133
          <DefaultConfigVersion>1</DefaultConfigVersion>
134
          <Enabled>1</Enabled>
135
          <HEAD>0</HEAD>
136
          <DetectionRegex>react-text</DetectionRegex>
137
          <HealthcheckString></HealthcheckString>
138
          <FileName>react-hook-bundle.min.js</FileName>
139
          <GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>
140
          <GetAllEventsDelay>5000</GetAllEventsDelay>
141
          <GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
142
        </FrameworkConfig>
143
        <FrameworkConfig>
144
          <Name>ReactTwo</Name>
145
          <DefaultConfigVersion>1</DefaultConfigVersion>
146
          <Enabled>1</Enabled>
147
          <HEAD>0</HEAD>
148
          <DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>
149
          <HealthcheckString></HealthcheckString>
150
          <FileName>react-hook-bundle.min.js</FileName>
151
          <GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>
152
          <GetAllEventsDelay>5000</GetAllEventsDelay>
153
          <GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
154
        </FrameworkConfig>
155
        <FrameworkConfig>
156
          <Name>OpenUI5</Name>
157
          <DefaultConfigVersion>1</DefaultConfigVersion>
158
          <Enabled>1</Enabled>
159
          <HEAD>0</HEAD>
160
          <DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>
161
          <HealthcheckString></HealthcheckString>
162
          <FileName>sap-open-ui5-hook-bundle.min.js</FileName>
163
          <GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>
164
          <GetAllEventsDelay>5000</GetAllEventsDelay>
165
          <GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>
166
        </FrameworkConfig>
167
        <FrameworkConfig>
168
          <Name>Vue</Name>
169
          <DefaultConfigVersion>1</DefaultConfigVersion>
170
          <Enabled>1</Enabled>
171
          <HEAD>0</HEAD>
172
          <DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>
173
          <HealthcheckString></HealthcheckString>
174
          <FileName>vue-hook-bundle.min.js</FileName>
175
          <GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>
176
          <GetAllEventsDelay>5000</GetAllEventsDelay>
177
          <GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>
178
        </FrameworkConfig>
179
        <FrameworkConfig>
180
          <Name>Ember</Name>
181
          <DefaultConfigVersion>1</DefaultConfigVersion>
182
          <Enabled>1</Enabled>
183
          <HEAD>0</HEAD>
184
          <DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>
185
          <HealthcheckString></HealthcheckString>
186
          <FileName>ember-hook-bundle.min.js</FileName>
187
          <GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>
188
          <GetAllEventsDelay>5000</GetAllEventsDelay>
189
          <GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>
190
        </FrameworkConfig>
191
        <FrameworkConfig>
192
          <Name>Backbone</Name>
193
          <DefaultConfigVersion>1</DefaultConfigVersion>
194
          <Enabled>1</Enabled>
195
          <HEAD>0</HEAD>
196
          <DetectionRegex>(?-i)Backbone</DetectionRegex>
197
          <HealthcheckString></HealthcheckString>
198
          <FileName>backbone-hook-bundle.min.js</FileName>
199
          <GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>
200
          <GetAllEventsDelay>5000</GetAllEventsDelay>
201
          <GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>
202
        </FrameworkConfig>
203
      </FrameworkConfigList>
204
    </FrameworksCrawlConfig>
205
    <SeedUrlList>
206
      <SeedUrl>
207
        <Value>http://www.webscantest.com/</Value>
208
      </SeedUrl>
209
    </SeedUrlList>
210
    <ScopeConstraintList>
211
      <ScopeConstraint>
212
        <URL>http://www.webscantest.com/*</URL>
213
        <Method>All</Method>
214
        <MatchCriteria>Wildcard</MatchCriteria>
215
        <Exclusion>Include</Exclusion>
216
      </ScopeConstraint>
217
      <ScopeConstraint>
218
        <URL>http://*.www.webscantest.com/*</URL>
219
        <Method>All</Method>
220
        <MatchCriteria>Wildcard</MatchCriteria>
221
        <Exclusion>Include</Exclusion>
222
      </ScopeConstraint>
223
    </ScopeConstraintList>
224
    <BlackListExtensionList>
225
      <BlackListExtension>
226
        <Value>css</Value>
227
      </BlackListExtension>
228
      <BlackListExtension>
229
        <Value>axd</Value>
230
      </BlackListExtension>
231
    </BlackListExtensionList>
232
    <GrayListExtensionList>
233
      <GrayListExtension>
234
        <Value>pdf</Value>
235
      </GrayListExtension>
236
      <GrayListExtension>
237
        <Value>doc</Value>
238
      </GrayListExtension>
239
      <GrayListExtension>
240
        <Value>jpg</Value>
241
      </GrayListExtension>
242
      <GrayListExtension>
243
        <Value>jpeg</Value>
244
      </GrayListExtension>
245
      <GrayListExtension>
246
        <Value>gif</Value>
247
      </GrayListExtension>
248
      <GrayListExtension>
249
        <Value>png</Value>
250
      </GrayListExtension>
251
      <GrayListExtension>
252
        <Value>bmp</Value>
253
      </GrayListExtension>
254
      <GrayListExtension>
255
        <Value>ico</Value>
256
      </GrayListExtension>
257
      <GrayListExtension>
258
        <Value>js</Value>
259
      </GrayListExtension>
260
      <GrayListExtension>
261
        <Value>tiff</Value>
262
      </GrayListExtension>
263
      <GrayListExtension>
264
        <Value>eot</Value>
265
      </GrayListExtension>
266
      <GrayListExtension>
267
        <Value>ttf</Value>
268
      </GrayListExtension>
269
      <GrayListExtension>
270
        <Value>mid</Value>
271
      </GrayListExtension>
272
      <GrayListExtension>
273
        <Value>midi</Value>
274
      </GrayListExtension>
275
      <GrayListExtension>
276
        <Value>mp3</Value>
277
      </GrayListExtension>
278
      <GrayListExtension>
279
        <Value>mpeg</Value>
280
      </GrayListExtension>
281
      <GrayListExtension>
282
        <Value>wav</Value>
283
      </GrayListExtension>
284
      <GrayListExtension>
285
        <Value>avi</Value>
286
      </GrayListExtension>
287
      <GrayListExtension>
288
        <Value>woff</Value>
289
      </GrayListExtension>
290
      <GrayListExtension>
291
        <Value>svg</Value>
292
      </GrayListExtension>
293
    </GrayListExtensionList>
294
    <BinaryExtensionList>
295
      <BinaryExtension>
296
        <Value>fla</Value>
297
      </BinaryExtension>
298
      <BinaryExtension>
299
        <Value>swf</Value>
300
      </BinaryExtension>
301
      <BinaryExtension>
302
        <Value>pdf</Value>
303
      </BinaryExtension>
304
      <BinaryExtension>
305
        <Value>doc</Value>
306
      </BinaryExtension>
307
      <BinaryExtension>
308
        <Value>jpg</Value>
309
      </BinaryExtension>
310
      <BinaryExtension>
311
        <Value>jpeg</Value>
312
      </BinaryExtension>
313
      <BinaryExtension>
314
        <Value>gif</Value>
315
      </BinaryExtension>
316
      <BinaryExtension>
317
        <Value>png</Value>
318
      </BinaryExtension>
319
      <BinaryExtension>
320
        <Value>bmp</Value>
321
      </BinaryExtension>
322
      <BinaryExtension>
323
        <Value>ico</Value>
324
      </BinaryExtension>
325
      <BinaryExtension>
326
        <Value>dll</Value>
327
      </BinaryExtension>
328
      <BinaryExtension>
329
        <Value>exe</Value>
330
      </BinaryExtension>
331
      <BinaryExtension>
332
        <Value>eot</Value>
333
      </BinaryExtension>
334
      <BinaryExtension>
335
        <Value>ttf</Value>
336
      </BinaryExtension>
337
      <BinaryExtension>
338
        <Value>mp3</Value>
339
      </BinaryExtension>
340
      <BinaryExtension>
341
        <Value>mp4</Value>
342
      </BinaryExtension>
343
      <BinaryExtension>
344
        <Value>wav</Value>
345
      </BinaryExtension>
346
      <BinaryExtension>
347
        <Value>woff</Value>
348
      </BinaryExtension>
349
      <BinaryExtension>
350
        <Value>svg</Value>
351
      </BinaryExtension>
352
    </BinaryExtensionList>
353
    <TextExtensionList>
354
      <TextExtension>
355
        <Value>txt</Value>
356
      </TextExtension>
357
      <TextExtension>
358
        <Value>js</Value>
359
      </TextExtension>
360
      <TextExtension>
361
        <Value>css</Value>
362
      </TextExtension>
363
      <TextExtension>
364
        <Value>json</Value>
365
      </TextExtension>
366
    </TextExtensionList>
367
    <BinaryContentTypeList>
368
      <BinaryContentType>
369
        <Value>audio/*</Value>
370
      </BinaryContentType>
371
      <BinaryContentType>
372
        <Value>image/*</Value>
373
      </BinaryContentType>
374
      <BinaryContentType>
375
        <Value>video/*</Value>
376
      </BinaryContentType>
377
      <BinaryContentType>
378
        <Value>application/pdf</Value>
379
      </BinaryContentType>
380
      <BinaryContentType>
381
        <Value>application/zip</Value>
382
      </BinaryContentType>
383
      <BinaryContentType>
384
        <Value>application/x-rar-compressed</Value>
385
      </BinaryContentType>
386
      <BinaryContentType>
387
        <Value>application/x-dvi</Value>
388
      </BinaryContentType>
389
      <BinaryContentType>
390
        <Value>application/x-shockwave-flash</Value>
391
      </BinaryContentType>
392
      <BinaryContentType>
393
        <Value>application/msword</Value>
394
      </BinaryContentType>
395
      <BinaryContentType>
396
        <Value>application/ogg</Value>
397
      </BinaryContentType>
398
      <BinaryContentType>
399
        <Value>application/x-tar</Value>
400
      </BinaryContentType>
401
      <BinaryContentType>
402
        <Value>application/octet-stream</Value>
403
      </BinaryContentType>
404
    </BinaryContentTypeList>
405
    <HTMLContentTypeList>
406
      <HTMLContentType>
407
        <Value>text/html</Value>
408
      </HTMLContentType>
409
      <HTMLContentType>
410
        <Value>html/*</Value>
411
      </HTMLContentType>
412
      <HTMLContentType>
413
        <Value>application/xhtml+xml</Value>
414
      </HTMLContentType>
415
    </HTMLContentTypeList>
416
    <TextContentTypeList>
417
      <TextContentType>
418
        <Value>text/plain</Value>
419
      </TextContentType>
420
      <TextContentType>
421
        <Value>text/csv</Value>
422
      </TextContentType>
423
      <TextContentType>
424
        <Value>text/css</Value>
425
      </TextContentType>
426
      <TextContentType>
427
        <Value>text/javascript</Value>
428
      </TextContentType>
429
      <TextContentType>
430
        <Value>application/javascript</Value>
431
      </TextContentType>
432
      <TextContentType>
433
        <Value>application/x-javascript</Value>
434
      </TextContentType>
435
      <TextContentType>
436
        <Value>application/json</Value>
437
      </TextContentType>
438
      <TextContentType>
439
        <Value>application/x-httpd-php-source</Value>
440
      </TextContentType>
441
    </TextContentTypeList>
442
    <XMLContentTypeList>
443
      <XMLContentType>
444
        <Value>application/xml-dtd</Value>
445
      </XMLContentType>
446
      <XMLContentType>
447
        <Value>text/xml</Value>
448
      </XMLContentType>
449
      <XMLContentType>
450
        <Value>application/soap+xml</Value>
451
      </XMLContentType>
452
      <XMLContentType>
453
        <Value>application/xml</Value>
454
      </XMLContentType>
455
    </XMLContentTypeList>
456
    <BrowserDownloadWhitelistList>
457
      <BrowserDownloadWhitelist>
458
        <Value>*.css</Value>
459
      </BrowserDownloadWhitelist>
460
      <BrowserDownloadWhitelist>
461
        <Value>*.js</Value>
462
      </BrowserDownloadWhitelist>
463
      <BrowserDownloadWhitelist>
464
        <Value>*.xml</Value>
465
      </BrowserDownloadWhitelist>
466
      <BrowserDownloadWhitelist>
467
        <Value>*.dtd</Value>
468
      </BrowserDownloadWhitelist>
469
      <BrowserDownloadWhitelist>
470
        <Value>*.axd</Value>
471
      </BrowserDownloadWhitelist>
472
      <BrowserDownloadWhitelist>
473
        <Value>*.json</Value>
474
      </BrowserDownloadWhitelist>
475
      <BrowserDownloadWhitelist>
476
        <Value>*/js/*</Value>
477
      </BrowserDownloadWhitelist>
478
      <BrowserDownloadWhitelist>
479
        <Value>*/css/*</Value>
480
      </BrowserDownloadWhitelist>
481
    </BrowserDownloadWhitelistList>
482
    <BrowserDoNotDownloadExtensionList>
483
      <BrowserDoNotDownloadExtension>
484
        <Value>pdf</Value>
485
      </BrowserDoNotDownloadExtension>
486
      <BrowserDoNotDownloadExtension>
487
        <Value>doc</Value>
488
      </BrowserDoNotDownloadExtension>
489
      <BrowserDoNotDownloadExtension>
490
        <Value>jpg</Value>
491
      </BrowserDoNotDownloadExtension>
492
      <BrowserDoNotDownloadExtension>
493
        <Value>jpeg</Value>
494
      </BrowserDoNotDownloadExtension>
495
      <BrowserDoNotDownloadExtension>
496
        <Value>gif</Value>
497
      </BrowserDoNotDownloadExtension>
498
      <BrowserDoNotDownloadExtension>
499
        <Value>png</Value>
500
      </BrowserDoNotDownloadExtension>
501
      <BrowserDoNotDownloadExtension>
502
        <Value>bmp</Value>
503
      </BrowserDoNotDownloadExtension>
504
      <BrowserDoNotDownloadExtension>
505
        <Value>ico</Value>
506
      </BrowserDoNotDownloadExtension>
507
      <BrowserDoNotDownloadExtension>
508
        <Value>exe</Value>
509
      </BrowserDoNotDownloadExtension>
510
      <BrowserDoNotDownloadExtension>
511
        <Value>swf</Value>
512
      </BrowserDoNotDownloadExtension>
513
      <BrowserDoNotDownloadExtension>
514
        <Value>mp3</Value>
515
      </BrowserDoNotDownloadExtension>
516
      <BrowserDoNotDownloadExtension>
517
        <Value>mp4</Value>
518
      </BrowserDoNotDownloadExtension>
519
      <BrowserDoNotDownloadExtension>
520
        <Value>wav</Value>
521
      </BrowserDoNotDownloadExtension>
522
      <BrowserDoNotDownloadExtension>
523
        <Value>eot</Value>
524
      </BrowserDoNotDownloadExtension>
525
      <BrowserDoNotDownloadExtension>
526
        <Value>ttf</Value>
527
      </BrowserDoNotDownloadExtension>
528
      <BrowserDoNotDownloadExtension>
529
        <Value>woff</Value>
530
      </BrowserDoNotDownloadExtension>
531
      <BrowserDoNotDownloadExtension>
532
        <Value>ico</Value>
533
      </BrowserDoNotDownloadExtension>
534
      <BrowserDoNotDownloadExtension>
535
        <Value>svg</Value>
536
      </BrowserDoNotDownloadExtension>
537
    </BrowserDoNotDownloadExtensionList>
538
    <BrowserDoNotDownloadContentTypeList>
539
      <BrowserDoNotDownloadContentType>
540
        <Value>audio/*</Value>
541
      </BrowserDoNotDownloadContentType>
542
      <BrowserDoNotDownloadContentType>
543
        <Value>image/*</Value>
544
      </BrowserDoNotDownloadContentType>
545
      <BrowserDoNotDownloadContentType>
546
        <Value>video/*</Value>
547
      </BrowserDoNotDownloadContentType>
548
      <BrowserDoNotDownloadContentType>
549
        <Value>application/pdf</Value>
550
      </BrowserDoNotDownloadContentType>
551
      <BrowserDoNotDownloadContentType>
552
        <Value>application/zip</Value>
553
      </BrowserDoNotDownloadContentType>
554
      <BrowserDoNotDownloadContentType>
555
        <Value>application/x-rar-compressed</Value>
556
      </BrowserDoNotDownloadContentType>
557
      <BrowserDoNotDownloadContentType>
558
        <Value>application/x-dvi</Value>
559
      </BrowserDoNotDownloadContentType>
560
      <BrowserDoNotDownloadContentType>
561
        <Value>application/x-shockwave-flash</Value>
562
      </BrowserDoNotDownloadContentType>
563
      <BrowserDoNotDownloadContentType>
564
        <Value>application/msword</Value>
565
      </BrowserDoNotDownloadContentType>
566
      <BrowserDoNotDownloadContentType>
567
        <Value>application/ogg</Value>
568
      </BrowserDoNotDownloadContentType>
569
      <BrowserDoNotDownloadContentType>
570
        <Value>application/x-tar</Value>
571
      </BrowserDoNotDownloadContentType>
572
      <BrowserDoNotDownloadContentType>
573
        <Value>application/octet-stream</Value>
574
      </BrowserDoNotDownloadContentType>
575
    </BrowserDoNotDownloadContentTypeList>
576
  </CrawlConfig>
577
  <AttackerConfig>
578
    <ParametersToAttackBeforeLimitingAttacks>400</ParametersToAttackBeforeLimitingAttacks>
579
    <LinksToAttackBeforeLimitingAttacks>200</LinksToAttackBeforeLimitingAttacks>
580
    <MaxSameNameParameterAttackPoints>25</MaxSameNameParameterAttackPoints>
581
    <MaxSameCookieParameterAttackPoints>15</MaxSameCookieParameterAttackPoints>
582
    <MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
583
    <MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
584
    <MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
585
    <ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
586
    <ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
587
    <MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>
588
    <MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>
589
    <ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>
590
    <OutOfBandHost></OutOfBandHost>
591
    <DefaultDoNotAttackParamList>
592
      <DefaultDoNotAttackParam>
593
        <ParameterName>^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$</ParameterName>
594
        <MatchCriteria>Regex</MatchCriteria>
595
      </DefaultDoNotAttackParam>
596
    </DefaultDoNotAttackParamList>
597
  </AttackerConfig>
598
  <AttackPolicyConfig>
599
    <Policy>Default attack policy</Policy>
600
    <AttackPrioritization>Smart</AttackPrioritization>
601
    <AttackDepth>Smart</AttackDepth>
602
    <EnableAdvancedAttacks>0</EnableAdvancedAttacks>
603
    <FalsePositiveRegex>This web browser does not support JavaScript or JavaScript in this web browser is not enabled.</FalsePositiveRegex>
604
    <FalsePositiveFindingRegex></FalsePositiveFindingRegex>
605
    <RootCauseIdExcludeList></RootCauseIdExcludeList>
606
    <AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
607
    <EnforceEncoding>0</EnforceEncoding>
608
    <AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
609
    <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
610
    <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
611
    <AttackModulePolicyList>
612
      <AttackModulePolicy>
613
        <Enabled>1</Enabled>
614
        <ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>
615
        <ModulePriority>High</ModulePriority>
616
        <Severity>Informational</Severity>
617
        <MaxVulnLimit>10</MaxVulnLimit>
618
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
619
        <MaxVarianceLimit>2</MaxVarianceLimit>
620
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
621
        <EnforceEncoding>0</EnforceEncoding>
622
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
623
        <AttackPoints>Web Site</AttackPoints>
624
        <ParameterLocations></ParameterLocations>
625
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
626
        <DisplayName>Anonymous Access</DisplayName>
627
      </AttackModulePolicy>
628
      <AttackModulePolicy>
629
        <Enabled>1</Enabled>
630
        <ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
631
        <ModulePriority>High</ModulePriority>
632
        <Severity>High</Severity>
633
        <MaxVulnLimit>100</MaxVulnLimit>
634
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
635
        <MaxVarianceLimit>3</MaxVarianceLimit>
636
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
637
        <EnforceEncoding>0</EnforceEncoding>
638
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
639
        <AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
640
        <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
641
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
642
        <DisplayName>Apache Struts 2 Framework Checks</DisplayName>
643
      </AttackModulePolicy>
644
      <AttackModulePolicy>
645
        <Enabled>1</Enabled>
646
        <ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
647
        <ModulePriority>High</ModulePriority>
648
        <Severity>Informational</Severity>
649
        <MaxVulnLimit>100</MaxVulnLimit>
650
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
651
        <MaxVarianceLimit>3</MaxVarianceLimit>
652
        <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
653
        <EnforceEncoding>0</EnforceEncoding>
654
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
655
        <AttackPoints>Response Analysis</AttackPoints>
656
        <ParameterLocations></ParameterLocations>
657
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
658
        <DisplayName>Apache Struts Detection</DisplayName>
659
      </AttackModulePolicy>
660
      <AttackModulePolicy>
661
        <Enabled>1</Enabled>
662
        <ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
663
        <ModulePriority>High</ModulePriority>
664
        <Severity>High</Severity>
665
        <MaxVulnLimit>100</MaxVulnLimit>
666
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
667
        <MaxVarianceLimit>4</MaxVarianceLimit>
668
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
669
        <EnforceEncoding>0</EnforceEncoding>
670
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
671
        <AttackPoints>Parameter</AttackPoints>
672
        <ParameterLocations>Post</ParameterLocations>
673
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
674
        <DisplayName>Arbitrary File Upload</DisplayName>
675
      </AttackModulePolicy>
676
      <AttackModulePolicy>
677
        <Enabled>1</Enabled>
678
        <ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
679
        <ModulePriority>Medium</ModulePriority>
680
        <Severity>Low</Severity>
681
        <MaxVulnLimit>25</MaxVulnLimit>
682
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
683
        <MaxVarianceLimit>2</MaxVarianceLimit>
684
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
685
        <EnforceEncoding>0</EnforceEncoding>
686
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
687
        <AttackPoints>Directory</AttackPoints>
688
        <ParameterLocations></ParameterLocations>
689
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
690
        <DisplayName>ASP.NET Misconfiguration</DisplayName>
691
      </AttackModulePolicy>
692
      <AttackModulePolicy>
693
        <Enabled>1</Enabled>
694
        <ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>
695
        <ModulePriority>Medium</ModulePriority>
696
        <Severity>High</Severity>
697
        <MaxVulnLimit>25</MaxVulnLimit>
698
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
699
        <MaxVarianceLimit>4</MaxVarianceLimit>
700
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
701
        <EnforceEncoding>0</EnforceEncoding>
702
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
703
        <AttackPoints>Parameter</AttackPoints>
704
        <ParameterLocations>Post|Cookie</ParameterLocations>
705
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
706
        <DisplayName>ASP.NET Serialization</DisplayName>
707
      </AttackModulePolicy>
708
      <AttackModulePolicy>
709
        <Enabled>1</Enabled>
710
        <ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
711
        <ModulePriority>Medium</ModulePriority>
712
        <Severity>Low</Severity>
713
        <MaxVulnLimit>200</MaxVulnLimit>
714
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
715
        <MaxVarianceLimit>2</MaxVarianceLimit>
716
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
717
        <EnforceEncoding>0</EnforceEncoding>
718
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
719
        <AttackPoints>Response Analysis</AttackPoints>
720
        <ParameterLocations></ParameterLocations>
721
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
722
        <DisplayName>Autocomplete attribute</DisplayName>
723
      </AttackModulePolicy>
724
      <AttackModulePolicy>
725
        <Enabled>1</Enabled>
726
        <ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>
727
        <ModulePriority>High</ModulePriority>
728
        <Severity>High</Severity>
729
        <MaxVulnLimit>75</MaxVulnLimit>
730
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
731
        <MaxVarianceLimit>4</MaxVarianceLimit>
732
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
733
        <EnforceEncoding>0</EnforceEncoding>
734
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
735
        <AttackPoints>Parameter</AttackPoints>
736
        <ParameterLocations>Query|Post</ParameterLocations>
737
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
738
        <DisplayName>Blind LDAP Injection</DisplayName>
739
      </AttackModulePolicy>
740
      <AttackModulePolicy>
741
        <Enabled>1</Enabled>
742
        <ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
743
        <ModulePriority>Medium</ModulePriority>
744
        <Severity>Informational</Severity>
745
        <MaxVulnLimit>100</MaxVulnLimit>
746
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
747
        <MaxVarianceLimit>1</MaxVarianceLimit>
748
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
749
        <EnforceEncoding>0</EnforceEncoding>
750
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
751
        <AttackPoints>Response Analysis</AttackPoints>
752
        <ParameterLocations></ParameterLocations>
753
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
754
        <DisplayName>Browser Cache directive (web application performance)</DisplayName>
755
      </AttackModulePolicy>
756
      <AttackModulePolicy>
757
        <Enabled>1</Enabled>
758
        <ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
759
        <ModulePriority>Medium</ModulePriority>
760
        <Severity>Low</Severity>
761
        <MaxVulnLimit>150</MaxVulnLimit>
762
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
763
        <MaxVarianceLimit>4</MaxVarianceLimit>
764
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
765
        <EnforceEncoding>0</EnforceEncoding>
766
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
767
        <AttackPoints>Response Analysis</AttackPoints>
768
        <ParameterLocations></ParameterLocations>
769
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
770
        <DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>
771
      </AttackModulePolicy>
772
      <AttackModulePolicy>
773
        <Enabled>1</Enabled>
774
        <ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
775
        <ModulePriority>High</ModulePriority>
776
        <Severity>High</Severity>
777
        <MaxVulnLimit>5</MaxVulnLimit>
778
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
779
        <MaxVarianceLimit>2</MaxVarianceLimit>
780
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
781
        <EnforceEncoding>0</EnforceEncoding>
782
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
783
        <AttackPoints>Web Resource</AttackPoints>
784
        <ParameterLocations></ParameterLocations>
785
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
786
        <DisplayName>Brute Force (HTTP Auth)</DisplayName>
787
      </AttackModulePolicy>
788
      <AttackModulePolicy>
789
        <Enabled>1</Enabled>
790
        <ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
791
        <ModulePriority>High</ModulePriority>
792
        <Severity>High</Severity>
793
        <MaxVulnLimit>5</MaxVulnLimit>
794
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
795
        <MaxVarianceLimit>2</MaxVarianceLimit>
796
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
797
        <EnforceEncoding>0</EnforceEncoding>
798
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
799
        <AttackPoints>Parameter</AttackPoints>
800
        <ParameterLocations>Query|Post</ParameterLocations>
801
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
802
        <DisplayName>Brute Force (Form Auth)</DisplayName>
803
      </AttackModulePolicy>
804
      <AttackModulePolicy>
805
        <Enabled>1</Enabled>
806
        <ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
807
        <ModulePriority>High</ModulePriority>
808
        <Severity>High</Severity>
809
        <MaxVulnLimit>250</MaxVulnLimit>
810
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
811
        <MaxVarianceLimit>4</MaxVarianceLimit>
812
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
813
        <EnforceEncoding>0</EnforceEncoding>
814
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
815
        <AttackPoints>Parameter</AttackPoints>
816
        <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
817
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
818
        <DisplayName>Blind SQL</DisplayName>
819
      </AttackModulePolicy>
820
      <AttackModulePolicy>
821
        <Enabled>1</Enabled>
822
        <ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
823
        <ModulePriority>Low</ModulePriority>
824
        <Severity>Low</Severity>
825
        <MaxVulnLimit>100</MaxVulnLimit>
826
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
827
        <MaxVarianceLimit>4</MaxVarianceLimit>
828
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
829
        <EnforceEncoding>0</EnforceEncoding>
830
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
831
        <AttackPoints>Directory</AttackPoints>
832
        <ParameterLocations></ParameterLocations>
833
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
834
        <DisplayName>Clients Cross-Domain Policy Files</DisplayName>
835
      </AttackModulePolicy>
836
      <AttackModulePolicy>
837
        <Enabled>1</Enabled>
838
        <ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
839
        <ModulePriority>Low</ModulePriority>
840
        <Severity>Informational</Severity>
841
        <MaxVulnLimit>100</MaxVulnLimit>
842
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
843
        <MaxVarianceLimit>4</MaxVarianceLimit>
844
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
845
        <EnforceEncoding>0</EnforceEncoding>
846
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
847
        <AttackPoints>Response Analysis</AttackPoints>
848
        <ParameterLocations></ParameterLocations>
849
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
850
        <DisplayName>Information Disclosure in comments</DisplayName>
851
      </AttackModulePolicy>
852
      <AttackModulePolicy>
853
        <Enabled>1</Enabled>
854
        <ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
855
        <ModulePriority>Medium</ModulePriority>
856
        <Severity>Low</Severity>
857
        <MaxVulnLimit>50</MaxVulnLimit>
858
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
859
        <MaxVarianceLimit>10</MaxVarianceLimit>
860
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
861
        <EnforceEncoding>0</EnforceEncoding>
862
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
863
        <AttackPoints>Response Analysis</AttackPoints>
864
        <ParameterLocations></ParameterLocations>
865
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
866
        <DisplayName>Cookie attributes</DisplayName>
867
      </AttackModulePolicy>
868
      <AttackModulePolicy>
869
        <Enabled>1</Enabled>
870
        <ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
871
        <ModulePriority>Low</ModulePriority>
872
        <Severity>Low</Severity>
873
        <MaxVulnLimit>100</MaxVulnLimit>
874
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
875
        <MaxVarianceLimit>5</MaxVarianceLimit>
876
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
877
        <EnforceEncoding>0</EnforceEncoding>
878
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
879
        <AttackPoints>Web Resource|Response Analysis</AttackPoints>
880
        <ParameterLocations></ParameterLocations>
881
        <RequestOriginations>AJAX</RequestOriginations>
882
        <DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>
883
      </AttackModulePolicy>
884
      <AttackModulePolicy>
885
        <Enabled>1</Enabled>
886
        <ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
887
        <ModulePriority>Low</ModulePriority>
888
        <Severity>Medium</Severity>
889
        <MaxVulnLimit>25</MaxVulnLimit>
890
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
891
        <MaxVarianceLimit>2</MaxVarianceLimit>
892
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
893
        <EnforceEncoding>0</EnforceEncoding>
894
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
895
        <AttackPoints>Response Analysis</AttackPoints>
896
        <ParameterLocations></ParameterLocations>
897
        <RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
898
        <DisplayName>Credentials over an insecure channel</DisplayName>
899
      </AttackModulePolicy>
900
      <AttackModulePolicy>
901
        <Enabled>1</Enabled>
902
        <ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>
903
        <ModulePriority>Medium</ModulePriority>
904
        <Severity>Informational</Severity>
905
        <MaxVulnLimit>100</MaxVulnLimit>
906
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
907
        <MaxVarianceLimit>4</MaxVarianceLimit>
908
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
909
        <EnforceEncoding>0</EnforceEncoding>
910
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
911
        <AttackPoints>Response Analysis</AttackPoints>
912
        <ParameterLocations></ParameterLocations>
913
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
914
        <DisplayName>Content Security Policy Header</DisplayName>
915
      </AttackModulePolicy>
916
      <AttackModulePolicy>
917
        <Enabled>1</Enabled>
918
        <ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
919
        <ModulePriority>Low</ModulePriority>
920
        <Severity>Low</Severity>
921
        <MaxVulnLimit>250</MaxVulnLimit>
922
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
923
        <MaxVarianceLimit>2</MaxVarianceLimit>
924
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
925
        <EnforceEncoding>0</EnforceEncoding>
926
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
927
        <AttackPoints>Web Resource</AttackPoints>
928
        <ParameterLocations></ParameterLocations>
929
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
930
        <DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>
931
      </AttackModulePolicy>
932
      <AttackModulePolicy>
933
        <Enabled>0</Enabled>
934
        <ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
935
        <ModulePriority>Medium</ModulePriority>
936
        <Severity>Informational</Severity>
937
        <MaxVulnLimit>20</MaxVulnLimit>
938
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
939
        <MaxVarianceLimit>1</MaxVarianceLimit>
940
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
941
        <EnforceEncoding>0</EnforceEncoding>
942
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
943
        <AttackPoints>Directory</AttackPoints>
944
        <ParameterLocations></ParameterLocations>
945
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
946
        <DisplayName>Custom Directory Module</DisplayName>
947
      </AttackModulePolicy>
948
      <AttackModulePolicy>
949
        <Enabled>0</Enabled>
950
        <ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
951
        <ModulePriority>Medium</ModulePriority>
952
        <Severity>Informational</Severity>
953
        <MaxVulnLimit>20</MaxVulnLimit>
954
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
955
        <MaxVarianceLimit>1</MaxVarianceLimit>
956
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
957
        <EnforceEncoding>0</EnforceEncoding>
958
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
959
        <AttackPoints>Parameter</AttackPoints>
960
        <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
961
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
962
        <DisplayName>Custom Parameter Module</DisplayName>
963
      </AttackModulePolicy>
964
      <AttackModulePolicy>
965
        <Enabled>0</Enabled>
966
        <ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
967
        <ModulePriority>Medium</ModulePriority>
968
        <Severity>Informational</Severity>
969
        <MaxVulnLimit>20</MaxVulnLimit>
970
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
971
        <MaxVarianceLimit>1</MaxVarianceLimit>
972
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
973
        <EnforceEncoding>0</EnforceEncoding>
974
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
975
        <AttackPoints>Response Analysis</AttackPoints>
976
        <ParameterLocations></ParameterLocations>
977
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
978
        <DisplayName>Custom Passive Module</DisplayName>
979
      </AttackModulePolicy>
980
      <AttackModulePolicy>
981
        <Enabled>1</Enabled>
982
        <ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
983
        <ModulePriority>Medium</ModulePriority>
984
        <Severity>Low</Severity>
985
        <MaxVulnLimit>250</MaxVulnLimit>
986
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
987
        <MaxVarianceLimit>1</MaxVarianceLimit>
988
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
989
        <EnforceEncoding>0</EnforceEncoding>
990
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
991
        <AttackPoints>Directory</AttackPoints>
992
        <ParameterLocations></ParameterLocations>
993
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
994
        <DisplayName>Directory Indexing</DisplayName>
995
      </AttackModulePolicy>
996
      <AttackModulePolicy>
997
        <Enabled>1</Enabled>
998
        <ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
999
        <ModulePriority>Low</ModulePriority>
1000
        <Severity>Informational</Severity>
1001
        <MaxVulnLimit>150</MaxVulnLimit>
1002
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1003
        <MaxVarianceLimit>4</MaxVarianceLimit>
1004
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1005
        <EnforceEncoding>0</EnforceEncoding>
1006
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1007
        <AttackPoints>Response Analysis</AttackPoints>
1008
        <ParameterLocations></ParameterLocations>
1009
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1010
        <DisplayName>Email Disclosure</DisplayName>
1011
      </AttackModulePolicy>
1012
      <AttackModulePolicy>
1013
        <Enabled>1</Enabled>
1014
        <ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
1015
        <ModulePriority>High</ModulePriority>
1016
        <Severity>High</Severity>
1017
        <MaxVulnLimit>100</MaxVulnLimit>
1018
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1019
        <MaxVarianceLimit>4</MaxVarianceLimit>
1020
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1021
        <EnforceEncoding>0</EnforceEncoding>
1022
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1023
        <AttackPoints>Parameter</AttackPoints>
1024
        <ParameterLocations>Path|Query|Post</ParameterLocations>
1025
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1026
        <DisplayName>Expression Language Injection</DisplayName>
1027
      </AttackModulePolicy>
1028
      <AttackModulePolicy>
1029
        <Enabled>1</Enabled>
1030
        <ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
1031
        <ModulePriority>Low</ModulePriority>
1032
        <Severity>Low</Severity>
1033
        <MaxVulnLimit>100</MaxVulnLimit>
1034
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1035
        <MaxVarianceLimit>2</MaxVarianceLimit>
1036
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1037
        <EnforceEncoding>0</EnforceEncoding>
1038
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1039
        <AttackPoints>Parameter</AttackPoints>
1040
        <ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
1041
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1042
        <DisplayName>Forced Browsing</DisplayName>
1043
      </AttackModulePolicy>
1044
      <AttackModulePolicy>
1045
        <Enabled>1</Enabled>
1046
        <ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
1047
        <ModulePriority>Medium</ModulePriority>
1048
        <Severity>Low</Severity>
1049
        <MaxVulnLimit>200</MaxVulnLimit>
1050
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1051
        <MaxVarianceLimit>2</MaxVarianceLimit>
1052
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1053
        <EnforceEncoding>0</EnforceEncoding>
1054
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1055
        <AttackPoints>Response Analysis</AttackPoints>
1056
        <ParameterLocations></ParameterLocations>
1057
        <RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
1058
        <DisplayName>Sensitive Data Exposure</DisplayName>
1059
      </AttackModulePolicy>
1060
      <AttackModulePolicy>
1061
        <Enabled>1</Enabled>
1062
        <ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
1063
        <ModulePriority>High</ModulePriority>
1064
        <Severity>Low</Severity>
1065
        <MaxVulnLimit>5</MaxVulnLimit>
1066
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1067
        <MaxVarianceLimit>4</MaxVarianceLimit>
1068
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1069
        <EnforceEncoding>0</EnforceEncoding>
1070
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1071
        <AttackPoints>Web Resource</AttackPoints>
1072
        <ParameterLocations></ParameterLocations>
1073
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1074
        <DisplayName>Form Session Strength</DisplayName>
1075
      </AttackModulePolicy>
1076
      <AttackModulePolicy>
1077
        <Enabled>1</Enabled>
1078
        <ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
1079
        <ModulePriority>High</ModulePriority>
1080
        <Severity>High</Severity>
1081
        <MaxVulnLimit>25</MaxVulnLimit>
1082
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1083
        <MaxVarianceLimit>50</MaxVarianceLimit>
1084
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1085
        <EnforceEncoding>0</EnforceEncoding>
1086
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1087
        <AttackPoints>Web Site</AttackPoints>
1088
        <ParameterLocations></ParameterLocations>
1089
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1090
        <DisplayName>FrontPage Checks</DisplayName>
1091
      </AttackModulePolicy>
1092
      <AttackModulePolicy>
1093
        <Enabled>1</Enabled>
1094
        <ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
1095
        <ModulePriority>High</ModulePriority>
1096
        <Severity>High</Severity>
1097
        <MaxVulnLimit>25</MaxVulnLimit>
1098
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1099
        <MaxVarianceLimit>1</MaxVarianceLimit>
1100
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1101
        <EnforceEncoding>0</EnforceEncoding>
1102
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1103
        <AttackPoints>Web Site</AttackPoints>
1104
        <ParameterLocations></ParameterLocations>
1105
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1106
        <DisplayName>Heartbleed Check</DisplayName>
1107
      </AttackModulePolicy>
1108
      <AttackModulePolicy>
1109
        <Enabled>1</Enabled>
1110
        <ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
1111
        <ModulePriority>Low</ModulePriority>
1112
        <Severity>Informational</Severity>
1113
        <MaxVulnLimit>20</MaxVulnLimit>
1114
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1115
        <MaxVarianceLimit>1</MaxVarianceLimit>
1116
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1117
        <EnforceEncoding>0</EnforceEncoding>
1118
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1119
        <AttackPoints>Response Analysis</AttackPoints>
1120
        <ParameterLocations></ParameterLocations>
1121
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1122
        <DisplayName>HTTP Strict Transport Security</DisplayName>
1123
      </AttackModulePolicy>
1124
      <AttackModulePolicy>
1125
        <Enabled>1</Enabled>
1126
        <ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
1127
        <ModulePriority>Low</ModulePriority>
1128
        <Severity>Low</Severity>
1129
        <MaxVulnLimit>20</MaxVulnLimit>
1130
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1131
        <MaxVarianceLimit>4</MaxVarianceLimit>
1132
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1133
        <EnforceEncoding>0</EnforceEncoding>
1134
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1135
        <AttackPoints>Response Analysis</AttackPoints>
1136
        <ParameterLocations></ParameterLocations>
1137
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1138
        <DisplayName>HTTP Authentication over insecure channel</DisplayName>
1139
      </AttackModulePolicy>
1140
      <AttackModulePolicy>
1141
        <Enabled>1</Enabled>
1142
        <ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
1143
        <ModulePriority>Low</ModulePriority>
1144
        <Severity>Low</Severity>
1145
        <MaxVulnLimit>200</MaxVulnLimit>
1146
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1147
        <MaxVarianceLimit>1</MaxVarianceLimit>
1148
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1149
        <EnforceEncoding>0</EnforceEncoding>
1150
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1151
        <AttackPoints>Web Resource</AttackPoints>
1152
        <ParameterLocations></ParameterLocations>
1153
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1154
        <DisplayName>HTTPS Downgrade</DisplayName>
1155
      </AttackModulePolicy>
1156
      <AttackModulePolicy>
1157
        <Enabled>1</Enabled>
1158
        <ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
1159
        <ModulePriority>Medium</ModulePriority>
1160
        <Severity>Informational</Severity>
1161
        <MaxVulnLimit>200</MaxVulnLimit>
1162
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1163
        <MaxVarianceLimit>4</MaxVarianceLimit>
1164
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1165
        <EnforceEncoding>0</EnforceEncoding>
1166
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1167
        <AttackPoints>Response Analysis</AttackPoints>
1168
        <ParameterLocations></ParameterLocations>
1169
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1170
        <DisplayName>HTTP Headers</DisplayName>
1171
      </AttackModulePolicy>
1172
      <AttackModulePolicy>
1173
        <Enabled>1</Enabled>
1174
        <ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
1175
        <ModulePriority>High</ModulePriority>
1176
        <Severity>High</Severity>
1177
        <MaxVulnLimit>200</MaxVulnLimit>
1178
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1179
        <MaxVarianceLimit>4</MaxVarianceLimit>
1180
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1181
        <EnforceEncoding>0</EnforceEncoding>
1182
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1183
        <AttackPoints>Parameter</AttackPoints>
1184
        <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1185
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1186
        <DisplayName>HTTP Response Splitting</DisplayName>
1187
      </AttackModulePolicy>
1188
      <AttackModulePolicy>
1189
        <Enabled>1</Enabled>
1190
        <ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>
1191
        <ModulePriority>Low</ModulePriority>
1192
        <Severity>Low</Severity>
1193
        <MaxVulnLimit>200</MaxVulnLimit>
1194
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1195
        <MaxVarianceLimit>1</MaxVarianceLimit>
1196
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1197
        <EnforceEncoding>0</EnforceEncoding>
1198
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1199
        <AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>
1200
        <ParameterLocations></ParameterLocations>
1201
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1202
        <DisplayName>HTTPS Everywhere</DisplayName>
1203
      </AttackModulePolicy>
1204
      <AttackModulePolicy>
1205
        <Enabled>1</Enabled>
1206
        <ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>
1207
        <ModulePriority>Low</ModulePriority>
1208
        <Severity>Informational</Severity>
1209
        <MaxVulnLimit>20</MaxVulnLimit>
1210
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1211
        <MaxVarianceLimit>1</MaxVarianceLimit>
1212
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1213
        <EnforceEncoding>0</EnforceEncoding>
1214
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1215
        <AttackPoints>Web Resource</AttackPoints>
1216
        <ParameterLocations></ParameterLocations>
1217
        <RequestOriginations>HTML|Form|Flash|Silverlight</RequestOriginations>
1218
        <DisplayName>HTTP User-Agent Check</DisplayName>
1219
      </AttackModulePolicy>
1220
      <AttackModulePolicy>
1221
        <Enabled>1</Enabled>
1222
        <ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
1223
        <ModulePriority>Low</ModulePriority>
1224
        <Severity>Informational</Severity>
1225
        <MaxVulnLimit>500</MaxVulnLimit>
1226
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1227
        <MaxVarianceLimit>4</MaxVarianceLimit>
1228
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1229
        <EnforceEncoding>0</EnforceEncoding>
1230
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1231
        <AttackPoints>Response Analysis</AttackPoints>
1232
        <ParameterLocations></ParameterLocations>
1233
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1234
        <DisplayName>Information Disclosure in response</DisplayName>
1235
      </AttackModulePolicy>
1236
      <AttackModulePolicy>
1237
        <Enabled>1</Enabled>
1238
        <ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
1239
        <ModulePriority>High</ModulePriority>
1240
        <Severity>Low</Severity>
1241
        <MaxVulnLimit>500</MaxVulnLimit>
1242
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1243
        <MaxVarianceLimit>4</MaxVarianceLimit>
1244
        <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1245
        <EnforceEncoding>0</EnforceEncoding>
1246
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1247
        <AttackPoints>Response Analysis</AttackPoints>
1248
        <ParameterLocations></ParameterLocations>
1249
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1250
        <DisplayName>Information Leakage in responses</DisplayName>
1251
      </AttackModulePolicy>
1252
      <AttackModulePolicy>
1253
        <Enabled>1</Enabled>
1254
        <ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
1255
        <ModulePriority>Low</ModulePriority>
1256
        <Severity>Low</Severity>
1257
        <MaxVulnLimit>100</MaxVulnLimit>
1258
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1259
        <MaxVarianceLimit>4</MaxVarianceLimit>
1260
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1261
        <EnforceEncoding>0</EnforceEncoding>
1262
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1263
        <AttackPoints>Web Resource</AttackPoints>
1264
        <ParameterLocations></ParameterLocations>
1265
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1266
        <DisplayName>Java Grinder</DisplayName>
1267
      </AttackModulePolicy>
1268
      <AttackModulePolicy>
1269
        <Enabled>1</Enabled>
1270
        <ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>
1271
        <ModulePriority>Low</ModulePriority>
1272
        <Severity>Informational</Severity>
1273
        <MaxVulnLimit>100</MaxVulnLimit>
1274
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1275
        <MaxVarianceLimit>4</MaxVarianceLimit>
1276
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1277
        <EnforceEncoding>0</EnforceEncoding>
1278
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1279
        <AttackPoints>Response Analysis</AttackPoints>
1280
        <ParameterLocations></ParameterLocations>
1281
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight</RequestOriginations>
1282
        <DisplayName>JavaScript Memory Leaks</DisplayName>
1283
      </AttackModulePolicy>
1284
      <AttackModulePolicy>
1285
        <Enabled>1</Enabled>
1286
        <ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
1287
        <ModulePriority>High</ModulePriority>
1288
        <Severity>High</Severity>
1289
        <MaxVulnLimit>100</MaxVulnLimit>
1290
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1291
        <MaxVarianceLimit>4</MaxVarianceLimit>
1292
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1293
        <EnforceEncoding>0</EnforceEncoding>
1294
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1295
        <AttackPoints>Parameter</AttackPoints>
1296
        <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1297
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1298
        <DisplayName>LDAP Injection</DisplayName>
1299
      </AttackModulePolicy>
1300
      <AttackModulePolicy>
1301
        <Enabled>1</Enabled>
1302
        <ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
1303
        <ModulePriority>High</ModulePriority>
1304
        <Severity>Informational</Severity>
1305
        <MaxVulnLimit>250</MaxVulnLimit>
1306
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1307
        <MaxVarianceLimit>4</MaxVarianceLimit>
1308
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1309
        <EnforceEncoding>0</EnforceEncoding>
1310
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1311
        <AttackPoints>Response Analysis</AttackPoints>
1312
        <ParameterLocations></ParameterLocations>
1313
        <RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1314
        <DisplayName>Local Storage Usage</DisplayName>
1315
      </AttackModulePolicy>
1316
      <AttackModulePolicy>
1317
        <Enabled>1</Enabled>
1318
        <ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
1319
        <ModulePriority>Medium</ModulePriority>
1320
        <Severity>Low</Severity>
1321
        <MaxVulnLimit>100</MaxVulnLimit>
1322
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1323
        <MaxVarianceLimit>4</MaxVarianceLimit>
1324
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1325
        <EnforceEncoding>0</EnforceEncoding>
1326
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1327
        <AttackPoints>Parameter|Response Analysis</AttackPoints>
1328
        <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1329
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1330
        <DisplayName>Business logic abuse attacks</DisplayName>
1331
      </AttackModulePolicy>
1332
      <AttackModulePolicy>
1333
        <Enabled>1</Enabled>
1334
        <ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
1335
        <ModulePriority>High</ModulePriority>
1336
        <Severity>High</Severity>
1337
        <MaxVulnLimit>10</MaxVulnLimit>
1338
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1339
        <MaxVarianceLimit>1</MaxVarianceLimit>
1340
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1341
        <EnforceEncoding>0</EnforceEncoding>
1342
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1343
        <AttackPoints>Parameter</AttackPoints>
1344
        <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1345
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1346
        <DisplayName>Nginx NULL code</DisplayName>
1347
      </AttackModulePolicy>
1348
      <AttackModulePolicy>
1349
        <Enabled>1</Enabled>
1350
        <ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
1351
        <ModulePriority>Medium</ModulePriority>
1352
        <Severity>High</Severity>
1353
        <MaxVulnLimit>200</MaxVulnLimit>
1354
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1355
        <MaxVarianceLimit>4</MaxVarianceLimit>
1356
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1357
        <EnforceEncoding>0</EnforceEncoding>
1358
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1359
        <AttackPoints>Parameter</AttackPoints>
1360
        <ParameterLocations>File|Path|Query|Post</ParameterLocations>
1361
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1362
        <DisplayName>OS Commanding</DisplayName>
1363
      </AttackModulePolicy>
1364
      <AttackModulePolicy>
1365
        <Enabled>1</Enabled>
1366
        <ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
1367
        <ModulePriority>High</ModulePriority>
1368
        <Severity>High</Severity>
1369
        <MaxVulnLimit>250</MaxVulnLimit>
1370
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1371
        <MaxVarianceLimit>5</MaxVarianceLimit>
1372
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1373
        <EnforceEncoding>0</EnforceEncoding>
1374
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1375
        <AttackPoints>Parameter</AttackPoints>
1376
        <ParameterLocations>Query|Post</ParameterLocations>
1377
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1378
        <DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>
1379
      </AttackModulePolicy>
1380
      <AttackModulePolicy>
1381
        <Enabled>1</Enabled>
1382
        <ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
1383
        <ModulePriority>High</ModulePriority>
1384
        <Severity>Medium</Severity>
1385
        <MaxVulnLimit>250</MaxVulnLimit>
1386
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1387
        <MaxVarianceLimit>5</MaxVarianceLimit>
1388
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1389
        <EnforceEncoding>0</EnforceEncoding>
1390
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1391
        <AttackPoints>Parameter</AttackPoints>
1392
        <ParameterLocations>Query|Post</ParameterLocations>
1393
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1394
        <DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>
1395
      </AttackModulePolicy>
1396
      <AttackModulePolicy>
1397
        <Enabled>1</Enabled>
1398
        <ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
1399
        <ModulePriority>High</ModulePriority>
1400
        <Severity>Medium</Severity>
1401
        <MaxVulnLimit>500</MaxVulnLimit>
1402
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1403
        <MaxVarianceLimit>4</MaxVarianceLimit>
1404
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1405
        <EnforceEncoding>0</EnforceEncoding>
1406
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1407
        <AttackPoints>Parameter</AttackPoints>
1408
        <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1409
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1410
        <DisplayName>Parameter Fuzzing</DisplayName>
1411
      </AttackModulePolicy>
1412
      <AttackModulePolicy>
1413
        <Enabled>1</Enabled>
1414
        <ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
1415
        <ModulePriority>High</ModulePriority>
1416
        <Severity>Low</Severity>
1417
        <MaxVulnLimit>10</MaxVulnLimit>
1418
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1419
        <MaxVarianceLimit>2</MaxVarianceLimit>
1420
        <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1421
        <EnforceEncoding>0</EnforceEncoding>
1422
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1423
        <AttackPoints>Response Analysis</AttackPoints>
1424
        <ParameterLocations></ParameterLocations>
1425
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1426
        <DisplayName>Credentials stored in clear text in a cookie.</DisplayName>
1427
      </AttackModulePolicy>
1428
      <AttackModulePolicy>
1429
        <Enabled>1</Enabled>
1430
        <ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
1431
        <ModulePriority>Medium</ModulePriority>
1432
        <Severity>Informational</Severity>
1433
        <MaxVulnLimit>200</MaxVulnLimit>
1434
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1435
        <MaxVarianceLimit>10</MaxVarianceLimit>
1436
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1437
        <EnforceEncoding>0</EnforceEncoding>
1438
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1439
        <AttackPoints>Response Analysis</AttackPoints>
1440
        <ParameterLocations></ParameterLocations>
1441
        <RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
1442
        <DisplayName>Collecting Sensitive Personal Information</DisplayName>
1443
      </AttackModulePolicy>
1444
      <AttackModulePolicy>
1445
        <Enabled>1</Enabled>
1446
        <ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
1447
        <ModulePriority>High</ModulePriority>
1448
        <Severity>Medium</Severity>
1449
        <MaxVulnLimit>100</MaxVulnLimit>
1450
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1451
        <MaxVarianceLimit>4</MaxVarianceLimit>
1452
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1453
        <EnforceEncoding>0</EnforceEncoding>
1454
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1455
        <AttackPoints>Parameter</AttackPoints>
1456
        <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1457
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1458
        <DisplayName>PHP Code Execution</DisplayName>
1459
      </AttackModulePolicy>
1460
      <AttackModulePolicy>
1461
        <Enabled>1</Enabled>
1462
        <ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>
1463
        <ModulePriority>High</ModulePriority>
1464
        <Severity>Low</Severity>
1465
        <MaxVulnLimit>4</MaxVulnLimit>
1466
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1467
        <MaxVarianceLimit>4</MaxVarianceLimit>
1468
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1469
        <EnforceEncoding>0</EnforceEncoding>
1470
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1471
        <AttackPoints>Web Resource</AttackPoints>
1472
        <ParameterLocations></ParameterLocations>
1473
        <RequestOriginations>HTML</RequestOriginations>
1474
        <DisplayName>Privacy Policy Check</DisplayName>
1475
      </AttackModulePolicy>
1476
      <AttackModulePolicy>
1477
        <Enabled>1</Enabled>
1478
        <ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
1479
        <ModulePriority>Low</ModulePriority>
1480
        <Severity>Informational</Severity>
1481
        <MaxVulnLimit>250</MaxVulnLimit>
1482
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1483
        <MaxVarianceLimit>10</MaxVarianceLimit>
1484
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1485
        <EnforceEncoding>0</EnforceEncoding>
1486
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1487
        <AttackPoints>Response Analysis</AttackPoints>
1488
        <ParameterLocations></ParameterLocations>
1489
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1490
        <DisplayName>Privacy Disclosure</DisplayName>
1491
      </AttackModulePolicy>
1492
      <AttackModulePolicy>
1493
        <Enabled>1</Enabled>
1494
        <ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
1495
        <ModulePriority>Medium</ModulePriority>
1496
        <Severity>Low</Severity>
1497
        <MaxVulnLimit>10</MaxVulnLimit>
1498
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1499
        <MaxVarianceLimit>4</MaxVarianceLimit>
1500
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1501
        <EnforceEncoding>0</EnforceEncoding>
1502
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1503
        <AttackPoints>Web Resource|Response Analysis</AttackPoints>
1504
        <ParameterLocations></ParameterLocations>
1505
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1506
        <DisplayName>Privilege Escalation</DisplayName>
1507
      </AttackModulePolicy>
1508
      <AttackModulePolicy>
1509
        <Enabled>1</Enabled>
1510
        <ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
1511
        <ModulePriority>Low</ModulePriority>
1512
        <Severity>Informational</Severity>
1513
        <MaxVulnLimit>200</MaxVulnLimit>
1514
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1515
        <MaxVarianceLimit>4</MaxVarianceLimit>
1516
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1517
        <EnforceEncoding>0</EnforceEncoding>
1518
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1519
        <AttackPoints>Response Analysis</AttackPoints>
1520
        <ParameterLocations></ParameterLocations>
1521
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1522
        <DisplayName>Profanity</DisplayName>
1523
      </AttackModulePolicy>
1524
      <AttackModulePolicy>
1525
        <Enabled>1</Enabled>
1526
        <ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
1527
        <ModulePriority>Low</ModulePriority>
1528
        <Severity>Safe</Severity>
1529
        <MaxVulnLimit>500</MaxVulnLimit>
1530
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1531
        <MaxVarianceLimit>4</MaxVarianceLimit>
1532
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1533
        <EnforceEncoding>0</EnforceEncoding>
1534
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1535
        <AttackPoints>Parameter</AttackPoints>
1536
        <ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
1537
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1538
        <DisplayName>Reflection</DisplayName>
1539
      </AttackModulePolicy>
1540
      <AttackModulePolicy>
1541
        <Enabled>1</Enabled>
1542
        <ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
1543
        <ModulePriority>Medium</ModulePriority>
1544
        <Severity>Medium</Severity>
1545
        <MaxVulnLimit>1000</MaxVulnLimit>
1546
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1547
        <MaxVarianceLimit>4</MaxVarianceLimit>
1548
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1549
        <EnforceEncoding>0</EnforceEncoding>
1550
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1551
        <AttackPoints>Directory|File|Parameter</AttackPoints>
1552
        <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1553
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1554
        <DisplayName>File Inclusion</DisplayName>
1555
      </AttackModulePolicy>
1556
      <AttackModulePolicy>
1557
        <Enabled>1</Enabled>
1558
        <ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
1559
        <ModulePriority>Low</ModulePriority>
1560
        <Severity>Informational</Severity>
1561
        <MaxVulnLimit>50</MaxVulnLimit>
1562
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1563
        <MaxVarianceLimit>2</MaxVarianceLimit>
1564
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1565
        <EnforceEncoding>0</EnforceEncoding>
1566
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1567
        <AttackPoints>Web Resource</AttackPoints>
1568
        <ParameterLocations></ParameterLocations>
1569
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1570
        <DisplayName>HTTP Verb Tampering</DisplayName>
1571
      </AttackModulePolicy>
1572
      <AttackModulePolicy>
1573
        <Enabled>1</Enabled>
1574
        <ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
1575
        <ModulePriority>Low</ModulePriority>
1576
        <Severity>Low</Severity>
1577
        <MaxVulnLimit>200</MaxVulnLimit>
1578
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1579
        <MaxVarianceLimit>10</MaxVarianceLimit>
1580
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1581
        <EnforceEncoding>0</EnforceEncoding>
1582
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1583
        <AttackPoints>Web Site|Directory|File</AttackPoints>
1584
        <ParameterLocations></ParameterLocations>
1585
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1586
        <DisplayName>Predictable Resource Location</DisplayName>
1587
      </AttackModulePolicy>
1588
      <AttackModulePolicy>
1589
        <Enabled>1</Enabled>
1590
        <ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
1591
        <ModulePriority>Medium</ModulePriority>
1592
        <Severity>Medium</Severity>
1593
        <MaxVulnLimit>250</MaxVulnLimit>
1594
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1595
        <MaxVarianceLimit>4</MaxVarianceLimit>
1596
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1597
        <EnforceEncoding>0</EnforceEncoding>
1598
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1599
        <AttackPoints>Parameter</AttackPoints>
1600
        <ParameterLocations>Query</ParameterLocations>
1601
        <RequestOriginations>HTML|Form</RequestOriginations>
1602
        <DisplayName>Reverse Clickjacking</DisplayName>
1603
      </AttackModulePolicy>
1604
      <AttackModulePolicy>
1605
        <Enabled>1</Enabled>
1606
        <ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
1607
        <ModulePriority>High</ModulePriority>
1608
        <Severity>Low</Severity>
1609
        <MaxVulnLimit>25</MaxVulnLimit>
1610
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1611
        <MaxVarianceLimit>1</MaxVarianceLimit>
1612
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1613
        <EnforceEncoding>0</EnforceEncoding>
1614
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1615
        <AttackPoints>Web Site</AttackPoints>
1616
        <ParameterLocations></ParameterLocations>
1617
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1618
        <DisplayName>Reverse Proxy</DisplayName>
1619
      </AttackModulePolicy>
1620
      <AttackModulePolicy>
1621
        <Enabled>1</Enabled>
1622
        <ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
1623
        <ModulePriority>Low</ModulePriority>
1624
        <Severity>Low</Severity>
1625
        <MaxVulnLimit>200</MaxVulnLimit>
1626
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1627
        <MaxVarianceLimit>4</MaxVarianceLimit>
1628
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1629
        <EnforceEncoding>0</EnforceEncoding>
1630
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1631
        <AttackPoints>Response Analysis</AttackPoints>
1632
        <ParameterLocations></ParameterLocations>
1633
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1634
        <DisplayName>Information Disclosure in scripts</DisplayName>
1635
      </AttackModulePolicy>
1636
      <AttackModulePolicy>
1637
        <Enabled>1</Enabled>
1638
        <ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
1639
        <ModulePriority>Low</ModulePriority>
1640
        <Severity>Informational</Severity>
1641
        <MaxVulnLimit>250</MaxVulnLimit>
1642
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1643
        <MaxVarianceLimit>3</MaxVarianceLimit>
1644
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1645
        <EnforceEncoding>0</EnforceEncoding>
1646
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1647
        <AttackPoints>Response Analysis</AttackPoints>
1648
        <ParameterLocations></ParameterLocations>
1649
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1650
        <DisplayName>Secure and non-secure content mix</DisplayName>
1651
      </AttackModulePolicy>
1652
      <AttackModulePolicy>
1653
        <Enabled>1</Enabled>
1654
        <ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
1655
        <ModulePriority>Low</ModulePriority>
1656
        <Severity>Low</Severity>
1657
        <MaxVulnLimit>100</MaxVulnLimit>
1658
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1659
        <MaxVarianceLimit>4</MaxVarianceLimit>
1660
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1661
        <EnforceEncoding>0</EnforceEncoding>
1662
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1663
        <AttackPoints>Response Analysis</AttackPoints>
1664
        <ParameterLocations></ParameterLocations>
1665
        <RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
1666
        <DisplayName>Sensitive data over an insecure channel</DisplayName>
1667
      </AttackModulePolicy>
1668
      <AttackModulePolicy>
1669
        <Enabled>1</Enabled>
1670
        <ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
1671
        <ModulePriority>High</ModulePriority>
1672
        <Severity>Informational</Severity>
1673
        <MaxVulnLimit>10</MaxVulnLimit>
1674
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1675
        <MaxVarianceLimit>1</MaxVarianceLimit>
1676
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1677
        <EnforceEncoding>0</EnforceEncoding>
1678
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1679
        <AttackPoints>Web Site|Response Analysis</AttackPoints>
1680
        <ParameterLocations></ParameterLocations>
1681
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1682
        <DisplayName>Server Configuration</DisplayName>
1683
      </AttackModulePolicy>
1684
      <AttackModulePolicy>
1685
        <Enabled>1</Enabled>
1686
        <ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
1687
        <ModulePriority>Medium</ModulePriority>
1688
        <Severity>Medium</Severity>
1689
        <MaxVulnLimit>150</MaxVulnLimit>
1690
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1691
        <MaxVarianceLimit>4</MaxVarianceLimit>
1692
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1693
        <EnforceEncoding>0</EnforceEncoding>
1694
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1695
        <AttackPoints>Parameter</AttackPoints>
1696
        <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1697
        <RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1698
        <DisplayName>Server Side Include (SSI) Injection</DisplayName>
1699
      </AttackModulePolicy>
1700
      <AttackModulePolicy>
1701
        <Enabled>1</Enabled>
1702
        <ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>
1703
        <ModulePriority>High</ModulePriority>
1704
        <Severity>High</Severity>
1705
        <MaxVulnLimit>200</MaxVulnLimit>
1706
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1707
        <MaxVarianceLimit>4</MaxVarianceLimit>
1708
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1709
        <EnforceEncoding>0</EnforceEncoding>
1710
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1711
        <AttackPoints>Parameter</AttackPoints>
1712
        <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1713
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1714
        <DisplayName>Server Side Template Injection</DisplayName>
1715
      </AttackModulePolicy>
1716
      <AttackModulePolicy>
1717
        <Enabled>1</Enabled>
1718
        <ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
1719
        <ModulePriority>High</ModulePriority>
1720
        <Severity>Medium</Severity>
1721
        <MaxVulnLimit>25</MaxVulnLimit>
1722
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1723
        <MaxVarianceLimit>2</MaxVarianceLimit>
1724
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1725
        <EnforceEncoding>0</EnforceEncoding>
1726
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1727
        <AttackPoints>Web Resource</AttackPoints>
1728
        <ParameterLocations></ParameterLocations>
1729
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1730
        <DisplayName>Session Fixation</DisplayName>
1731
      </AttackModulePolicy>
1732
      <AttackModulePolicy>
1733
        <Enabled>1</Enabled>
1734
        <ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>
1735
        <ModulePriority>Low</ModulePriority>
1736
        <Severity>Low</Severity>
1737
        <MaxVulnLimit>10</MaxVulnLimit>
1738
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1739
        <MaxVarianceLimit>1</MaxVarianceLimit>
1740
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1741
        <EnforceEncoding>0</EnforceEncoding>
1742
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1743
        <AttackPoints>Parameter</AttackPoints>
1744
        <ParameterLocations>Directory|Path|Query</ParameterLocations>
1745
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1746
        <DisplayName>HTTP Query Session Check</DisplayName>
1747
      </AttackModulePolicy>
1748
      <AttackModulePolicy>
1749
        <Enabled>1</Enabled>
1750
        <ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
1751
        <ModulePriority>Medium</ModulePriority>
1752
        <Severity>Low</Severity>
1753
        <MaxVulnLimit>10</MaxVulnLimit>
1754
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1755
        <MaxVarianceLimit>4</MaxVarianceLimit>
1756
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1757
        <EnforceEncoding>0</EnforceEncoding>
1758
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1759
        <AttackPoints>Web Resource</AttackPoints>
1760
        <ParameterLocations></ParameterLocations>
1761
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1762
        <DisplayName>Session Strength</DisplayName>
1763
      </AttackModulePolicy>
1764
      <AttackModulePolicy>
1765
        <Enabled>1</Enabled>
1766
        <ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>
1767
        <ModulePriority>Medium</ModulePriority>
1768
        <Severity>Low</Severity>
1769
        <MaxVulnLimit>50</MaxVulnLimit>
1770
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1771
        <MaxVarianceLimit>4</MaxVarianceLimit>
1772
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1773
        <EnforceEncoding>0</EnforceEncoding>
1774
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1775
        <AttackPoints>Response Analysis</AttackPoints>
1776
        <ParameterLocations></ParameterLocations>
1777
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1778
        <DisplayName>Session Upgrade</DisplayName>
1779
      </AttackModulePolicy>
1780
      <AttackModulePolicy>
1781
        <Enabled>1</Enabled>
1782
        <ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
1783
        <ModulePriority>Low</ModulePriority>
1784
        <Severity>Medium</Severity>
1785
        <MaxVulnLimit>100</MaxVulnLimit>
1786
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1787
        <MaxVarianceLimit>4</MaxVarianceLimit>
1788
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1789
        <EnforceEncoding>0</EnforceEncoding>
1790
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1791
        <AttackPoints>File</AttackPoints>
1792
        <ParameterLocations></ParameterLocations>
1793
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1794
        <DisplayName>Source Code Disclosure</DisplayName>
1795
      </AttackModulePolicy>
1796
      <AttackModulePolicy>
1797
        <Enabled>1</Enabled>
1798
        <ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
1799
        <ModulePriority>High</ModulePriority>
1800
        <Severity>Low</Severity>
1801
        <MaxVulnLimit>250</MaxVulnLimit>
1802
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1803
        <MaxVarianceLimit>4</MaxVarianceLimit>
1804
        <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1805
        <EnforceEncoding>0</EnforceEncoding>
1806
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1807
        <AttackPoints>Response Analysis</AttackPoints>
1808
        <ParameterLocations></ParameterLocations>
1809
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1810
        <DisplayName>SQL Information Leakage</DisplayName>
1811
      </AttackModulePolicy>
1812
      <AttackModulePolicy>
1813
        <Enabled>1</Enabled>
1814
        <ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
1815
        <ModulePriority>High</ModulePriority>
1816
        <Severity>High</Severity>
1817
        <MaxVulnLimit>500</MaxVulnLimit>
1818
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1819
        <MaxVarianceLimit>4</MaxVarianceLimit>
1820
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1821
        <EnforceEncoding>0</EnforceEncoding>
1822
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1823
        <AttackPoints>Parameter</AttackPoints>
1824
        <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1825
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1826
        <DisplayName>SQL Injection</DisplayName>
1827
      </AttackModulePolicy>
1828
      <AttackModulePolicy>
1829
        <Enabled>1</Enabled>
1830
        <ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
1831
        <ModulePriority>High</ModulePriority>
1832
        <Severity>High</Severity>
1833
        <MaxVulnLimit>25</MaxVulnLimit>
1834
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1835
        <MaxVarianceLimit>4</MaxVarianceLimit>
1836
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1837
        <EnforceEncoding>0</EnforceEncoding>
1838
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1839
        <AttackPoints>Parameter</AttackPoints>
1840
        <ParameterLocations>Path|Query|Post</ParameterLocations>
1841
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1842
        <DisplayName>SQL Injection Auth Bypass</DisplayName>
1843
      </AttackModulePolicy>
1844
      <AttackModulePolicy>
1845
        <Enabled>1</Enabled>
1846
        <ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
1847
        <ModulePriority>Medium</ModulePriority>
1848
        <Severity>Medium</Severity>
1849
        <MaxVulnLimit>100</MaxVulnLimit>
1850
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1851
        <MaxVarianceLimit>4</MaxVarianceLimit>
1852
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1853
        <EnforceEncoding>0</EnforceEncoding>
1854
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1855
        <AttackPoints>Response Analysis</AttackPoints>
1856
        <ParameterLocations></ParameterLocations>
1857
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1858
        <DisplayName>SQL Parameter Check</DisplayName>
1859
      </AttackModulePolicy>
1860
      <AttackModulePolicy>
1861
        <Enabled>1</Enabled>
1862
        <ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
1863
        <ModulePriority>Medium</ModulePriority>
1864
        <Severity>Informational</Severity>
1865
        <MaxVulnLimit>25</MaxVulnLimit>
1866
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1867
        <MaxVarianceLimit>1</MaxVarianceLimit>
1868
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1869
        <EnforceEncoding>0</EnforceEncoding>
1870
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1871
        <AttackPoints>Web Site</AttackPoints>
1872
        <ParameterLocations></ParameterLocations>
1873
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1874
        <DisplayName>SSL Strength</DisplayName>
1875
      </AttackModulePolicy>
1876
      <AttackModulePolicy>
1877
        <Enabled>1</Enabled>
1878
        <ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
1879
        <ModulePriority>Medium</ModulePriority>
1880
        <Severity>Informational</Severity>
1881
        <MaxVulnLimit>50</MaxVulnLimit>
1882
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1883
        <MaxVarianceLimit>20</MaxVarianceLimit>
1884
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1885
        <EnforceEncoding>0</EnforceEncoding>
1886
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1887
        <AttackPoints>Web Site</AttackPoints>
1888
        <ParameterLocations></ParameterLocations>
1889
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1890
        <DisplayName>Subdomain discovery</DisplayName>
1891
      </AttackModulePolicy>
1892
      <AttackModulePolicy>
1893
        <Enabled>1</Enabled>
1894
        <ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
1895
        <ModulePriority>High</ModulePriority>
1896
        <Severity>Medium</Severity>
1897
        <MaxVulnLimit>40</MaxVulnLimit>
1898
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1899
        <MaxVarianceLimit>4</MaxVarianceLimit>
1900
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1901
        <EnforceEncoding>0</EnforceEncoding>
1902
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1903
        <AttackPoints>Parameter</AttackPoints>
1904
        <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1905
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1906
        <DisplayName>Unvalidated Redirect</DisplayName>
1907
      </AttackModulePolicy>
1908
      <AttackModulePolicy>
1909
        <Enabled>1</Enabled>
1910
        <ModuleId>B69E83831D26496BB2CC0C0D70181EC3</ModuleId>
1911
        <ModulePriority>High</ModulePriority>
1912
        <Severity>Low</Severity>
1913
        <MaxVulnLimit>40</MaxVulnLimit>
1914
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1915
        <MaxVarianceLimit>4</MaxVarianceLimit>
1916
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1917
        <EnforceEncoding>0</EnforceEncoding>
1918
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1919
        <AttackPoints>Response Analysis</AttackPoints>
1920
        <ParameterLocations></ParameterLocations>
1921
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1922
        <DisplayName>URL rewriting</DisplayName>
1923
      </AttackModulePolicy>
1924
      <AttackModulePolicy>
1925
        <Enabled>1</Enabled>
1926
        <ModuleId>4DE84100F31849A7B845FE5F62D2FD7A</ModuleId>
1927
        <ModulePriority>Medium</ModulePriority>
1928
        <Severity>Medium</Severity>
1929
        <MaxVulnLimit>25</MaxVulnLimit>
1930
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1931
        <MaxVarianceLimit>2</MaxVarianceLimit>
1932
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1933
        <EnforceEncoding>0</EnforceEncoding>
1934
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1935
        <AttackPoints>Response Analysis</AttackPoints>
1936
        <ParameterLocations></ParameterLocations>
1937
        <RequestOriginations>HTML|Form</RequestOriginations>
1938
        <DisplayName>ASP.NET ViewState security</DisplayName>
1939
      </AttackModulePolicy>
1940
      <AttackModulePolicy>
1941
        <Enabled>1</Enabled>
1942
        <ModuleId>0BE4C251F44C4CF1924104ADFD86289C</ModuleId>
1943
        <ModulePriority>Low</ModulePriority>
1944
        <Severity>Informational</Severity>
1945
        <MaxVulnLimit>100</MaxVulnLimit>
1946
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1947
        <MaxVarianceLimit>4</MaxVarianceLimit>
1948
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1949
        <EnforceEncoding>0</EnforceEncoding>
1950
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1951
        <AttackPoints>Web Resource</AttackPoints>
1952
        <ParameterLocations></ParameterLocations>
1953
        <RequestOriginations>HTML|Form|Flash|Silverlight</RequestOriginations>
1954
        <DisplayName>Web Beacon</DisplayName>
1955
      </AttackModulePolicy>
1956
      <AttackModulePolicy>
1957
        <Enabled>1</Enabled>
1958
        <ModuleId>667629EC1FDC4C6D98B5F4031717BB9B</ModuleId>
1959
        <ModulePriority>Medium</ModulePriority>
1960
        <Severity>Low</Severity>
1961
        <MaxVulnLimit>250</MaxVulnLimit>
1962
        <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1963
        <MaxVarianceLimit>4</MaxVarianceLimit>
1964
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1965
        <EnforceEncoding>0</EnforceEncoding>
1966
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1967
        <AttackPoints>Directory</AttackPoints>
1968
        <ParameterLocations></ParameterLocations>
1969
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1970
        <DisplayName>Web DAV Flaws Check</DisplayName>
1971
      </AttackModulePolicy>
1972
      <AttackModulePolicy>
1973
        <Enabled>1</Enabled>
1974
        <ModuleId>74FB936F2BBA499F8D0AF3B7A29B4F9E</ModuleId>
1975
        <ModulePriority>High</ModulePriority>
1976
        <Severity>Low</Severity>
1977
        <MaxVulnLimit>30</MaxVulnLimit>
1978
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1979
        <MaxVarianceLimit>4</MaxVarianceLimit>
1980
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1981
        <EnforceEncoding>0</EnforceEncoding>
1982
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1983
        <AttackPoints>Web Site</AttackPoints>
1984
        <ParameterLocations></ParameterLocations>
1985
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1986
        <DisplayName>Cross-site tracing (XST)</DisplayName>
1987
      </AttackModulePolicy>
1988
      <AttackModulePolicy>
1989
        <Enabled>1</Enabled>
1990
        <ModuleId>377030BFE58A4F01A112295D32A0744C</ModuleId>
1991
        <ModulePriority>High</ModulePriority>
1992
        <Severity>Medium</Severity>
1993
        <MaxVulnLimit>250</MaxVulnLimit>
1994
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1995
        <MaxVarianceLimit>4</MaxVarianceLimit>
1996
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1997
        <EnforceEncoding>0</EnforceEncoding>
1998
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
1999
        <AttackPoints>Parameter</AttackPoints>
2000
        <ParameterLocations>Post</ParameterLocations>
2001
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2002
        <DisplayName>Web Service Parameter Fuzzing</DisplayName>
2003
      </AttackModulePolicy>
2004
      <AttackModulePolicy>
2005
        <Enabled>1</Enabled>
2006
        <ModuleId>8399FA8EDF5C41BC9D3CF85DC23DC26B</ModuleId>
2007
        <ModulePriority>Low</ModulePriority>
2008
        <Severity>Informational</Severity>
2009
        <MaxVulnLimit>20</MaxVulnLimit>
2010
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2011
        <MaxVarianceLimit>2</MaxVarianceLimit>
2012
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2013
        <EnforceEncoding>0</EnforceEncoding>
2014
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2015
        <AttackPoints>Response Analysis</AttackPoints>
2016
        <ParameterLocations></ParameterLocations>
2017
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2018
        <DisplayName>X-Content-Type-Options</DisplayName>
2019
      </AttackModulePolicy>
2020
      <AttackModulePolicy>
2021
        <Enabled>1</Enabled>
2022
        <ModuleId>3E2E60F7D0E04D8596918C2D1F639064</ModuleId>
2023
        <ModulePriority>Low</ModulePriority>
2024
        <Severity>Informational</Severity>
2025
        <MaxVulnLimit>50</MaxVulnLimit>
2026
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2027
        <MaxVarianceLimit>2</MaxVarianceLimit>
2028
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2029
        <EnforceEncoding>0</EnforceEncoding>
2030
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2031
        <AttackPoints>Response Analysis</AttackPoints>
2032
        <ParameterLocations></ParameterLocations>
2033
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2034
        <DisplayName>X-Frame-Options</DisplayName>
2035
      </AttackModulePolicy>
2036
      <AttackModulePolicy>
2037
        <Enabled>1</Enabled>
2038
        <ModuleId>615D72F401BC447AB4A2139654BC9945</ModuleId>
2039
        <ModulePriority>Low</ModulePriority>
2040
        <Severity>Informational</Severity>
2041
        <MaxVulnLimit>25</MaxVulnLimit>
2042
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2043
        <MaxVarianceLimit>2</MaxVarianceLimit>
2044
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2045
        <EnforceEncoding>0</EnforceEncoding>
2046
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2047
        <AttackPoints>Response Analysis</AttackPoints>
2048
        <ParameterLocations></ParameterLocations>
2049
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2050
        <DisplayName>X-XSS-Protection</DisplayName>
2051
      </AttackModulePolicy>
2052
      <AttackModulePolicy>
2053
        <Enabled>1</Enabled>
2054
        <ModuleId>ABFA075919804435A25A22A8CAC191DF</ModuleId>
2055
        <ModulePriority>High</ModulePriority>
2056
        <Severity>Medium</Severity>
2057
        <MaxVulnLimit>100</MaxVulnLimit>
2058
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2059
        <MaxVarianceLimit>4</MaxVarianceLimit>
2060
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2061
        <EnforceEncoding>0</EnforceEncoding>
2062
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2063
        <AttackPoints>Parameter</AttackPoints>
2064
        <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2065
        <RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2066
        <DisplayName>XML External Entity Attack</DisplayName>
2067
      </AttackModulePolicy>
2068
      <AttackModulePolicy>
2069
        <Enabled>1</Enabled>
2070
        <ModuleId>BBE9F36A88A944ECB837D5193D356E4C</ModuleId>
2071
        <ModulePriority>Medium</ModulePriority>
2072
        <Severity>High</Severity>
2073
        <MaxVulnLimit>100</MaxVulnLimit>
2074
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2075
        <MaxVarianceLimit>4</MaxVarianceLimit>
2076
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2077
        <EnforceEncoding>0</EnforceEncoding>
2078
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2079
        <AttackPoints>Parameter</AttackPoints>
2080
        <ParameterLocations>Path|Query|Post</ParameterLocations>
2081
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2082
        <DisplayName>XPath Injection</DisplayName>
2083
      </AttackModulePolicy>
2084
      <AttackModulePolicy>
2085
        <Enabled>1</Enabled>
2086
        <ModuleId>6CEF426D33514825B50741616DB2120B</ModuleId>
2087
        <ModulePriority>Low</ModulePriority>
2088
        <Severity>Informational</Severity>
2089
        <MaxVulnLimit>25</MaxVulnLimit>
2090
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2091
        <MaxVarianceLimit>2</MaxVarianceLimit>
2092
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2093
        <EnforceEncoding>0</EnforceEncoding>
2094
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2095
        <AttackPoints>Response Analysis</AttackPoints>
2096
        <ParameterLocations></ParameterLocations>
2097
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2098
        <DisplayName>X-Powered-By</DisplayName>
2099
      </AttackModulePolicy>
2100
      <AttackModulePolicy>
2101
        <Enabled>1</Enabled>
2102
        <ModuleId>46A8FE469F6C44BFB9946C021A2BCDC8</ModuleId>
2103
        <ModulePriority>High</ModulePriority>
2104
        <Severity>Medium</Severity>
2105
        <MaxVulnLimit>250</MaxVulnLimit>
2106
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2107
        <MaxVarianceLimit>4</MaxVarianceLimit>
2108
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2109
        <EnforceEncoding>0</EnforceEncoding>
2110
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2111
        <AttackPoints>Response Analysis</AttackPoints>
2112
        <ParameterLocations></ParameterLocations>
2113
        <RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2114
        <DisplayName>Cross-site scripting (XSS), (DOM based)</DisplayName>
2115
      </AttackModulePolicy>
2116
      <AttackModulePolicy>
2117
        <Enabled>1</Enabled>
2118
        <ModuleId>BD57F92E956A493DA39ADDF215B29D96</ModuleId>
2119
        <ModulePriority>High</ModulePriority>
2120
        <Severity>Medium</Severity>
2121
        <MaxVulnLimit>100</MaxVulnLimit>
2122
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2123
        <MaxVarianceLimit>4</MaxVarianceLimit>
2124
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2125
        <EnforceEncoding>0</EnforceEncoding>
2126
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2127
        <AttackPoints>Web Resource</AttackPoints>
2128
        <ParameterLocations></ParameterLocations>
2129
        <RequestOriginations>AJAX</RequestOriginations>
2130
        <DisplayName>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</DisplayName>
2131
      </AttackModulePolicy>
2132
      <AttackModulePolicy>
2133
        <Enabled>1</Enabled>
2134
        <ModuleId>62AA6A08FA764E209551B4A4C479F08D</ModuleId>
2135
        <ModulePriority>High</ModulePriority>
2136
        <Severity>High</Severity>
2137
        <MaxVulnLimit>100</MaxVulnLimit>
2138
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2139
        <MaxVarianceLimit>4</MaxVarianceLimit>
2140
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2141
        <EnforceEncoding>0</EnforceEncoding>
2142
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2143
        <AttackPoints>Response Analysis</AttackPoints>
2144
        <ParameterLocations></ParameterLocations>
2145
        <RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2146
        <DisplayName>Persistent Cross-site scripting (XSS) (passive)</DisplayName>
2147
      </AttackModulePolicy>
2148
      <AttackModulePolicy>
2149
        <Enabled>1</Enabled>
2150
        <ModuleId>050ABD8CF99F4EE4AA18C12F06FA3051</ModuleId>
2151
        <ModulePriority>High</ModulePriority>
2152
        <Severity>High</Severity>
2153
        <MaxVulnLimit>250</MaxVulnLimit>
2154
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2155
        <MaxVarianceLimit>5</MaxVarianceLimit>
2156
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2157
        <EnforceEncoding>0</EnforceEncoding>
2158
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2159
        <AttackPoints>Parameter</AttackPoints>
2160
        <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2161
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2162
        <DisplayName>Persistent Cross-site scripting (XSS), (active)</DisplayName>
2163
      </AttackModulePolicy>
2164
      <AttackModulePolicy>
2165
        <Enabled>1</Enabled>
2166
        <ModuleId>ABEB2E590AA24A39BB6FE7DBD6338277</ModuleId>
2167
        <ModulePriority>High</ModulePriority>
2168
        <Severity>Medium</Severity>
2169
        <MaxVulnLimit>400</MaxVulnLimit>
2170
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2171
        <MaxVarianceLimit>5</MaxVarianceLimit>
2172
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2173
        <EnforceEncoding>0</EnforceEncoding>
2174
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2175
        <AttackPoints>Parameter</AttackPoints>
2176
        <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2177
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2178
        <DisplayName>Reflected Cross-site scripting (XSS)</DisplayName>
2179
      </AttackModulePolicy>
2180
      <AttackModulePolicy>
2181
        <Enabled>1</Enabled>
2182
        <ModuleId>FFBF4640C8A4475E93E099018951B409</ModuleId>
2183
        <ModulePriority>Medium</ModulePriority>
2184
        <Severity>Medium</Severity>
2185
        <MaxVulnLimit>250</MaxVulnLimit>
2186
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2187
        <MaxVarianceLimit>4</MaxVarianceLimit>
2188
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2189
        <EnforceEncoding>0</EnforceEncoding>
2190
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2191
        <AttackPoints>Parameter</AttackPoints>
2192
        <ParameterLocations>File|Query|Post</ParameterLocations>
2193
        <RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2194
        <DisplayName>Reflected Cross-site scripting (XSS), (simple)</DisplayName>
2195
      </AttackModulePolicy>
2196
      <AttackModulePolicy>
2197
        <Enabled>1</Enabled>
2198
        <ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>
2199
        <ModulePriority>Low</ModulePriority>
2200
        <Severity>Low</Severity>
2201
        <MaxVulnLimit>100</MaxVulnLimit>
2202
        <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2203
        <MaxVarianceLimit>4</MaxVarianceLimit>
2204
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2205
        <EnforceEncoding>0</EnforceEncoding>
2206
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2207
        <AttackPoints>Response Analysis</AttackPoints>
2208
        <ParameterLocations></ParameterLocations>
2209
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight</RequestOriginations>
2210
        <DisplayName>Subresource Integrity</DisplayName>
2211
      </AttackModulePolicy>
2212
      <AttackModulePolicy>
2213
        <Enabled>0</Enabled>
2214
        <ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>
2215
        <ModulePriority>High</ModulePriority>
2216
        <Severity>High</Severity>
2217
        <MaxVulnLimit>500</MaxVulnLimit>
2218
        <MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
2219
        <MaxVarianceLimit>4</MaxVarianceLimit>
2220
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2221
        <EnforceEncoding>0</EnforceEncoding>
2222
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2223
        <AttackPoints>Parameter</AttackPoints>
2224
        <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
2225
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2226
        <DisplayName>NoSQLi Injection</DisplayName>
2227
      </AttackModulePolicy>
2228
      <AttackModulePolicy>
2229
        <Enabled>0</Enabled>
2230
        <ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>
2231
        <ModulePriority>High</ModulePriority>
2232
        <Severity>High</Severity>
2233
        <MaxVulnLimit>250</MaxVulnLimit>
2234
        <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
2235
        <MaxVarianceLimit>4</MaxVarianceLimit>
2236
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2237
        <EnforceEncoding>0</EnforceEncoding>
2238
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2239
        <AttackPoints>Parameter</AttackPoints>
2240
        <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
2241
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2242
        <DisplayName>Blind NoSQLi</DisplayName>
2243
      </AttackModulePolicy>
2244
      <AttackModulePolicy>
2245
        <Enabled>0</Enabled>
2246
        <ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>
2247
        <ModulePriority>High</ModulePriority>
2248
        <Severity>High</Severity>
2249
        <MaxVulnLimit>250</MaxVulnLimit>
2250
        <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2251
        <MaxVarianceLimit>4</MaxVarianceLimit>
2252
        <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2253
        <EnforceEncoding>0</EnforceEncoding>
2254
        <ApplyPolicySeverity>0</ApplyPolicySeverity>
2255
        <AttackPoints>Directory|File|Parameter</AttackPoints>
2256
        <ParameterLocations>Query|Post|Cookie</ParameterLocations>
2257
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2258
        <DisplayName>Server Side Request Forgery</DisplayName>
2259
      </AttackModulePolicy>
2260
    </AttackModulePolicyList>
2261
  </AttackPolicyConfig>
2262
  <ScanConfig>
2263
    <Enabled>0</Enabled>
2264
    <NotExistingFilePath>/aaaaaaaa.aaa</NotExistingFilePath>
2265
    <NotExistingDirPath>/aaaaaaaa/</NotExistingDirPath>
2266
    <AppendToOriginalValue>1</AppendToOriginalValue>
2267
    <ReplaceOriginalValue>0</ReplaceOriginalValue>
2268
  </ScanConfig>
2269
  <AuthConfig>
2270
    <Type>Selenium</Type>
2271
    <HttpAuth>0</HttpAuth>
2272
    <OAuth>0</OAuth>
2273
    <ReloginAfterSessionLoss>1</ReloginAfterSessionLoss>
2274
    <LogoutDetection>1</LogoutDetection>
2275
    <UserAssistance>0</UserAssistance>
2276
    <AssumeSuccessfulLogin>0</AssumeSuccessfulLogin>
2277
    <VerifyNotLoggedin>1</VerifyNotLoggedin>
2278
    <PostponeLoginAction>1</PostponeLoginAction>
2279
    <CreateNonAuthenticatedSession>0</CreateNonAuthenticatedSession>
2280
    <TreatFailedReloginAsError>1</TreatFailedReloginAsError>
2281
    <RestartProxyBeforeRelogin>0</RestartProxyBeforeRelogin>
2282
    <TemplateLoginMacro>0</TemplateLoginMacro>
2283
    <BlacklistSinglePasswordForms>0</BlacklistSinglePasswordForms>
2284
    <BlacklistMultiPasswordForms>1</BlacklistMultiPasswordForms>
2285
    <ResetCookies>1</ResetCookies>
2286
    <AccountType>Restricted</AccountType>
2287
    <UsernameForm></UsernameForm>
2288
    <PasswordForm></PasswordForm>
2289
    <UsernameHttp></UsernameHttp>
2290
    <PasswordHttp></PasswordHttp>
2291
    <AutoLogonSecurity>Medium</AutoLogonSecurity>
2292
    <LoginLinkRegex>((log|sign)[ -]?(in|on))|auth</LoginLinkRegex>
2293
    <LoggedInRegex>(sign|log)[ -]?(out|off)</LoggedInRegex>
2294
    <LoggedInHeaderRegex></LoggedInHeaderRegex>
2295
    <SessionLossRegex>please (re)?login|have been logged out|session has expired</SessionLossRegex>
2296
    <SessionLossHeaderRegex>Location: [^\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\b</SessionLossHeaderRegex>
2297
    <LogoutLinkRegex>(sign|log|time)[ -]?(in|on|out|off)|password</LogoutLinkRegex>
2298
    <LogoutPostBodyRegex>(sign|log|time)[ -]?(in|on|out|off)</LogoutPostBodyRegex>
2299
    <CanaryPage></CanaryPage>
2300
    <SessionLossOnCanaryPageRegex></SessionLossOnCanaryPageRegex>
2301
    <FormSubmissionScript></FormSubmissionScript>
2302
    <SessionCookieRegex>\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\b</SessionCookieRegex>
2303
    <SessionCookieLifespan>32</SessionCookieLifespan>
2304
    <URLSessionTokenRegex></URLSessionTokenRegex>
2305
    <PostSessionTokenRegex></PostSessionTokenRegex>
2306
    <ResponseBodyTokenRegex></ResponseBodyTokenRegex>
2307
    <SecondResponseBodyTokenRegex></SecondResponseBodyTokenRegex>
2308
    <HTTPHeaderWithTokenReplacement></HTTPHeaderWithTokenReplacement>
2309
    <SecondHTTPHeaderWithTokenReplacement></SecondHTTPHeaderWithTokenReplacement>
2310
    <LogoutDetectionFrequency>60</LogoutDetectionFrequency>
2311
    <DiscoveryMaxLinks>100</DiscoveryMaxLinks>
2312
    <LoginMaxLinks>50</LoginMaxLinks>
2313
    <DiscoveryDepth>10</DiscoveryDepth>
2314
    <LoginDepth>10</LoginDepth>
2315
    <MaxMacroReloginAttempts>3</MaxMacroReloginAttempts>
2316
    <DiscoveryPrioritization>Login Form Discovery</DiscoveryPrioritization>
2317
    <LoginPrioritization>Login</LoginPrioritization>
2318
    <BootstrapDelay>60000</BootstrapDelay>
2319
    <SeedLink></SeedLink>
2320
    <DiscoverLoginForm>1</DiscoverLoginForm>
2321
    <UseBrowserFormLogin>1</UseBrowserFormLogin>
2322
    <PingFrequency>600</PingFrequency>
2323
    <PingURL></PingURL>
2324
    <HmacConfig>
2325
      <HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2326
      <HMACUsername></HMACUsername>
2327
      <HMACApiKey></HMACApiKey>
2328
      <HMACHashAlgorithm>32780</HMACHashAlgorithm>
2329
    </HmacConfig>
2330
    <HawkConfig>
2331
      <HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2332
      <HMACUsername></HMACUsername>
2333
      <HMACApiKey></HMACApiKey>
2334
      <HMACHashAlgorithm>32780</HMACHashAlgorithm>
2335
      <HAWKAuthKeyId></HAWKAuthKeyId>
2336
      <HAWKAuthKey></HAWKAuthKey>
2337
      <HAWKExtAppData></HAWKExtAppData>
2338
    </HawkConfig>
2339
    <OauthConfig>
2340
      <ResourceOwnerURL></ResourceOwnerURL>
2341
      <ResourceServerURL></ResourceServerURL>
2342
      <AuthorizationServerURL>/authorize</AuthorizationServerURL>
2343
      <ClientId></ClientId>
2344
      <ClientScope></ClientScope>
2345
      <ClientState></ClientState>
2346
      <ClientSecret></ClientSecret>
2347
      <RedirectURI></RedirectURI>
2348
      <Username></Username>
2349
      <Password></Password>
2350
      <UsernameForm></UsernameForm>
2351
      <PasswordForm></PasswordForm>
2352
      <ExtensionGrant></ExtensionGrant>
2353
      <AuthorizationGrantType>Null</AuthorizationGrantType>
2354
      <NeverDoBasicAuth>0</NeverDoBasicAuth>
2355
      <JsonPostBodies>0</JsonPostBodies>
2356
      <AzureResponseMode>NullAzureResponseMode</AzureResponseMode>
2357
      <AzureResourceUrl></AzureResourceUrl>
2358
      <AzurePrompt>NullAzurePrompt</AzurePrompt>
2359
      <AzureLoginHint></AzureLoginHint>
2360
      <AzureDomainHint></AzureDomainHint>
2361
    </OauthConfig>
2362
    <ADALConfig>
2363
      <ResourceId>https://graph.windows.net</ResourceId>
2364
      <Tenant></Tenant>
2365
      <ClientId></ClientId>
2366
      <AuthorityURL></AuthorityURL>
2367
      <Username></Username>
2368
      <Password></Password>
2369
      <TokenRefreshPeriod>0:10:01</TokenRefreshPeriod>
2370
    </ADALConfig>
2371
    <MacroFile>
2372
      <MacroFileName><![CDATA[]]></MacroFileName>
2373
      <JavaScriptEngine>Default</JavaScriptEngine>
2374
      <ShowInBrowser>0</ShowInBrowser>
2375
      <ReplaySpeed>1</ReplaySpeed>
2376
      <ASAPMode>1</ASAPMode>
2377
      <ASAPModeMinDelay>3000</ASAPModeMinDelay>
2378
      <ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro>
2379
      <AttackAsSequence>0</AttackAsSequence>
2380
      <SequenceConfig>
2381
        <ResetSession>1</ResetSession>
2382
        <AutoSequenceConfig>1</AutoSequenceConfig>
2383
        <ManualSequenceConfig>
2384
        </ManualSequenceConfig>
2385
      </SequenceConfig>
2386
      <WebDriverConfig>
2387
        <ChromeDriverPort>1235</ChromeDriverPort>
2388
        <ChromeDebugPort>1234</ChromeDebugPort>
2389
      </WebDriverConfig>
2390
    </MacroFile>
2391
    <WebServiceAuthConfig>
2392
      <Enabled>0</Enabled>
2393
      <AuthWSDL></AuthWSDL>
2394
      <AuthWebMethod></AuthWebMethod>
2395
      <GetAuthTokenXPath></GetAuthTokenXPath>
2396
      <PutAuthTokenXPath></PutAuthTokenXPath>
2397
      <ExtractAuthToken>1</ExtractAuthToken>
2398
    </WebServiceAuthConfig>
2399
    <SeleniumFile>
2400
      <SeleniumFileName><![CDATA[C:\Users\tperry\Desktop\scripts\firefox.htm]]></SeleniumFileName>
2401
    </SeleniumFile>
2402
    <TrafficFile>
2403
      <TrafficFileName></TrafficFileName>
2404
      <TrafficFilePassword></TrafficFilePassword>
2405
      <AttackAsSequence>0</AttackAsSequence>
2406
      <BeginAttackRequest>0</BeginAttackRequest>
2407
      <EndAttackRequest>-1</EndAttackRequest>
2408
    </TrafficFile>
2409
    <BrowserFormLoginConfig>
2410
      <ShowInBrowser>0</ShowInBrowser>
2411
      <InitialNavigateEventDuration>10000</InitialNavigateEventDuration>
2412
      <FinalDelayEventDuration>20000</FinalDelayEventDuration>
2413
    </BrowserFormLoginConfig>
2414
  </AuthConfig>
2415
  <ProxyConfig>
2416
    <Type>Internet Explorer Settings</Type>
2417
    <HttpHost></HttpHost>
2418
    <HttpPort>0</HttpPort>
2419
    <HttpsHost></HttpsHost>
2420
    <HttpsPort>0</HttpsPort>
2421
    <PACFile></PACFile>
2422
    <Username></Username>
2423
    <Password></Password>
2424
  </ProxyConfig>
2425
  <RemediationConfig>
2426
    <DollarsPerHourAppDev>250</DollarsPerHourAppDev>
2427
    <DollarsPerHourServerAdmin>250</DollarsPerHourServerAdmin>
2428
    <DollarsPerHourDatabaseAdmin>250</DollarsPerHourDatabaseAdmin>
2429
    <SetupHoursAppDev>8</SetupHoursAppDev>
2430
    <SetupHoursServerAdmin>2</SetupHoursServerAdmin>
2431
    <SetupHoursDatabaseAdmin>8</SetupHoursDatabaseAdmin>
2432
    <MinHoursPerIssueAppDev>0.75</MinHoursPerIssueAppDev>
2433
    <MaxHoursPerIssueAppDev>1.25</MaxHoursPerIssueAppDev>
2434
    <MinHoursPerIssueServerAdmin>0.25</MinHoursPerIssueServerAdmin>
2435
    <MaxHoursPerIssueServerAdmin>1</MaxHoursPerIssueServerAdmin>
2436
    <MinHoursPerIssueDatabaseAdmin>0.75</MinHoursPerIssueDatabaseAdmin>
2437
    <MaxHoursPerIssueDatabaseAdmin>1.25</MaxHoursPerIssueDatabaseAdmin>
2438
  </RemediationConfig>
2439
  <SSLCertConfig>
2440
    <Type>NoCert</Type>
2441
    <File></File>
2442
    <Password></Password>
2443
    <Index>-3</Index>
2444
    <Name></Name>
2445
    <SerialNumber></SerialNumber>
2446
    <IssuerNameBase64></IssuerNameBase64>
2447
    <Pin></Pin>
2448
    <RequestPinAtStartup>0</RequestPinAtStartup>
2449
    <SetPinInterval>180</SetPinInterval>
2450
  </SSLCertConfig>
2451
  <NetworkSettingsConfig>
2452
    <CloseConnection>0</CloseConnection>
2453
    <SendKeepAliveHeader>0</SendKeepAliveHeader>
2454
    <PreAuthenticateBasicAuth>0</PreAuthenticateBasicAuth>
2455
    <MaxRetries>2</MaxRetries>
2456
    <MaxResponseSize>7000000</MaxResponseSize>
2457
    <MaxJavasciptResponseSize>12000000</MaxJavasciptResponseSize>
2458
    <ResolveTimeout>60000</ResolveTimeout>
2459
    <ConnectTimeout>60000</ConnectTimeout>
2460
    <WriteTimeout>60000</WriteTimeout>
2461
    <ReadTimeout>60000</ReadTimeout>
2462
    <AssumeDisconnectedTimeout>18000000</AssumeDisconnectedTimeout>
2463
    <DripDelayMilliSeconds>25</DripDelayMilliSeconds>
2464
    <MaxConsecutiveFailures>500</MaxConsecutiveFailures>
2465
    <CustomNetworkLib>0</CustomNetworkLib>
2466
    <NetworkPreferredAuthScheme>npasDefault</NetworkPreferredAuthScheme>
2467
    <UseSecureProtocols>0</UseSecureProtocols>
2468
    <SecureProtocols>SSL3|TLS1</SecureProtocols>
2469
    <RASPScanDataSinkHost></RASPScanDataSinkHost>
2470
    <RASPScanKickoffRESTHost></RASPScanKickoffRESTHost>
2471
    <RASPScanKickoffRESTEndpoint>advise_rasp_of_scan</RASPScanKickoffRESTEndpoint>
2472
    <RASPTimeout>0:03:00</RASPTimeout>
2473
  </NetworkSettingsConfig>
2474
  <PerformanceConfig>
2475
    <MaxConcurrentRequests>16</MaxConcurrentRequests>
2476
    <MaxBandwidthKB>1200</MaxBandwidthKB>
2477
    <MaxBrowserLimit>10</MaxBrowserLimit>
2478
    <MaxBrowserReuseCount>10</MaxBrowserReuseCount>
2479
    <MaxBrowserMemorySize>209715200</MaxBrowserMemorySize>
2480
    <MaxCPUUsage>50</MaxCPUUsage>
2481
    <MemoryCeiling>2800</MemoryCeiling>
2482
    <AntiDoS>0</AntiDoS>
2483
    <MonitorPerformanceUsage>1</MonitorPerformanceUsage>
2484
    <DumpUserProcessMemoryUsage>0</DumpUserProcessMemoryUsage>
2485
    <SingleThreadedScan>0</SingleThreadedScan>
2486
    <KillStrayIEInstances>0</KillStrayIEInstances>
2487
    <KillStrayChromeInstances>0</KillStrayChromeInstances>
2488
    <MinFreeDiskSpace>524288000</MinFreeDiskSpace>
2489
    <MaxMemoryUsagePercent>70</MaxMemoryUsagePercent>
2490
    <MaxThreadCount>400</MaxThreadCount>
2491
    <MaxBrowserProcessLifetime>240000</MaxBrowserProcessLifetime>
2492
    <MinDatabaseCompactInterval>900000</MinDatabaseCompactInterval>
2493
    <DatabaseCompactDuringScan>0</DatabaseCompactDuringScan>
2494
    <DatabaseCompactPostScan>0</DatabaseCompactPostScan>
2495
  </PerformanceConfig>
2496
  <SystemRecommendationsConfig>
2497
    <Enabled>1</Enabled>
2498
    <MinLogicalProcessors>2</MinLogicalProcessors>
2499
    <MinTotalPhysicalMemoryFor64Bit>4187593113</MinTotalPhysicalMemoryFor64Bit>
2500
    <MinAvailablePhysicalMemoryFor64Bit>2147483648</MinAvailablePhysicalMemoryFor64Bit>
2501
    <MinTotalPhysicalMemoryFor32Bit>2147483648</MinTotalPhysicalMemoryFor32Bit>
2502
    <MinAvailablePhysicalMemoryFor32Bit>1073741824</MinAvailablePhysicalMemoryFor32Bit>
2503
    <MinFreeDiskSpace>10737418240</MinFreeDiskSpace>
2504
  </SystemRecommendationsConfig>
2505
  <HTTPHeadersConfig>
2506
    <HttpProtocol>HTTP/1.1</HttpProtocol>
2507
    <Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept>
2508
    <AcceptCharset></AcceptCharset>
2509
    <AcceptEncoding>gzip, deflate</AcceptEncoding>
2510
    <AcceptLanguage>en-US</AcceptLanguage>
2511
    <Cookie></Cookie>
2512
    <UserAgent>Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36</UserAgent>
2513
    <OverwriteWithDefaultHeaders>0</OverwriteWithDefaultHeaders>
2514
    <TrafficHeaderList>
2515
      <TrafficHeader>
2516
        <Value>Authorization</Value>
2517
      </TrafficHeader>
2518
      <TrafficHeader>
2519
        <Value>X-XSRF-TOKEN</Value>
2520
      </TrafficHeader>
2521
      <TrafficHeader>
2522
        <Value>X-CSRF-Token</Value>
2523
      </TrafficHeader>
2524
    </TrafficHeaderList>
2525
  </HTTPHeadersConfig>
2526
  <ManualCrawlingConfig>
2527
  </ManualCrawlingConfig>
2528
  <ParameterTrainingConfig>
2529
    <FormPopulation>Smart</FormPopulation>
2530
    <TrainingParameterList>
2531
      <TrainingParameter>
2532
        <PatternName>Username</PatternName>
2533
        <Types>text,textarea</Types>
2534
        <Language>en</Language>
2535
        <Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match>
2536
        <Value>%RANDALPHANUM%</Value>
2537
        <ValueMatch></ValueMatch>
2538
        <MatchCriteria>Regex</MatchCriteria>
2539
      </TrainingParameter>
2540
      <TrainingParameter>
2541
        <PatternName>Password</PatternName>
2542
        <Types>password</Types>
2543
        <Language>en</Language>
2544
        <Match>password|passwd|pw|pwd</Match>
2545
        <Value>%RANDALPHANUM%$</Value>
2546
        <ValueMatch></ValueMatch>
2547
        <MatchCriteria>Regex</MatchCriteria>
2548
      </TrainingParameter>
2549
      <TrainingParameter>
2550
        <PatternName>Social Security Number</PatternName>
2551
        <Types>text,textarea,password</Types>
2552
        <Language>en</Language>
2553
        <Match>SSN|social|security</Match>
2554
        <Value>987-65-4320</Value>
2555
        <ValueMatch></ValueMatch>
2556
        <MatchCriteria>Regex</MatchCriteria>
2557
      </TrainingParameter>
2558
      <TrainingParameter>
2559
        <PatternName>Address</PatternName>
2560
        <Types>text,textarea</Types>
2561
        <Language>en</Language>
2562
        <Match>income</Match>
2563
        <Value>100000</Value>
2564
        <ValueMatch></ValueMatch>
2565
        <MatchCriteria>Regex</MatchCriteria>
2566
      </TrainingParameter>
2567
      <TrainingParameter>
2568
        <PatternName>Address</PatternName>
2569
        <Types>text,textarea</Types>
2570
        <Language>en</Language>
2571
        <Match>address|street</Match>
2572
        <Value>600 Fairy Land Drive</Value>
2573
        <ValueMatch></ValueMatch>
2574
        <MatchCriteria>Regex</MatchCriteria>
2575
      </TrainingParameter>
2576
      <TrainingParameter>
2577
        <PatternName>Apartment number</PatternName>
2578
        <Types>text,textarea</Types>
2579
        <Language>en</Language>
2580
        <Match>address|apartment|house</Match>
2581
        <Value>123</Value>
2582
        <ValueMatch></ValueMatch>
2583
        <MatchCriteria>Regex</MatchCriteria>
2584
      </TrainingParameter>
2585
      <TrainingParameter>
2586
        <PatternName>First name</PatternName>
2587
        <Types>text,textarea</Types>
2588
        <Language>en</Language>
2589
        <Match>name</Match>
2590
        <Value>John</Value>
2591
        <ValueMatch></ValueMatch>
2592
        <MatchCriteria>Regex</MatchCriteria>
2593
      </TrainingParameter>
2594
      <TrainingParameter>
2595
        <PatternName>Last name</PatternName>
2596
        <Types>text,textarea</Types>
2597
        <Language>en</Language>
2598
        <Match>last[:space:]*name|surname</Match>
2599
        <Value>Johnson</Value>
2600
        <ValueMatch></ValueMatch>
2601
        <MatchCriteria>Regex</MatchCriteria>
2602
      </TrainingParameter>
2603
      <TrainingParameter>
2604
        <PatternName>Full name</PatternName>
2605
        <Types>text,textarea</Types>
2606
        <Language>en</Language>
2607
        <Match>(your|full)[:space:]+name|name</Match>
2608
        <Value>John Johnson</Value>
2609
        <ValueMatch></ValueMatch>
2610
        <MatchCriteria>Regex</MatchCriteria>
2611
      </TrainingParameter>
2612
      <TrainingParameter>
2613
        <PatternName>User Signature</PatternName>
2614
        <Types>text,textarea</Types>
2615
        <Language>en</Language>
2616
        <Match>signature</Match>
2617
        <Value>John Johnson</Value>
2618
        <ValueMatch></ValueMatch>
2619
        <MatchCriteria>Regex</MatchCriteria>
2620
      </TrainingParameter>
2621
      <TrainingParameter>
2622
        <PatternName>Middle name</PatternName>
2623
        <Types>text,textarea</Types>
2624
        <Language>en</Language>
2625
        <Match>middle[:space:]+name</Match>
2626
        <Value>L</Value>
2627
        <ValueMatch></ValueMatch>
2628
        <MatchCriteria>Regex</MatchCriteria>
2629
      </TrainingParameter>
2630
      <TrainingParameter>
2631
        <PatternName>City</PatternName>
2632
        <Types>text,textarea</Types>
2633
        <Language>en</Language>
2634
        <Match>city|town</Match>
2635
        <Value>Costa Mesa</Value>
2636
        <ValueMatch></ValueMatch>
2637
        <MatchCriteria>Regex</MatchCriteria>
2638
      </TrainingParameter>
2639
      <TrainingParameter>
2640
        <PatternName>County</PatternName>
2641
        <Types>text,textarea</Types>
2642
        <Language>en</Language>
2643
        <Match>county</Match>
2644
        <Value>Orange</Value>
2645
        <ValueMatch></ValueMatch>
2646
        <MatchCriteria>Regex</MatchCriteria>
2647
      </TrainingParameter>
2648
      <TrainingParameter>
2649
        <PatternName>State</PatternName>
2650
        <Types>text,textarea</Types>
2651
        <Language>en</Language>
2652
        <Match>state</Match>
2653
        <Value>CA</Value>
2654
        <ValueMatch></ValueMatch>
2655
        <MatchCriteria>Regex</MatchCriteria>
2656
      </TrainingParameter>
2657
      <TrainingParameter>
2658
        <PatternName>Zip code</PatternName>
2659
        <Types>text,textarea</Types>
2660
        <Language>en</Language>
2661
        <Match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</Match>
2662
        <Value>92626</Value>
2663
        <ValueMatch></ValueMatch>
2664
        <MatchCriteria>Regex</MatchCriteria>
2665
      </TrainingParameter>
2666
      <TrainingParameter>
2667
        <PatternName>Country</PatternName>
2668
        <Types>text,textarea,select</Types>
2669
        <Language>en</Language>
2670
        <Match>united[:space:]*states|country</Match>
2671
        <Value>US</Value>
2672
        <ValueMatch>us</ValueMatch>
2673
        <MatchCriteria>Regex</MatchCriteria>
2674
      </TrainingParameter>
2675
      <TrainingParameter>
2676
        <PatternName>Phone number</PatternName>
2677
        <Types>text,textarea</Types>
2678
        <Language>en</Language>
2679
        <Match>tele[:space:]*phone|fax|phone</Match>
2680
        <Value>123-456-7890</Value>
2681
        <ValueMatch></ValueMatch>
2682
        <MatchCriteria>Regex</MatchCriteria>
2683
      </TrainingParameter>
2684
      <TrainingParameter>
2685
        <PatternName>Phone area code</PatternName>
2686
        <Types>text,textarea</Types>
2687
        <Language>en</Language>
2688
        <Match>area[:space:]+code</Match>
2689
        <Value>123</Value>
2690
        <ValueMatch></ValueMatch>
2691
        <MatchCriteria>Regex</MatchCriteria>
2692
      </TrainingParameter>
2693
      <TrainingParameter>
2694
        <PatternName>Company name</PatternName>
2695
        <Types>text,textarea</Types>
2696
        <Language>en</Language>
2697
        <Match>company|employer|organization</Match>
2698
        <Value>Example</Value>
2699
        <ValueMatch></ValueMatch>
2700
        <MatchCriteria>Regex</MatchCriteria>
2701
      </TrainingParameter>
2702
      <TrainingParameter>
2703
        <PatternName>Email</PatternName>
2704
        <Types>text,textarea</Types>
2705
        <Language>en</Language>
2706
        <Match>e[-_]?mail([-_]?address)?</Match>
2707
        <Value>a%RANDALPHANUM%@example.com</Value>
2708
        <ValueMatch></ValueMatch>
2709
        <MatchCriteria>Regex</MatchCriteria>
2710
      </TrainingParameter>
2711
      <TrainingParameter>
2712
        <PatternName>Birthday</PatternName>
2713
        <Types>text,textarea</Types>
2714
        <Language>en</Language>
2715
        <Match>birth[:space:]day|birth</Match>
2716
        <Value>12/25/1975</Value>
2717
        <ValueMatch></ValueMatch>
2718
        <MatchCriteria>Regex</MatchCriteria>
2719
      </TrainingParameter>
2720
      <TrainingParameter>
2721
        <PatternName>Day</PatternName>
2722
        <Types>text,textarea,select</Types>
2723
        <Language>en</Language>
2724
        <Match>dd|day</Match>
2725
        <Value>25</Value>
2726
        <ValueMatch>25</ValueMatch>
2727
        <MatchCriteria>Regex</MatchCriteria>
2728
      </TrainingParameter>
2729
      <TrainingParameter>
2730
        <PatternName>Month</PatternName>
2731
        <Types>text,textarea,select</Types>
2732
        <Language>en</Language>
2733
        <Match>mm|month</Match>
2734
        <Value>12</Value>
2735
        <ValueMatch>12|dec|d</ValueMatch>
2736
        <MatchCriteria>Regex</MatchCriteria>
2737
      </TrainingParameter>
2738
      <TrainingParameter>
2739
        <PatternName>FutureYear</PatternName>
2740
        <Types>text,textarea,select</Types>
2741
        <Language>en</Language>
2742
        <Match>2015|2016|2017</Match>
2743
        <Value>2016</Value>
2744
        <ValueMatch>2015|2016|2017</ValueMatch>
2745
        <MatchCriteria>Regex</MatchCriteria>
2746
      </TrainingParameter>
2747
      <TrainingParameter>
2748
        <PatternName>BirthYear</PatternName>
2749
        <Types>text,textarea,select</Types>
2750
        <Language>en</Language>
2751
        <Match>yyyy|year|1975|1970|1960|1950</Match>
2752
        <Value></Value>
2753
        <ValueMatch>1975|1970|1960|1950</ValueMatch>
2754
        <MatchCriteria>Regex</MatchCriteria>
2755
      </TrainingParameter>
2756
      <TrainingParameter>
2757
        <PatternName>Past Date mm/dd/yyyy</PatternName>
2758
        <Types>text,textarea</Types>
2759
        <Language>en</Language>
2760
        <Match>(start|from)[-\s_]*date</Match>
2761
        <Value>02/02/2003</Value>
2762
        <ValueMatch></ValueMatch>
2763
        <MatchCriteria>Regex</MatchCriteria>
2764
      </TrainingParameter>
2765
      <TrainingParameter>
2766
        <PatternName>Future Date mm/dd/yy</PatternName>
2767
        <Types>text,textarea</Types>
2768
        <Language>en</Language>
2769
        <Match>mm/dd/yy</Match>
2770
        <Value>02/02/15</Value>
2771
        <ValueMatch></ValueMatch>
2772
        <MatchCriteria>Regex</MatchCriteria>
2773
      </TrainingParameter>
2774
      <TrainingParameter>
2775
        <PatternName>Future Date mm/dd/yyyy</PatternName>
2776
        <Types>text,textarea</Types>
2777
        <Language>en</Language>
2778
        <Match>mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\s_]*date</Match>
2779
        <Value>02/02/2015</Value>
2780
        <ValueMatch></ValueMatch>
2781
        <MatchCriteria>Regex</MatchCriteria>
2782
      </TrainingParameter>
2783
      <TrainingParameter>
2784
        <PatternName>Old password</PatternName>
2785
        <Types>password</Types>
2786
        <Language>en</Language>
2787
        <Match>old[:space:]+password</Match>
2788
        <Value>%RANDALPHANUM%1'</Value>
2789
        <ValueMatch></ValueMatch>
2790
        <MatchCriteria>Regex</MatchCriteria>
2791
      </TrainingParameter>
2792
      <TrainingParameter>
2793
        <PatternName>Accept terms</PatternName>
2794
        <Types>checkbox,radio</Types>
2795
        <Language>en</Language>
2796
        <Match><![CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]></Match>
2797
        <Value></Value>
2798
        <ValueMatch>yes|1|on</ValueMatch>
2799
        <MatchCriteria>Regex</MatchCriteria>
2800
      </TrainingParameter>
2801
      <TrainingParameter>
2802
        <PatternName>Save login</PatternName>
2803
        <Types>checkbox,radio,select</Types>
2804
        <Language>en</Language>
2805
        <Match>save|remember</Match>
2806
        <Value></Value>
2807
        <ValueMatch>yes|1|on</ValueMatch>
2808
        <MatchCriteria>Regex</MatchCriteria>
2809
      </TrainingParameter>
2810
      <TrainingParameter>
2811
        <PatternName>Remove item</PatternName>
2812
        <Types>checkbox,radio</Types>
2813
        <Language>en</Language>
2814
        <Match>remove|delete</Match>
2815
        <Value></Value>
2816
        <ValueMatch></ValueMatch>
2817
        <MatchCriteria>Regex</MatchCriteria>
2818
      </TrainingParameter>
2819
      <TrainingParameter>
2820
        <PatternName>Search</PatternName>
2821
        <Types>text,textarea</Types>
2822
        <Language>en</Language>
2823
        <Match>keyword|search|query</Match>
2824
        <Value>water</Value>
2825
        <ValueMatch></ValueMatch>
2826
        <MatchCriteria>Regex</MatchCriteria>
2827
      </TrainingParameter>
2828
      <TrainingParameter>
2829
        <PatternName>Quantity</PatternName>
2830
        <Types>text,textarea,select</Types>
2831
        <Language>en</Language>
2832
        <Match>quantity|amount|number|qty|num</Match>
2833
        <Value>3</Value>
2834
        <ValueMatch></ValueMatch>
2835
        <MatchCriteria>Regex</MatchCriteria>
2836
      </TrainingParameter>
2837
      <TrainingParameter>
2838
        <PatternName>Number</PatternName>
2839
        <Types>text,textarea</Types>
2840
        <Language>en</Language>
2841
        <Match>number|count|nmr|cnt|rate|decimal|digit</Match>
2842
        <Value>21</Value>
2843
        <ValueMatch></ValueMatch>
2844
        <MatchCriteria>Regex</MatchCriteria>
2845
      </TrainingParameter>
2846
      <TrainingParameter>
2847
        <PatternName>Account Number</PatternName>
2848
        <Types>text,textarea,select,radio,checkbox</Types>
2849
        <Language>en</Language>
2850
        <Match>account</Match>
2851
        <Value>20</Value>
2852
        <ValueMatch></ValueMatch>
2853
        <MatchCriteria>Regex</MatchCriteria>
2854
      </TrainingParameter>
2855
      <TrainingParameter>
2856
        <PatternName>Shipping method</PatternName>
2857
        <Types>select,radio,checkbox</Types>
2858
        <Language>en</Language>
2859
        <Match>shipping|fedex|standard|ups</Match>
2860
        <Value></Value>
2861
        <ValueMatch>fedex|standard|ups</ValueMatch>
2862
        <MatchCriteria>Regex</MatchCriteria>
2863
      </TrainingParameter>
2864
      <TrainingParameter>
2865
        <PatternName>Gift</PatternName>
2866
        <Types>checkbox</Types>
2867
        <Language>en</Language>
2868
        <Match>gift</Match>
2869
        <Value></Value>
2870
        <ValueMatch>yes|1|on</ValueMatch>
2871
        <MatchCriteria>Regex</MatchCriteria>
2872
      </TrainingParameter>
2873
      <TrainingParameter>
2874
        <PatternName>Credit card number</PatternName>
2875
        <Types>text,textarea,password</Types>
2876
        <Language>en</Language>
2877
        <Match>credit[:space:]*card|card[:space:]*number</Match>
2878
        <Value>5105105105105100</Value>
2879
        <ValueMatch></ValueMatch>
2880
        <MatchCriteria>Regex</MatchCriteria>
2881
      </TrainingParameter>
2882
      <TrainingParameter>
2883
        <PatternName>Credit card type</PatternName>
2884
        <Types>select,checkbox,radio</Types>
2885
        <Language>en</Language>
2886
        <Match>master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex</Match>
2887
        <Value></Value>
2888
        <ValueMatch></ValueMatch>
2889
        <MatchCriteria>Regex</MatchCriteria>
2890
      </TrainingParameter>
2891
      <TrainingParameter>
2892
        <PatternName>Credit card security code</PatternName>
2893
        <Types>text,textarea,password</Types>
2894
        <Language>en</Language>
2895
        <Match>security[:space:]*code|verification[:space:]*number</Match>
2896
        <Value>123</Value>
2897
        <ValueMatch></ValueMatch>
2898
        <MatchCriteria>Regex</MatchCriteria>
2899
      </TrainingParameter>
2900
      <TrainingParameter>
2901
        <PatternName>PIN</PatternName>
2902
        <Types>text,textarea,password</Types>
2903
        <Language>en</Language>
2904
        <Match>PIN</Match>
2905
        <Value>1234</Value>
2906
        <ValueMatch></ValueMatch>
2907
        <MatchCriteria>Regex</MatchCriteria>
2908
      </TrainingParameter>
2909
      <TrainingParameter>
2910
        <PatternName>CAPTCHA</PatternName>
2911
        <Types>text,textarea</Types>
2912
        <Language>en</Language>
2913
        <Match>code[:space:]*shown|captcha</Match>
2914
        <Value>%RANDALPHANUM%</Value>
2915
        <ValueMatch></ValueMatch>
2916
        <MatchCriteria>Regex</MatchCriteria>
2917
      </TrainingParameter>
2918
      <TrainingParameter>
2919
        <PatternName>Size</PatternName>
2920
        <Types>select</Types>
2921
        <Language>en</Language>
2922
        <Match>size|xxl</Match>
2923
        <Value></Value>
2924
        <ValueMatch>(\b(m|s|42)\b</ValueMatch>
2925
        <MatchCriteria>Regex</MatchCriteria>
2926
      </TrainingParameter>
2927
      <TrainingParameter>
2928
        <PatternName>Color</PatternName>
2929
        <Types>select</Types>
2930
        <Language>en</Language>
2931
        <Match>\b(color|red|black)\b</Match>
2932
        <Value>Blue</Value>
2933
        <ValueMatch>\b(blue|red|black)\b</ValueMatch>
2934
        <MatchCriteria>Regex</MatchCriteria>
2935
      </TrainingParameter>
2936
      <TrainingParameter>
2937
        <PatternName>Price</PatternName>
2938
        <Types>text,textare</Types>
2939
        <Language>en</Language>
2940
        <Match>price</Match>
2941
        <Value>20</Value>
2942
        <ValueMatch></ValueMatch>
2943
        <MatchCriteria>Regex</MatchCriteria>
2944
      </TrainingParameter>
2945
      <TrainingParameter>
2946
        <PatternName>Attention</PatternName>
2947
        <Types>text,textare</Types>
2948
        <Language>en</Language>
2949
        <Match>attention</Match>
2950
        <Value>John</Value>
2951
        <ValueMatch></ValueMatch>
2952
        <MatchCriteria>Regex</MatchCriteria>
2953
      </TrainingParameter>
2954
      <TrainingParameter>
2955
        <PatternName>Gender</PatternName>
2956
        <Types>select,radio</Types>
2957
        <Language>en</Language>
2958
        <Match>gender|male|female</Match>
2959
        <Value>male</Value>
2960
        <ValueMatch>\b(male|m|f)\b</ValueMatch>
2961
        <MatchCriteria>Regex</MatchCriteria>
2962
      </TrainingParameter>
2963
      <TrainingParameter>
2964
        <PatternName>Legal age</PatternName>
2965
        <Types>checkbox,radio</Types>
2966
        <Language>en</Language>
2967
        <Match>legal|\d\d[:space:]*years[:space:]*old</Match>
2968
        <Value>yes</Value>
2969
        <ValueMatch>\b(on|1|yes)\b</ValueMatch>
2970
        <MatchCriteria>Regex</MatchCriteria>
2971
      </TrainingParameter>
2972
      <TrainingParameter>
2973
        <PatternName>Coupon code</PatternName>
2974
        <Types>text,textarea</Types>
2975
        <Language>en</Language>
2976
        <Match>promotion|coupon</Match>
2977
        <Value>%RANDALPHANUM%</Value>
2978
        <ValueMatch></ValueMatch>
2979
        <MatchCriteria>Regex</MatchCriteria>
2980
      </TrainingParameter>
2981
      <TrainingParameter>
2982
        <PatternName>Send message</PatternName>
2983
        <Types>text,textarea</Types>
2984
        <Language>en</Language>
2985
        <Match>message|comment|complain|enquiry|review</Match>
2986
        <Value>comment</Value>
2987
        <ValueMatch></ValueMatch>
2988
        <MatchCriteria>Regex</MatchCriteria>
2989
      </TrainingParameter>
2990
      <TrainingParameter>
2991
        <PatternName>Existing user</PatternName>
2992
        <Types>checkbox,radio</Types>
2993
        <Language>en</Language>
2994
        <Match>returning|existing|customer</Match>
2995
        <Value></Value>
2996
        <ValueMatch>\b(on|1|yes)\b</ValueMatch>
2997
        <MatchCriteria>Regex</MatchCriteria>
2998
      </TrainingParameter>
2999
      <TrainingParameter>
3000
        <PatternName>Age</PatternName>
3001
        <Types>text,textarea</Types>
3002
        <Language>en</Language>
3003
        <Match>age|under|over</Match>
3004
        <Value>40</Value>
3005
        <ValueMatch></ValueMatch>
3006
        <MatchCriteria>Regex</MatchCriteria>
3007
      </TrainingParameter>
3008
      <TrainingParameter>
3009
        <PatternName>Passphrase Hint</PatternName>
3010
        <Types>text,textarea</Types>
3011
        <Language>en</Language>
3012
        <Match>What make|pet's name|your father|high school|friend</Match>
3013
        <Value>What make was your first car?</Value>
3014
        <ValueMatch></ValueMatch>
3015
        <MatchCriteria>Regex</MatchCriteria>
3016
      </TrainingParameter>
3017
      <TrainingParameter>
3018
        <PatternName>Passphrase Hint Answer</PatternName>
3019
        <Types>text,textarea</Types>
3020
        <Language>en</Language>
3021
        <Match>Answer</Match>
3022
        <Value>Ford</Value>
3023
        <ValueMatch></ValueMatch>
3024
        <MatchCriteria>Regex</MatchCriteria>
3025
      </TrainingParameter>
3026
      <TrainingParameter>
3027
        <PatternName>Doctor name</PatternName>
3028
        <Types>text,textarea</Types>
3029
        <Language>en</Language>
3030
        <Match>doctor</Match>
3031
        <Value>John Johnson</Value>
3032
        <ValueMatch></ValueMatch>
3033
        <MatchCriteria>Regex</MatchCriteria>
3034
      </TrainingParameter>
3035
      <TrainingParameter>
3036
        <PatternName>Website</PatternName>
3037
        <Types>text,textarea</Types>
3038
        <Language>en</Language>
3039
        <Match>website</Match>
3040
        <Value>www.example.com</Value>
3041
        <ValueMatch></ValueMatch>
3042
        <MatchCriteria>Regex</MatchCriteria>
3043
      </TrainingParameter>
3044
      <TrainingParameter>
3045
        <PatternName>Address</PatternName>
3046
        <Types>text,textarea</Types>
3047
        <Language>de</Language>
3048
        <Match>adresse|strasse</Match>
3049
        <Value>600 Fairy Land Drive</Value>
3050
        <ValueMatch></ValueMatch>
3051
        <MatchCriteria>Regex</MatchCriteria>
3052
      </TrainingParameter>
3053
      <TrainingParameter>
3054
        <PatternName>Apartment number</PatternName>
3055
        <Types>text,textarea</Types>
3056
        <Language>de</Language>
3057
        <Match>adresse|wohnung|haus</Match>
3058
        <Value>123</Value>
3059
        <ValueMatch></ValueMatch>
3060
        <MatchCriteria>Regex</MatchCriteria>
3061
      </TrainingParameter>
3062
      <TrainingParameter>
3063
        <PatternName>First name</PatternName>
3064
        <Types>text,textarea</Types>
3065
        <Language>de</Language>
3066
        <Match>name</Match>
3067
        <Value>John</Value>
3068
        <ValueMatch></ValueMatch>
3069
        <MatchCriteria>Regex</MatchCriteria>
3070
      </TrainingParameter>
3071
      <TrainingParameter>
3072
        <PatternName>Last name</PatternName>
3073
        <Types>text,textarea</Types>
3074
        <Language>de</Language>
3075
        <Match>vorname|name</Match>
3076
        <Value>Johnson</Value>
3077
        <ValueMatch></ValueMatch>
3078
        <MatchCriteria>Regex</MatchCriteria>
3079
      </TrainingParameter>
3080
      <TrainingParameter>
3081
        <PatternName>Full name</PatternName>
3082
        <Types>text,textarea</Types>
3083
        <Language>de</Language>
3084
        <Match>ihren namen|name</Match>
3085
        <Value>John Johnson</Value>
3086
        <ValueMatch></ValueMatch>
3087
        <MatchCriteria>Regex</MatchCriteria>
3088
      </TrainingParameter>
3089
      <TrainingParameter>
3090
        <PatternName>User Signature</PatternName>
3091
        <Types>text,textarea</Types>
3092
        <Language>de</Language>
3093
        <Match>unterschrift</Match>
3094
        <Value>John Johnson</Value>
3095
        <ValueMatch></ValueMatch>
3096
        <MatchCriteria>Regex</MatchCriteria>
3097
      </TrainingParameter>
3098
      <TrainingParameter>
3099
        <PatternName>City</PatternName>
3100
        <Types>text,textarea</Types>
3101
        <Language>de</Language>
3102
        <Match>stadt|stadt</Match>
3103
        <Value>Berlin</Value>
3104
        <ValueMatch></ValueMatch>
3105
        <MatchCriteria>Regex</MatchCriteria>
3106
      </TrainingParameter>
3107
      <TrainingParameter>
3108
        <PatternName>Regierungsbezirke</PatternName>
3109
        <Types>text,textarea</Types>
3110
        <Language>de</Language>
3111
        <Match>regierungsbezirke</Match>
3112
        <Value>Berlin</Value>
3113
        <ValueMatch></ValueMatch>
3114
        <MatchCriteria>Regex</MatchCriteria>
3115
      </TrainingParameter>
3116
      <TrainingParameter>
3117
        <PatternName>Zip code</PatternName>
3118
        <Types>text,textarea</Types>
3119
        <Language>de</Language>
3120
        <Match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</Match>
3121
        <Value>10115</Value>
3122
        <ValueMatch></ValueMatch>
3123
        <MatchCriteria>Regex</MatchCriteria>
3124
      </TrainingParameter>
3125
      <TrainingParameter>
3126
        <PatternName>Country</PatternName>
3127
        <Types>text,textarea</Types>
3128
        <Language>de</Language>
3129
        <Match>\b(deutschland|land)\b</Match>
3130
        <Value>DE</Value>
3131
        <ValueMatch>\bDE\b</ValueMatch>
3132
        <MatchCriteria>Regex</MatchCriteria>
3133
      </TrainingParameter>
3134
      <TrainingParameter>
3135
        <PatternName>Phone number</PatternName>
3136
        <Types>text,textarea</Types>
3137
        <Language>de</Language>
3138
        <Match>telefon|telefon|fax</Match>
3139
        <Value>(1234) 567890</Value>
3140
        <ValueMatch></ValueMatch>
3141
        <MatchCriteria>Regex</MatchCriteria>
3142
      </TrainingParameter>
3143
      <TrainingParameter>
3144
        <PatternName>Phone area code</PatternName>
3145
        <Types>text,textarea</Types>
3146
        <Language>de</Language>
3147
        <Match>vorwahl</Match>
3148
        <Value>123</Value>
3149
        <ValueMatch></ValueMatch>
3150
        <MatchCriteria>Regex</MatchCriteria>
3151
      </TrainingParameter>
3152
      <TrainingParameter>
3153
        <PatternName>Company name</PatternName>
3154
        <Types>text,textarea</Types>
3155
        <Language>de</Language>
3156
        <Match>unternehmen|arbeitgeber|organisation</Match>
3157
        <Value>Example</Value>
3158
        <ValueMatch></ValueMatch>
3159
        <MatchCriteria>Regex</MatchCriteria>
3160
      </TrainingParameter>
3161
      <TrainingParameter>
3162
        <PatternName>Email</PatternName>
3163
        <Types>text,textarea</Types>
3164
        <Language>de</Language>
3165
        <Match>E[-_]Mailadresse|email|E[-_]Mail</Match>
3166
        <Value>a%RANDALPHANUM%@example.com</Value>
3167
        <ValueMatch></ValueMatch>
3168
        <MatchCriteria>Regex</MatchCriteria>
3169
      </TrainingParameter>
3170
      <TrainingParameter>
3171
        <PatternName>Birthday</PatternName>
3172
        <Types>text,textarea</Types>
3173
        <Language>de</Language>
3174
        <Match>geburtstag|geburt</Match>
3175
        <Value>12/25/1975</Value>
3176
        <ValueMatch></ValueMatch>
3177
        <MatchCriteria>Regex</MatchCriteria>
3178
      </TrainingParameter>
3179
      <TrainingParameter>
3180
        <PatternName>Day</PatternName>
3181
        <Types>text,textarea</Types>
3182
        <Language>de</Language>
3183
        <Match>tag</Match>
3184
        <Value>25</Value>
3185
        <ValueMatch></ValueMatch>
3186
        <MatchCriteria>Regex</MatchCriteria>
3187
      </TrainingParameter>
3188
      <TrainingParameter>
3189
        <PatternName>Month</PatternName>
3190
        <Types>text,textarea</Types>
3191
        <Language>de</Language>
3192
        <Match>monat</Match>
3193
        <Value>12</Value>
3194
        <ValueMatch></ValueMatch>
3195
        <MatchCriteria>Regex</MatchCriteria>
3196
      </TrainingParameter>
3197
      <TrainingParameter>
3198
        <PatternName>Year</PatternName>
3199
        <Types>text,textarea</Types>
3200
        <Language>de</Language>
3201
        <Match>Jahr</Match>
3202
        <Value>2007</Value>
3203
        <ValueMatch></ValueMatch>
3204
        <MatchCriteria>Regex</MatchCriteria>
3205
      </TrainingParameter>
3206
      <TrainingParameter>
3207
        <PatternName>BirthYear</PatternName>
3208
        <Types>text,textarea</Types>
3209
        <Language>de</Language>
3210
        <Match>Jahr|1975|1970|1960|1950</Match>
3211
        <Value>1975</Value>
3212
        <ValueMatch></ValueMatch>
3213
        <MatchCriteria>Regex</MatchCriteria>
3214
      </TrainingParameter>
3215
      <TrainingParameter>
3216
        <PatternName>Past Date mm/dd/yy</PatternName>
3217
        <Types>text,textarea</Types>
3218
        <Language>de</Language>
3219
        <Match>Datum|d.m.yyyy|dd.mm.yyyy</Match>
3220
        <Value>02.02.03</Value>
3221
        <ValueMatch></ValueMatch>
3222
        <MatchCriteria>Regex</MatchCriteria>
3223
      </TrainingParameter>
3224
      <TrainingParameter>
3225
        <PatternName>Past Date mm/dd/yyyy</PatternName>
3226
        <Types>text,textarea</Types>
3227
        <Language>de</Language>
3228
        <Match>Datum|mm/dd/yyyy</Match>
3229
        <Value>02/02/2003</Value>
3230
        <ValueMatch></ValueMatch>
3231
        <MatchCriteria>Regex</MatchCriteria>
3232
      </TrainingParameter>
3233
      <TrainingParameter>
3234
        <PatternName>Future Date mm/dd/yy</PatternName>
3235
        <Types>text,textarea</Types>
3236
        <Language>de</Language>
3237
        <Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==</Match>
3238
        <Value>02/02/11</Value>
3239
        <ValueMatch></ValueMatch>
3240
        <MatchCriteria>Regex</MatchCriteria>
3241
      </TrainingParameter>
3242
      <TrainingParameter>
3243
        <PatternName>Future Date mm/dd/yyyy</PatternName>
3244
        <Types>text,textarea</Types>
3245
        <Language>de</Language>
3246
        <Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5</Match>
3247
        <Value>02/02/2011</Value>
3248
        <ValueMatch></ValueMatch>
3249
        <MatchCriteria>Regex</MatchCriteria>
3250
      </TrainingParameter>
3251
      <TrainingParameter>
3252
        <PatternName>Username</PatternName>
3253
        <Types>text,textarea</Types>
3254
        <Language>de</Language>
3255
        <Match>Benutzername|Mitgliedsnamen|Benutzer</Match>
3256
        <Value>%RANDALPHANUM%</Value>
3257
        <ValueMatch></ValueMatch>
3258
        <MatchCriteria>Regex</MatchCriteria>
3259
      </TrainingParameter>
3260
      <TrainingParameter>
3261
        <PatternName>Password</PatternName>
3262
        <Types>password</Types>
3263
        <Language>de</Language>
3264
        <Match>password|passwort|passwd</Match>
3265
        <Value>%RANDALPHANUM%1'</Value>
3266
        <ValueMatch></ValueMatch>
3267
        <MatchCriteria>Regex</MatchCriteria>
3268
      </TrainingParameter>
3269
      <TrainingParameter>
3270
        <PatternName>Old password</PatternName>
3271
        <Types>password</Types>
3272
        <Language>de</Language>
3273
        <Match>alte[:space:]passwort</Match>
3274
        <Value>%RANDALPHANUM%1'</Value>
3275
        <ValueMatch></ValueMatch>
3276
        <MatchCriteria>Regex</MatchCriteria>
3277
      </TrainingParameter>
3278
      <TrainingParameter>
3279
        <PatternName>Accept terms</PatternName>
3280
        <Types>checkbox,radio</Types>
3281
        <Language>de</Language>
3282
        <Match>Ich habe gelesen und akzeptiere|Ich habe gelesen und akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</Match>
3283
        <Value></Value>
3284
        <ValueMatch></ValueMatch>
3285
        <MatchCriteria>Regex</MatchCriteria>
3286
      </TrainingParameter>
3287
      <TrainingParameter>
3288
        <PatternName>Remove item</PatternName>
3289
        <Types>checkbox,radio</Types>
3290
        <Language>de</Language>
3291
        <Match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</Match>
3292
        <Value></Value>
3293
        <ValueMatch></ValueMatch>
3294
        <MatchCriteria>Regex</MatchCriteria>
3295
      </TrainingParameter>
3296
      <TrainingParameter>
3297
        <PatternName>Search</PatternName>
3298
        <Types>text,textarea</Types>
3299
        <Language>de</Language>
3300
        <Match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</Match>
3301
        <Value>water</Value>
3302
        <ValueMatch></ValueMatch>
3303
        <MatchCriteria>Regex</MatchCriteria>
3304
      </TrainingParameter>
3305
      <TrainingParameter>
3306
        <PatternName>Quantity</PatternName>
3307
        <Types>text,textarea</Types>
3308
        <Language>de</Language>
3309
        <Match>qty|Menge|Betrag|Anzahl</Match>
3310
        <Value>3</Value>
3311
        <ValueMatch></ValueMatch>
3312
        <MatchCriteria>Regex</MatchCriteria>
3313
      </TrainingParameter>
3314
      <TrainingParameter>
3315
        <PatternName>Number</PatternName>
3316
        <Types>text,textarea</Types>
3317
        <Language>de</Language>
3318
        <Match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</Match>
3319
        <Value>21</Value>
3320
        <ValueMatch></ValueMatch>
3321
        <MatchCriteria>Regex</MatchCriteria>
3322
      </TrainingParameter>
3323
      <TrainingParameter>
3324
        <PatternName>Account Number</PatternName>
3325
        <Types>text,textarea</Types>
3326
        <Language>de</Language>
3327
        <Match>Konto</Match>
3328
        <Value>3456</Value>
3329
        <ValueMatch></ValueMatch>
3330
        <MatchCriteria>Regex</MatchCriteria>
3331
      </TrainingParameter>
3332
      <TrainingParameter>
3333
        <PatternName>Shipping method</PatternName>
3334
        <Types>select</Types>
3335
        <Language>de</Language>
3336
        <Match>Versand</Match>
3337
        <Value></Value>
3338
        <ValueMatch></ValueMatch>
3339
        <MatchCriteria>Regex</MatchCriteria>
3340
      </TrainingParameter>
3341
      <TrainingParameter>
3342
        <PatternName>Gift</PatternName>
3343
        <Types>text,textarea</Types>
3344
        <Language>de</Language>
3345
        <Match>Geschenk</Match>
3346
        <Value></Value>
3347
        <ValueMatch></ValueMatch>
3348
        <MatchCriteria>Regex</MatchCriteria>
3349
      </TrainingParameter>
3350
      <TrainingParameter>
3351
        <PatternName>Credit card number</PatternName>
3352
        <Types>text,textarea</Types>
3353
        <Language>de</Language>
3354
        <Match>Kreditkarte|Kredit|Kartennummer</Match>
3355
        <Value>5105105105105100</Value>
3356
        <ValueMatch></ValueMatch>
3357
        <MatchCriteria>Regex</MatchCriteria>
3358
      </TrainingParameter>
3359
      <TrainingParameter>
3360
        <PatternName>Credit card type</PatternName>
3361
        <Types>text,textarea</Types>
3362
        <Language>de</Language>
3363
        <Match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</Match>
3364
        <Value></Value>
3365
        <ValueMatch>Master</ValueMatch>
3366
        <MatchCriteria>Regex</MatchCriteria>
3367
      </TrainingParameter>
3368
      <TrainingParameter>
3369
        <PatternName>Credit card security code</PatternName>
3370
        <Types>text,textarea</Types>
3371
        <Language>de</Language>
3372
        <Match>MJPYBZHSWwshWRRFSGWAGES3JlZGl0fFNpY2hlcmhlaXRzLUNvZGV8UHLDvGZudW1tZXI=</Match>
3373
        <Value>123</Value>
3374
        <ValueMatch></ValueMatch>
3375
        <MatchCriteria>Regex</MatchCriteria>
3376
      </TrainingParameter>
3377
      <TrainingParameter>
3378
        <PatternName>CAPTCHA</PatternName>
3379
        <Types>text,textarea</Types>
3380
        <Language>de</Language>
3381
        <Match>captcha</Match>
3382
        <Value>[%RANDALPHANUM%</Value>
3383
        <ValueMatch></ValueMatch>
3384
        <MatchCriteria>Regex</MatchCriteria>
3385
      </TrainingParameter>
3386
      <TrainingParameter>
3387
        <PatternName>Back button</PatternName>
3388
        <Types>button,image,submit</Types>
3389
        <Language>de</Language>
3390
        <Match>MJPYBZHSWwshWRRFSGWAGEenVyw7xja3xyZXR1cm58c3Rvcm5pZXJlbnx2b3JoZXJpZ2V8d2VpdGVyIGVpbmthdWZlbg==</Match>
3391
        <Value></Value>
3392
        <ValueMatch></ValueMatch>
3393
        <MatchCriteria>Regex</MatchCriteria>
3394
      </TrainingParameter>
3395
      <TrainingParameter>
3396
        <PatternName>Logout button</PatternName>
3397
        <Types>button,image,submi</Types>
3398
        <Language>de</Language>
3399
        <Match>Abmeldung|Abmeldung|ausloggen|(sign|log)-?(off|out)</Match>
3400
        <Value></Value>
3401
        <ValueMatch></ValueMatch>
3402
        <MatchCriteria>Regex</MatchCriteria>
3403
      </TrainingParameter>
3404
      <TrainingParameter>
3405
        <PatternName>Login button</PatternName>
3406
        <Types>button,image,submi</Types>
3407
        <Language>de</Language>
3408
        <Match>(log|sign)-?in</Match>
3409
        <Value></Value>
3410
        <ValueMatch></ValueMatch>
3411
        <MatchCriteria>Regex</MatchCriteria>
3412
      </TrainingParameter>
3413
      <TrainingParameter>
3414
        <PatternName>Size</PatternName>
3415
        <Types>select</Types>
3416
        <Language>de</Language>
3417
        <Match>MJPYBZHSWwshWRRFSGWAGER3LDtnNzZXxYWEw=</Match>
3418
        <Value>m</Value>
3419
        <ValueMatch>m|s|42</ValueMatch>
3420
        <MatchCriteria>Regex</MatchCriteria>
3421
      </TrainingParameter>
3422
      <TrainingParameter>
3423
        <PatternName>Color</PatternName>
3424
        <Types>select</Types>
3425
        <Language>de</Language>
3426
        <Match>Farbe</Match>
3427
        <Value>Blue</Value>
3428
        <ValueMatch></ValueMatch>
3429
        <MatchCriteria>Regex</MatchCriteria>
3430
      </TrainingParameter>
3431
      <TrainingParameter>
3432
        <PatternName>Enter price</PatternName>
3433
        <Types>text,textarea</Types>
3434
        <Language>de</Language>
3435
        <Match>Preis</Match>
3436
        <Value>20</Value>
3437
        <ValueMatch></ValueMatch>
3438
        <MatchCriteria>Regex</MatchCriteria>
3439
      </TrainingParameter>
3440
      <TrainingParameter>
3441
        <PatternName>Attention</PatternName>
3442
        <Types>text,textarea</Types>
3443
        <Language>de</Language>
3444
        <Match>Aufmerksamkeit</Match>
3445
        <Value>John</Value>
3446
        <ValueMatch></ValueMatch>
3447
        <MatchCriteria>Regex</MatchCriteria>
3448
      </TrainingParameter>
3449
      <TrainingParameter>
3450
        <PatternName>Gender</PatternName>
3451
        <Types>select,radio,checkbox</Types>
3452
        <Language>de</Language>
3453
        <Match>Geschlecht|Herren</Match>
3454
        <Value>m</Value>
3455
        <ValueMatch>m|h</ValueMatch>
3456
        <MatchCriteria>Regex</MatchCriteria>
3457
      </TrainingParameter>
3458
      <TrainingParameter>
3459
        <PatternName>Legal age</PatternName>
3460
        <Types>select,radio,checkbox</Types>
3461
        <Language>de</Language>
3462
        <Match>rechtliche|\d\d[:space:]*Jahre</Match>
3463
        <Value>ja</Value>
3464
        <ValueMatch>ja|yes|1|on</ValueMatch>
3465
        <MatchCriteria>Regex</MatchCriteria>
3466
      </TrainingParameter>
3467
      <TrainingParameter>
3468
        <PatternName>Coupon code</PatternName>
3469
        <Types>text,textarea</Types>
3470
        <Language>de</Language>
3471
        <Match>MJPYBZHSWwshWRRFSGWAGERsO2cmRlcnVuZ3xHdXRzY2hlaW4=</Match>
3472
        <Value>111</Value>
3473
        <ValueMatch></ValueMatch>
3474
        <MatchCriteria>Regex</MatchCriteria>
3475
      </TrainingParameter>
3476
      <TrainingParameter>
3477
        <PatternName>Send message</PatternName>
3478
        <Types>text,textarea</Types>
3479
        <Language>de</Language>
3480
        <Match>Nachricht|Kommentar|beschweren|Anfrage|Kritik</Match>
3481
        <Value>comment</Value>
3482
        <ValueMatch></ValueMatch>
3483
        <MatchCriteria>Regex</MatchCriteria>
3484
      </TrainingParameter>
3485
      <TrainingParameter>
3486
        <PatternName>Age</PatternName>
3487
        <Types>text,textarea</Types>
3488
        <Language>de</Language>
3489
        <Match>Alter|unter|mehr</Match>
3490
        <Value>40</Value>
3491
        <ValueMatch></ValueMatch>
3492
        <MatchCriteria>Regex</MatchCriteria>
3493
      </TrainingParameter>
3494
      <TrainingParameter>
3495
        <PatternName>Passphrase Hint</PatternName>
3496
        <Types>text,textarea</Types>
3497
        <Language>de</Language>
3498
        <Match>Was machen|Name des Haustieres|Ihr Vater</Match>
3499
        <Value>What make was your first car?</Value>
3500
        <ValueMatch></ValueMatch>
3501
        <MatchCriteria>Regex</MatchCriteria>
3502
      </TrainingParameter>
3503
      <TrainingParameter>
3504
        <PatternName>Passphrase Hint Answer</PatternName>
3505
        <Types>text,textarea</Types>
3506
        <Language>de</Language>
3507
        <Match>beantworten</Match>
3508
        <Value>Ford</Value>
3509
        <ValueMatch></ValueMatch>
3510
        <MatchCriteria>Regex</MatchCriteria>
3511
      </TrainingParameter>
3512
      <TrainingParameter>
3513
        <PatternName>Doctor name</PatternName>
3514
        <Types>text,textarea</Types>
3515
        <Language>de</Language>
3516
        <Match>Arzt</Match>
3517
        <Value>John Johnson</Value>
3518
        <ValueMatch></ValueMatch>
3519
        <MatchCriteria>Regex</MatchCriteria>
3520
      </TrainingParameter>
3521
    </TrainingParameterList>
3522
  </ParameterTrainingConfig>
3523
  <AutoSequenceConfig>
3524
    <SequenceIgnoreExtensionList>
3525
      <SequenceIgnoreExtension>
3526
        <Value>js</Value>
3527
      </SequenceIgnoreExtension>
3528
      <SequenceIgnoreExtension>
3529
        <Value>css</Value>
3530
      </SequenceIgnoreExtension>
3531
      <SequenceIgnoreExtension>
3532
        <Value>doc</Value>
3533
      </SequenceIgnoreExtension>
3534
      <SequenceIgnoreExtension>
3535
        <Value>jpg</Value>
3536
      </SequenceIgnoreExtension>
3537
      <SequenceIgnoreExtension>
3538
        <Value>jpeg</Value>
3539
      </SequenceIgnoreExtension>
3540
      <SequenceIgnoreExtension>
3541
        <Value>gif</Value>
3542
      </SequenceIgnoreExtension>
3543
      <SequenceIgnoreExtension>
3544
        <Value>png</Value>
3545
      </SequenceIgnoreExtension>
3546
      <SequenceIgnoreExtension>
3547
        <Value>bmp</Value>
3548
      </SequenceIgnoreExtension>
3549
      <SequenceIgnoreExtension>
3550
        <Value>ico</Value>
3551
      </SequenceIgnoreExtension>
3552
      <SequenceIgnoreExtension>
3553
        <Value>exe</Value>
3554
      </SequenceIgnoreExtension>
3555
      <SequenceIgnoreExtension>
3556
        <Value>swf</Value>
3557
      </SequenceIgnoreExtension>
3558
      <SequenceIgnoreExtension>
3559
        <Value>mp3</Value>
3560
      </SequenceIgnoreExtension>
3561
      <SequenceIgnoreExtension>
3562
        <Value>wav</Value>
3563
      </SequenceIgnoreExtension>
3564
      <SequenceIgnoreExtension>
3565
        <Value>eot</Value>
3566
      </SequenceIgnoreExtension>
3567
    </SequenceIgnoreExtensionList>
3568
    <SequenceIgnoreContentTypeList>
3569
      <SequenceIgnoreContentType>
3570
        <Value>*font*</Value>
3571
      </SequenceIgnoreContentType>
3572
      <SequenceIgnoreContentType>
3573
        <Value>audio/*</Value>
3574
      </SequenceIgnoreContentType>
3575
      <SequenceIgnoreContentType>
3576
        <Value>image/*</Value>
3577
      </SequenceIgnoreContentType>
3578
      <SequenceIgnoreContentType>
3579
        <Value>video/*</Value>
3580
      </SequenceIgnoreContentType>
3581
      <SequenceIgnoreContentType>
3582
        <Value>application/pdf</Value>
3583
      </SequenceIgnoreContentType>
3584
      <SequenceIgnoreContentType>
3585
        <Value>application/zip</Value>
3586
      </SequenceIgnoreContentType>
3587
      <SequenceIgnoreContentType>
3588
        <Value>application/x-rar-compressed</Value>
3589
      </SequenceIgnoreContentType>
3590
      <SequenceIgnoreContentType>
3591
        <Value>application/x-dvi</Value>
3592
      </SequenceIgnoreContentType>
3593
      <SequenceIgnoreContentType>
3594
        <Value>application/x-shockwave-flash</Value>
3595
      </SequenceIgnoreContentType>
3596
      <SequenceIgnoreContentType>
3597
        <Value>application/msword</Value>
3598
      </SequenceIgnoreContentType>
3599
      <SequenceIgnoreContentType>
3600
        <Value>application/ogg</Value>
3601
      </SequenceIgnoreContentType>
3602
      <SequenceIgnoreContentType>
3603
        <Value>application/x-tar</Value>
3604
      </SequenceIgnoreContentType>
3605
      <SequenceIgnoreContentType>
3606
        <Value>application/octet-stream</Value>
3607
      </SequenceIgnoreContentType>
3608
    </SequenceIgnoreContentTypeList>
3609
  </AutoSequenceConfig>
3610
  <MacroConfig>
3611
    <SequentialMacroPlayback>1</SequentialMacroPlayback>
3612
  </MacroConfig>
3613
  <SeleniumConfig>
3614
    <ListenForOtherScripts>0</ListenForOtherScripts>
3615
    <SequentialSeleniumScriptPlayback>1</SequentialSeleniumScriptPlayback>
3616
    <SeleniumPort>32768</SeleniumPort>
3617
    <FirefoxProfile></FirefoxProfile>
3618
    <WebDriverForHtml>Chrome</WebDriverForHtml>
3619
    <SeleniumFileList>
3620
      <SeleniumFile>
3621
        <SeleniumFileName><![CDATA[C:\Users\tperry\Desktop\scripts\firefox.htm]]></SeleniumFileName>
3622
      </SeleniumFile>
3623
    </SeleniumFileList>
3624
  </SeleniumConfig>
3625
  <WebServiceConfig>
3626
    <Username></Username>
3627
    <Password></Password>
3628
    <ContentType></ContentType>
3629
    <WsdlRegex>([?]wsdl|[.]wsdl)$</WsdlRegex>
3630
    <AutoDiscoverWSDL>1</AutoDiscoverWSDL>
3631
    <WebServicesEnhancements>0</WebServicesEnhancements>
3632
    <PasswordOption>Hashed</PasswordOption>
3633
    <SwaggerHostName></SwaggerHostName>
3634
    <SwaggerParseFail>1</SwaggerParseFail>
3635
    <SwaggerWarningLevel>Strict</SwaggerWarningLevel>
3636
  </WebServiceConfig>
3637
  <ReportConfig>
3638
    <GlobalDatabaseDSN></GlobalDatabaseDSN>
3639
    <GlobalDatabaseUID></GlobalDatabaseUID>
3640
    <GlobalDatabasePWD></GlobalDatabasePWD>
3641
    <Language>en</Language>
3642
    <BrandingDirectory></BrandingDirectory>
3643
    <UseSQLite>0</UseSQLite>
3644
    <XML>0</XML>
3645
    <AttackModulesJSON>1</AttackModulesJSON>
3646
    <CrawledLinksJSON>1</CrawledLinksJSON>
3647
    <WebAppScanSelectedChildrenJSON>1</WebAppScanSelectedChildrenJSON>
3648
    <ScanStatusJSON>1</ScanStatusJSON>
3649
    <WebSitesJSON>1</WebSitesJSON>
3650
    <CrawlResultsJSON>1</CrawlResultsJSON>
3651
    <FormsJSON>1</FormsJSON>
3652
    <WebResourcesJSON>1</WebResourcesJSON>
3653
    <AttackVectorsJSON>1</AttackVectorsJSON>
3654
    <FindingsJSON>1</FindingsJSON>
3655
    <UserMessageLogEntriesJSON>1</UserMessageLogEntriesJSON>
3656
    <AttackLocationsJSON>0</AttackLocationsJSON>
3657
    <VulnerabilitiesSummaryXML>1</VulnerabilitiesSummaryXML>
3658
    <VulnerabilitiesSummaryJSON>0</VulnerabilitiesSummaryJSON>
3659
    <BrowserLinksJSON>1</BrowserLinksJSON>
3660
    <CrawledLinksXML>0</CrawledLinksXML>
3661
    <ValidationJSON>1</ValidationJSON>
3662
    <Index>1</Index>
3663
    <ExecutiveSummary>1</ExecutiveSummary>
3664
    <AllLinks>1</AllLinks>
3665
    <AppThreatModeling>1</AppThreatModeling>
3666
    <BestPractices>1</BestPractices>
3667
    <Reflection>1</Reflection>
3668
    <RemediationSummary>1</RemediationSummary>
3669
    <Resources>0</Resources>
3670
    <ResourceDetails>0</ResourceDetails>
3671
    <ResourceSummaryBreakdown>0</ResourceSummaryBreakdown>
3672
    <Application>1</Application>
3673
    <Server>1</Server>
3674
    <Database>1</Database>
3675
    <BySite>0</BySite>
3676
    <SiteLinks>1</SiteLinks>
3677
    <StatusAndConfig>1</StatusAndConfig>
3678
    <Vulnerabilities>1</Vulnerabilities>
3679
    <VulnerabilitiesByUrlStandAlone>0</VulnerabilitiesByUrlStandAlone>
3680
    <DISASTIG>1</DISASTIG>
3681
    <FISMA>1</FISMA>
3682
    <CWESANS>1</CWESANS>
3683
    <GLB>1</GLB>
3684
    <HIPAA>1</HIPAA>
3685
    <OWASP2007>0</OWASP2007>
3686
    <OWASP2010>0</OWASP2010>
3687
    <OWASP2013>0</OWASP2013>
3688
    <OWASP2017>1</OWASP2017>
3689
    <GDPR2016>1</GDPR2016>
3690
    <PCI>0</PCI>
3691
    <PCI31>1</PCI31>
3692
    <SOX>1</SOX>
3693
    <Privacy>1</Privacy>
3694
    <Comments>1</Comments>
3695
    <Cookies>1</Cookies>
3696
    <PDF>0</PDF>
3697
    <ZipReport>0</ZipReport>
3698
    <ValidateApplet>1</ValidateApplet>
3699
    <IncludeDbInZip>0</IncludeDbInZip>
3700
    <DisableBigReportPagesThreshold>10000</DisableBigReportPagesThreshold>
3701
    <AesEncryptPassword></AesEncryptPassword>
3702
    <Metadata></Metadata>
3703
    <Confidence>1</Confidence>
3704
  </ReportConfig>
3705
  <WAFConfig>
3706
    <Snort>1</Snort>
3707
    <Imperva>1</Imperva>
3708
    <ModSec>1</ModSec>
3709
    <SnortMode>Alert</SnortMode>
3710
  </WAFConfig>
3711
  <ScheduleConfig>
3712
    <Enabled>0</Enabled>
3713
    <PauseTime>2019-01-04 03:26:41</PauseTime>
3714
    <ResumeTime>2019-01-04 03:26:41</ResumeTime>
3715
    <MaxRunTime>43469 Days, 3:26:41</MaxRunTime>
3716
  </ScheduleConfig>
3717
  <SiteTechnologyConfig>
3718
    <Autodetect>1</Autodetect>
3719
    <ServerPerformance>Unknown</ServerPerformance>
3720
    <TechnologyTargets>
3721
    </TechnologyTargets>
3722
  </SiteTechnologyConfig>
3723
  <OneTimeTokenConfig>
3724
    <AutoDetectCSRF>1</AutoDetectCSRF>
3725
    <MaxTokenLifetime>1899-12-30 00:00:00</MaxTokenLifetime>
3726
    <ExpirationRegex></ExpirationRegex>
3727
    <TokenNameRegex>csrf</TokenNameRegex>
3728
    <TokenValueRegex></TokenValueRegex>
3729
  </OneTimeTokenConfig>
3730
  <CVSSConfig>
3731
    <CollateralDamagePotential>Not Defined</CollateralDamagePotential>
3732
    <TargetDistribution>Not Defined</TargetDistribution>
3733
    <ConfidentialityRequirement>Not Defined</ConfidentialityRequirement>
3734
    <IntegrityRequirement>Not Defined</IntegrityRequirement>
3735
    <AvailabilityRequirement>Not Defined</AvailabilityRequirement>
3736
    <AccessVector>Not Defined</AccessVector>
3737
    <AccessComplexity>Not Defined</AccessComplexity>
3738
    <CvssAuthentication>Not Defined</CvssAuthentication>
3739
  </CVSSConfig>
3740
  <ParameterParserConfig>
3741
    <EnableBase64ParameterValues>1</EnableBase64ParameterValues>
3742
    <StandardURLParserConfig>
3743
      <PathNameValueDelimiters>=.</PathNameValueDelimiters>
3744
      <PathParameterDelimiters>/;</PathParameterDelimiters>
3745
      <QueryNameValueDelimiters>=</QueryNameValueDelimiters>
3746
      <QueryParameterDelimiters><![CDATA[&]]></QueryParameterDelimiters>
3747
      <PathParamsValueRegex>\d+</PathParamsValueRegex>
3748
      <StartPathParamsPosition>-1</StartPathParamsPosition>
3749
    </StandardURLParserConfig>
3750
  </ParameterParserConfig>
3751
  <ParameterValueConfig>
3752
  </ParameterValueConfig>
3753
  <NexposeRESTConfig>
3754
    <RootUrl></RootUrl>
3755
    <FunctionAttackModuleList></FunctionAttackModuleList>
3756
    <FunctionWebAppScanSelectedChildren></FunctionWebAppScanSelectedChildren>
3757
    <FunctionNewWebSite></FunctionNewWebSite>
3758
    <FunctionNewCrawlResult></FunctionNewCrawlResult>
3759
    <FunctionNewForm></FunctionNewForm>
3760
    <FunctionNewWebResource></FunctionNewWebResource>
3761
    <FunctionNewAttackVector></FunctionNewAttackVector>
3762
    <FunctionNewFinding></FunctionNewFinding>
3763
    <FunctionTrimFalsePositiveFinding></FunctionTrimFalsePositiveFinding>
3764
    <AuthKey></AuthKey>
3765
    <ServicePullRequests>0</ServicePullRequests>
3766
  </NexposeRESTConfig>
3767
</ScanConfig>

Did this page help you?

AppSpider Pro

Custom URLs

AppSpider Pro

Scan Configuration Parameters