Advanced Scan Configuration

There are several ways to create or edit a Scan Configuration.

In this article we will go over accessing the advanced options within AppSpider and using the Scan configuration file.

Advanced options settings

The panel allows you to configure the advanced options. You may sort the settings by name, value, or description.

This panel contains the same information located in the Scan configuration XML file.

Scan configuration XML file

You can edit an existing scan configuration file or provide a new custom file.

AppSpider Scan Configuration File

File structure

The Scan Configuration file is an XML file and has a hierarchical structure. The top-level data structure in the file is ScanConfig. Everything else in the file resides below ScanConfig in the hierarchy.

There are 3 types of elements in the Scan configuration file:

  • Scalar - Options that have a single value. For example, ScanName.
  • Composite Object - An object that can contain other heterogeneous elements such as Scalars, Composite Objects and Lists. For example, the top-level object in the Scan Configuration file, the ScanConfig object is a Composite Object.
  • List - Options that can have a list of values. Lists cannot contain other Lists directly.

Scalar types

Scalar values in the Scan configuration file can be of 1 of the following types:

  • String - A String type.
  • LargeString - A String type optimized for large strings
  • UniqueString - A string type optimized for string that most likely be repeated multiple times.
  • LargeUniqueString - A string type optimized for large strings that a likely to be repeated multiple times.
  • LargeCompressedString - A string type that store strings in compressed form.
  • ByteNumber - A one-byte number
  • WordNumber - A two-byte number
  • Number - A four-byte number
  • LargeNumber - An eight-byte number
  • Enumeration - A data type consisted on named predefined values.
  • Float - A four-byte floating point number
  • Double - An eight-byte floating point number
  • Boolean - A boolean type. Boolean is not an enumerated type; it is stored as a Number with values either 0 or 1.
    • 1 = TRUE
    • 0 = FALSE
  • Date - Store Date data. It is stored in the format YYYY-MM-DD HH:MM:SS
  • Duration - Store time duration data. It is stored in the format [DD Day[s]] HH:MM::SS, where DD is the number of days, and square brackets show optional elements.

Enumerated types

Many Scalar elements in the Scan configuration file have Enumeration types. Enumeration type is stored as an integer but allows a user to reference integer values by their symbolic name. An enumerated type value can be set using either its numeric or symbolic form. For example, the following 2 lines from Scan configuration file are equivalent because 'High' is enumerated value defines as '4'.

xml
1
<Severity>High</Severity>
2
<Severity>4</Severity>

Bitmasks

Some Enumerated Types can be BitMasks, where the value of an element is defined by several bits. Enumerated values of BitMasks are defined so they do not have same bit set and can be used in a bitwise-OR operation to produce the final value. Multiple bits that are set in the bitmask are separated with character '|' for example:

xml
1
<AttackPoints>Directory|File|Parameter</AttackPoints>

For Enumerated Types, the values of the Bitmasks can be set using either numeric or symbolic form. The following 2 lines below are equivalent because value Parameter is defined as 16.

xml
1
<AttackPoints>Directory|File|Parameter</AttackPoints>
2
<AttackPoints>Directory|File|16</AttackPoints>

Default values

When a new Scan configuration file is created all Scalar Elements are assigned their default values. Default values are configured so that they produce best results for majority of web sites. Even if an element is not present in the Scan configuration file AppSpider will use the default value of the element.

Scan configuration schema changes

AppSpider development is an ongoing process. Developers frequently come across new types of web sites that require some special treatment and require new ways of configuring a scan execution. As a result, the number of parameters in the Scan configuration increases with every major release of AppSpider. To avoid any problems with Scan Configuration files created by the previous versions of AppSpider or by user's programs only new elements are added to the scan configuration files and all existing elements and their meaning are preserved.

XML file example

When you create or export a ScanConfig file it generated a file with the objects and fields.

To get more information on what is in each object see Scan Configuration Parameters.

XML File example
xml
1
<?xml version="1.0"?>
2
<ScanConfig>
3
<Name>webscantest</Name>
4
<AppVersion>7.0</AppVersion>
5
<Log>1</Log>
6
<DetailedLogging>0</DetailedLogging>
7
<IncludeTraffic>0</IncludeTraffic>
8
<WindowsErrors>0</WindowsErrors>
9
<UseSystemDsn>0</UseSystemDsn>
10
<Recrawl>0</Recrawl>
11
<PauseOnRecoverableError>1</PauseOnRecoverableError>
12
<ExecuteCommandLineURL></ExecuteCommandLineURL>
13
<NotifyScanDoneURL></NotifyScanDoneURL>
14
<JavaScriptEngine>Chrome</JavaScriptEngine>
15
<MaxDatabaseSize>1073741824</MaxDatabaseSize>
16
<MaxTrafficFiles>0</MaxTrafficFiles>
17
<CrawlConfig>
18
<MaxDomain>100</MaxDomain>
19
<MaxCrawlResults>5000</MaxCrawlResults>
20
<MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
21
<MaxPerDirCrawlResults>500</MaxPerDirCrawlResults>
22
<MaxPerLinkCrawlResults>50</MaxPerLinkCrawlResults>
23
<MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
24
<MaxPerDirChildNodes>300</MaxPerDirChildNodes>
25
<MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
26
<MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
27
<MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
28
<MaxPerQueryCrawlResults>400</MaxPerQueryCrawlResults>
29
<RecursionDepth>2</RecursionDepth>
30
<MaxDirDepth>15</MaxDirDepth>
31
<DiscoveryDepth>-1</DiscoveryDepth>
32
<UrlRepetitionTolerance>25</UrlRepetitionTolerance>
33
<SequenceRepetitionTolerance>5</SequenceRepetitionTolerance>
34
<MaxReportedImages>500</MaxReportedImages>
35
<MaxReportedLinks>2500</MaxReportedLinks>
36
<MaxReportedComments>500</MaxReportedComments>
37
<MaxReportedScripts>500</MaxReportedScripts>
38
<MaxReportedEmails>500</MaxReportedEmails>
39
<MaxReportedForms>500</MaxReportedForms>
40
<MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
41
<MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
42
<MaxBrowserDOMDepth>4</MaxBrowserDOMDepth>
43
<MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
44
<MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
45
<MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
46
<MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
47
<NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
48
<MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
49
<MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>
50
<MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>
51
<CrawlPrioritization>Smart</CrawlPrioritization>
52
<FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
53
<ServerErrorRegex></ServerErrorRegex>
54
<InvalidURLRegexAttack><![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]></InvalidURLRegexAttack>
55
<InvalidURLRegexCrawl><![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]></InvalidURLRegexCrawl>
56
<PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>
57
<LockCookies>0</LockCookies>
58
<CaseSensitivity>Case Sensitive</CaseSensitivity>
59
<UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
60
<SaveReferences>0</SaveReferences>
61
<UseBrowser>1</UseBrowser>
62
<ShowBrowser>0</ShowBrowser>
63
<StayOnPort>0</StayOnPort>
64
<RestrictToMacro>0</RestrictToMacro>
65
<RestrictToManualCrawling>0</RestrictToManualCrawling>
66
<RestrictToSeedList>0</RestrictToSeedList>
67
<RestrictToWebService>0</RestrictToWebService>
68
<RestrictToSelenium>0</RestrictToSelenium>
69
<RestrictToSwagger>0</RestrictToSwagger>
70
<ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
71
<PageEqualThreshhold>0.95</PageEqualThreshhold>
72
<PageSimilarThreshhold>0.8</PageSimilarThreshhold>
73
<ExperimentalCrawling>Disabled</ExperimentalCrawling>
74
<Flash>1</Flash>
75
<EnableAdvancedParsers>1</EnableAdvancedParsers>
76
<SearchForUrls>1</SearchForUrls>
77
<CookieCommaSeparator>1</CookieCommaSeparator>
78
<MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
79
<BlacklistContactForms>0</BlacklistContactForms>
80
<FrameworksCrawlConfig>
81
<EnableFrameworksCrawling>1</EnableFrameworksCrawling>
82
<FrameworkConfigList>
83
<FrameworkConfig>
84
<Name>ReactJS</Name>
85
<DefaultConfigVersion>2</DefaultConfigVersion>
86
<Enabled>1</Enabled>
87
<HEAD>1</HEAD>
88
<DetectionRegex>createReactRootIndex</DetectionRegex>
89
<HealthcheckString>react</HealthcheckString>
90
<FileName>fm.react.min.js</FileName>
91
<GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>
92
<GetAllEventsDelay>0</GetAllEventsDelay>
93
<GetVersionStringScript></GetVersionStringScript>
94
</FrameworkConfig>
95
<FrameworkConfig>
96
<Name>AngularJS</Name>
97
<DefaultConfigVersion>1</DefaultConfigVersion>
98
<Enabled>1</Enabled>
99
<HEAD>0</HEAD>
100
<DetectionRegex>ng-controller</DetectionRegex>
101
<HealthcheckString>angular</HealthcheckString>
102
<FileName>angular-hook-bundle.min.js</FileName>
103
<GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>
104
<GetAllEventsDelay>0</GetAllEventsDelay>
105
<GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>
106
</FrameworkConfig>
107
<FrameworkConfig>
108
<Name>KnockoutJS</Name>
109
<DefaultConfigVersion>1</DefaultConfigVersion>
110
<Enabled>1</Enabled>
111
<HEAD>0</HEAD>
112
<DetectionRegex>data-bind</DetectionRegex>
113
<HealthcheckString>ko</HealthcheckString>
114
<FileName>ko-hook-bundle.min.js</FileName>
115
<GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>
116
<GetAllEventsDelay>5000</GetAllEventsDelay>
117
<GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>
118
</FrameworkConfig>
119
<FrameworkConfig>
120
<Name>AngularLib</Name>
121
<DefaultConfigVersion>2</DefaultConfigVersion>
122
<Enabled>1</Enabled>
123
<HEAD>0</HEAD>
124
<DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>
125
<HealthcheckString></HealthcheckString>
126
<FileName>angular-4-hook-bundle.min.js</FileName>
127
<GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>
128
<GetAllEventsDelay>5000</GetAllEventsDelay>
129
<GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>
130
</FrameworkConfig>
131
<FrameworkConfig>
132
<Name>ReactLib</Name>
133
<DefaultConfigVersion>1</DefaultConfigVersion>
134
<Enabled>1</Enabled>
135
<HEAD>0</HEAD>
136
<DetectionRegex>react-text</DetectionRegex>
137
<HealthcheckString></HealthcheckString>
138
<FileName>react-hook-bundle.min.js</FileName>
139
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>
140
<GetAllEventsDelay>5000</GetAllEventsDelay>
141
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
142
</FrameworkConfig>
143
<FrameworkConfig>
144
<Name>ReactTwo</Name>
145
<DefaultConfigVersion>1</DefaultConfigVersion>
146
<Enabled>1</Enabled>
147
<HEAD>0</HEAD>
148
<DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>
149
<HealthcheckString></HealthcheckString>
150
<FileName>react-hook-bundle.min.js</FileName>
151
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>
152
<GetAllEventsDelay>5000</GetAllEventsDelay>
153
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
154
</FrameworkConfig>
155
<FrameworkConfig>
156
<Name>OpenUI5</Name>
157
<DefaultConfigVersion>1</DefaultConfigVersion>
158
<Enabled>1</Enabled>
159
<HEAD>0</HEAD>
160
<DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>
161
<HealthcheckString></HealthcheckString>
162
<FileName>sap-open-ui5-hook-bundle.min.js</FileName>
163
<GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>
164
<GetAllEventsDelay>5000</GetAllEventsDelay>
165
<GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>
166
</FrameworkConfig>
167
<FrameworkConfig>
168
<Name>Vue</Name>
169
<DefaultConfigVersion>1</DefaultConfigVersion>
170
<Enabled>1</Enabled>
171
<HEAD>0</HEAD>
172
<DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>
173
<HealthcheckString></HealthcheckString>
174
<FileName>vue-hook-bundle.min.js</FileName>
175
<GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>
176
<GetAllEventsDelay>5000</GetAllEventsDelay>
177
<GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>
178
</FrameworkConfig>
179
<FrameworkConfig>
180
<Name>Ember</Name>
181
<DefaultConfigVersion>1</DefaultConfigVersion>
182
<Enabled>1</Enabled>
183
<HEAD>0</HEAD>
184
<DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>
185
<HealthcheckString></HealthcheckString>
186
<FileName>ember-hook-bundle.min.js</FileName>
187
<GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>
188
<GetAllEventsDelay>5000</GetAllEventsDelay>
189
<GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>
190
</FrameworkConfig>
191
<FrameworkConfig>
192
<Name>Backbone</Name>
193
<DefaultConfigVersion>1</DefaultConfigVersion>
194
<Enabled>1</Enabled>
195
<HEAD>0</HEAD>
196
<DetectionRegex>(?-i)Backbone</DetectionRegex>
197
<HealthcheckString></HealthcheckString>
198
<FileName>backbone-hook-bundle.min.js</FileName>
199
<GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>
200
<GetAllEventsDelay>5000</GetAllEventsDelay>
201
<GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>
202
</FrameworkConfig>
203
</FrameworkConfigList>
204
</FrameworksCrawlConfig>
205
<SeedUrlList>
206
<SeedUrl>
207
<Value>http://www.webscantest.com/</Value>
208
</SeedUrl>
209
</SeedUrlList>
210
<ScopeConstraintList>
211
<ScopeConstraint>
212
<URL>http://www.webscantest.com/*</URL>
213
<Method>All</Method>
214
<MatchCriteria>Wildcard</MatchCriteria>
215
<Exclusion>Include</Exclusion>
216
</ScopeConstraint>
217
<ScopeConstraint>
218
<URL>http://*.www.webscantest.com/*</URL>
219
<Method>All</Method>
220
<MatchCriteria>Wildcard</MatchCriteria>
221
<Exclusion>Include</Exclusion>
222
</ScopeConstraint>
223
</ScopeConstraintList>
224
<BlackListExtensionList>
225
<BlackListExtension>
226
<Value>css</Value>
227
</BlackListExtension>
228
<BlackListExtension>
229
<Value>axd</Value>
230
</BlackListExtension>
231
</BlackListExtensionList>
232
<GrayListExtensionList>
233
<GrayListExtension>
234
<Value>pdf</Value>
235
</GrayListExtension>
236
<GrayListExtension>
237
<Value>doc</Value>
238
</GrayListExtension>
239
<GrayListExtension>
240
<Value>jpg</Value>
241
</GrayListExtension>
242
<GrayListExtension>
243
<Value>jpeg</Value>
244
</GrayListExtension>
245
<GrayListExtension>
246
<Value>gif</Value>
247
</GrayListExtension>
248
<GrayListExtension>
249
<Value>png</Value>
250
</GrayListExtension>
251
<GrayListExtension>
252
<Value>bmp</Value>
253
</GrayListExtension>
254
<GrayListExtension>
255
<Value>ico</Value>
256
</GrayListExtension>
257
<GrayListExtension>
258
<Value>js</Value>
259
</GrayListExtension>
260
<GrayListExtension>
261
<Value>tiff</Value>
262
</GrayListExtension>
263
<GrayListExtension>
264
<Value>eot</Value>
265
</GrayListExtension>
266
<GrayListExtension>
267
<Value>ttf</Value>
268
</GrayListExtension>
269
<GrayListExtension>
270
<Value>mid</Value>
271
</GrayListExtension>
272
<GrayListExtension>
273
<Value>midi</Value>
274
</GrayListExtension>
275
<GrayListExtension>
276
<Value>mp3</Value>
277
</GrayListExtension>
278
<GrayListExtension>
279
<Value>mpeg</Value>
280
</GrayListExtension>
281
<GrayListExtension>
282
<Value>wav</Value>
283
</GrayListExtension>
284
<GrayListExtension>
285
<Value>avi</Value>
286
</GrayListExtension>
287
<GrayListExtension>
288
<Value>woff</Value>
289
</GrayListExtension>
290
<GrayListExtension>
291
<Value>svg</Value>
292
</GrayListExtension>
293
</GrayListExtensionList>
294
<BinaryExtensionList>
295
<BinaryExtension>
296
<Value>fla</Value>
297
</BinaryExtension>
298
<BinaryExtension>
299
<Value>swf</Value>
300
</BinaryExtension>
301
<BinaryExtension>
302
<Value>pdf</Value>
303
</BinaryExtension>
304
<BinaryExtension>
305
<Value>doc</Value>
306
</BinaryExtension>
307
<BinaryExtension>
308
<Value>jpg</Value>
309
</BinaryExtension>
310
<BinaryExtension>
311
<Value>jpeg</Value>
312
</BinaryExtension>
313
<BinaryExtension>
314
<Value>gif</Value>
315
</BinaryExtension>
316
<BinaryExtension>
317
<Value>png</Value>
318
</BinaryExtension>
319
<BinaryExtension>
320
<Value>bmp</Value>
321
</BinaryExtension>
322
<BinaryExtension>
323
<Value>ico</Value>
324
</BinaryExtension>
325
<BinaryExtension>
326
<Value>dll</Value>
327
</BinaryExtension>
328
<BinaryExtension>
329
<Value>exe</Value>
330
</BinaryExtension>
331
<BinaryExtension>
332
<Value>eot</Value>
333
</BinaryExtension>
334
<BinaryExtension>
335
<Value>ttf</Value>
336
</BinaryExtension>
337
<BinaryExtension>
338
<Value>mp3</Value>
339
</BinaryExtension>
340
<BinaryExtension>
341
<Value>mp4</Value>
342
</BinaryExtension>
343
<BinaryExtension>
344
<Value>wav</Value>
345
</BinaryExtension>
346
<BinaryExtension>
347
<Value>woff</Value>
348
</BinaryExtension>
349
<BinaryExtension>
350
<Value>svg</Value>
351
</BinaryExtension>
352
</BinaryExtensionList>
353
<TextExtensionList>
354
<TextExtension>
355
<Value>txt</Value>
356
</TextExtension>
357
<TextExtension>
358
<Value>js</Value>
359
</TextExtension>
360
<TextExtension>
361
<Value>css</Value>
362
</TextExtension>
363
<TextExtension>
364
<Value>json</Value>
365
</TextExtension>
366
</TextExtensionList>
367
<BinaryContentTypeList>
368
<BinaryContentType>
369
<Value>audio/*</Value>
370
</BinaryContentType>
371
<BinaryContentType>
372
<Value>image/*</Value>
373
</BinaryContentType>
374
<BinaryContentType>
375
<Value>video/*</Value>
376
</BinaryContentType>
377
<BinaryContentType>
378
<Value>application/pdf</Value>
379
</BinaryContentType>
380
<BinaryContentType>
381
<Value>application/zip</Value>
382
</BinaryContentType>
383
<BinaryContentType>
384
<Value>application/x-rar-compressed</Value>
385
</BinaryContentType>
386
<BinaryContentType>
387
<Value>application/x-dvi</Value>
388
</BinaryContentType>
389
<BinaryContentType>
390
<Value>application/x-shockwave-flash</Value>
391
</BinaryContentType>
392
<BinaryContentType>
393
<Value>application/msword</Value>
394
</BinaryContentType>
395
<BinaryContentType>
396
<Value>application/ogg</Value>
397
</BinaryContentType>
398
<BinaryContentType>
399
<Value>application/x-tar</Value>
400
</BinaryContentType>
401
<BinaryContentType>
402
<Value>application/octet-stream</Value>
403
</BinaryContentType>
404
</BinaryContentTypeList>
405
<HTMLContentTypeList>
406
<HTMLContentType>
407
<Value>text/html</Value>
408
</HTMLContentType>
409
<HTMLContentType>
410
<Value>html/*</Value>
411
</HTMLContentType>
412
<HTMLContentType>
413
<Value>application/xhtml+xml</Value>
414
</HTMLContentType>
415
</HTMLContentTypeList>
416
<TextContentTypeList>
417
<TextContentType>
418
<Value>text/plain</Value>
419
</TextContentType>
420
<TextContentType>
421
<Value>text/csv</Value>
422
</TextContentType>
423
<TextContentType>
424
<Value>text/css</Value>
425
</TextContentType>
426
<TextContentType>
427
<Value>text/javascript</Value>
428
</TextContentType>
429
<TextContentType>
430
<Value>application/javascript</Value>
431
</TextContentType>
432
<TextContentType>
433
<Value>application/x-javascript</Value>
434
</TextContentType>
435
<TextContentType>
436
<Value>application/json</Value>
437
</TextContentType>
438
<TextContentType>
439
<Value>application/x-httpd-php-source</Value>
440
</TextContentType>
441
</TextContentTypeList>
442
<XMLContentTypeList>
443
<XMLContentType>
444
<Value>application/xml-dtd</Value>
445
</XMLContentType>
446
<XMLContentType>
447
<Value>text/xml</Value>
448
</XMLContentType>
449
<XMLContentType>
450
<Value>application/soap+xml</Value>
451
</XMLContentType>
452
<XMLContentType>
453
<Value>application/xml</Value>
454
</XMLContentType>
455
</XMLContentTypeList>
456
<BrowserDownloadWhitelistList>
457
<BrowserDownloadWhitelist>
458
<Value>*.css</Value>
459
</BrowserDownloadWhitelist>
460
<BrowserDownloadWhitelist>
461
<Value>*.js</Value>
462
</BrowserDownloadWhitelist>
463
<BrowserDownloadWhitelist>
464
<Value>*.xml</Value>
465
</BrowserDownloadWhitelist>
466
<BrowserDownloadWhitelist>
467
<Value>*.dtd</Value>
468
</BrowserDownloadWhitelist>
469
<BrowserDownloadWhitelist>
470
<Value>*.axd</Value>
471
</BrowserDownloadWhitelist>
472
<BrowserDownloadWhitelist>
473
<Value>*.json</Value>
474
</BrowserDownloadWhitelist>
475
<BrowserDownloadWhitelist>
476
<Value>*/js/*</Value>
477
</BrowserDownloadWhitelist>
478
<BrowserDownloadWhitelist>
479
<Value>*/css/*</Value>
480
</BrowserDownloadWhitelist>
481
</BrowserDownloadWhitelistList>
482
<BrowserDoNotDownloadExtensionList>
483
<BrowserDoNotDownloadExtension>
484
<Value>pdf</Value>
485
</BrowserDoNotDownloadExtension>
486
<BrowserDoNotDownloadExtension>
487
<Value>doc</Value>
488
</BrowserDoNotDownloadExtension>
489
<BrowserDoNotDownloadExtension>
490
<Value>jpg</Value>
491
</BrowserDoNotDownloadExtension>
492
<BrowserDoNotDownloadExtension>
493
<Value>jpeg</Value>
494
</BrowserDoNotDownloadExtension>
495
<BrowserDoNotDownloadExtension>
496
<Value>gif</Value>
497
</BrowserDoNotDownloadExtension>
498
<BrowserDoNotDownloadExtension>
499
<Value>png</Value>
500
</BrowserDoNotDownloadExtension>
501
<BrowserDoNotDownloadExtension>
502
<Value>bmp</Value>
503
</BrowserDoNotDownloadExtension>
504
<BrowserDoNotDownloadExtension>
505
<Value>ico</Value>
506
</BrowserDoNotDownloadExtension>
507
<BrowserDoNotDownloadExtension>
508
<Value>exe</Value>
509
</BrowserDoNotDownloadExtension>
510
<BrowserDoNotDownloadExtension>
511
<Value>swf</Value>
512
</BrowserDoNotDownloadExtension>
513
<BrowserDoNotDownloadExtension>
514
<Value>mp3</Value>
515
</BrowserDoNotDownloadExtension>
516
<BrowserDoNotDownloadExtension>
517
<Value>mp4</Value>
518
</BrowserDoNotDownloadExtension>
519
<BrowserDoNotDownloadExtension>
520
<Value>wav</Value>
521
</BrowserDoNotDownloadExtension>
522
<BrowserDoNotDownloadExtension>
523
<Value>eot</Value>
524
</BrowserDoNotDownloadExtension>
525
<BrowserDoNotDownloadExtension>
526
<Value>ttf</Value>
527
</BrowserDoNotDownloadExtension>
528
<BrowserDoNotDownloadExtension>
529
<Value>woff</Value>
530
</BrowserDoNotDownloadExtension>
531
<BrowserDoNotDownloadExtension>
532
<Value>ico</Value>
533
</BrowserDoNotDownloadExtension>
534
<BrowserDoNotDownloadExtension>
535
<Value>svg</Value>
536
</BrowserDoNotDownloadExtension>
537
</BrowserDoNotDownloadExtensionList>
538
<BrowserDoNotDownloadContentTypeList>
539
<BrowserDoNotDownloadContentType>
540
<Value>audio/*</Value>
541
</BrowserDoNotDownloadContentType>
542
<BrowserDoNotDownloadContentType>
543
<Value>image/*</Value>
544
</BrowserDoNotDownloadContentType>
545
<BrowserDoNotDownloadContentType>
546
<Value>video/*</Value>
547
</BrowserDoNotDownloadContentType>
548
<BrowserDoNotDownloadContentType>
549
<Value>application/pdf</Value>
550
</BrowserDoNotDownloadContentType>
551
<BrowserDoNotDownloadContentType>
552
<Value>application/zip</Value>
553
</BrowserDoNotDownloadContentType>
554
<BrowserDoNotDownloadContentType>
555
<Value>application/x-rar-compressed</Value>
556
</BrowserDoNotDownloadContentType>
557
<BrowserDoNotDownloadContentType>
558
<Value>application/x-dvi</Value>
559
</BrowserDoNotDownloadContentType>
560
<BrowserDoNotDownloadContentType>
561
<Value>application/x-shockwave-flash</Value>
562
</BrowserDoNotDownloadContentType>
563
<BrowserDoNotDownloadContentType>
564
<Value>application/msword</Value>
565
</BrowserDoNotDownloadContentType>
566
<BrowserDoNotDownloadContentType>
567
<Value>application/ogg</Value>
568
</BrowserDoNotDownloadContentType>
569
<BrowserDoNotDownloadContentType>
570
<Value>application/x-tar</Value>
571
</BrowserDoNotDownloadContentType>
572
<BrowserDoNotDownloadContentType>
573
<Value>application/octet-stream</Value>
574
</BrowserDoNotDownloadContentType>
575
</BrowserDoNotDownloadContentTypeList>
576
</CrawlConfig>
577
<AttackerConfig>
578
<ParametersToAttackBeforeLimitingAttacks>400</ParametersToAttackBeforeLimitingAttacks>
579
<LinksToAttackBeforeLimitingAttacks>200</LinksToAttackBeforeLimitingAttacks>
580
<MaxSameNameParameterAttackPoints>25</MaxSameNameParameterAttackPoints>
581
<MaxSameCookieParameterAttackPoints>15</MaxSameCookieParameterAttackPoints>
582
<MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
583
<MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
584
<MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
585
<ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
586
<ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
587
<MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>
588
<MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>
589
<ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>
590
<OutOfBandHost></OutOfBandHost>
591
<DefaultDoNotAttackParamList>
592
<DefaultDoNotAttackParam>
593
<ParameterName>^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$</ParameterName>
594
<MatchCriteria>Regex</MatchCriteria>
595
</DefaultDoNotAttackParam>
596
</DefaultDoNotAttackParamList>
597
</AttackerConfig>
598
<AttackPolicyConfig>
599
<Policy>Default attack policy</Policy>
600
<AttackPrioritization>Smart</AttackPrioritization>
601
<AttackDepth>Smart</AttackDepth>
602
<EnableAdvancedAttacks>0</EnableAdvancedAttacks>
603
<FalsePositiveRegex>This web browser does not support JavaScript or JavaScript in this web browser is not enabled.</FalsePositiveRegex>
604
<FalsePositiveFindingRegex></FalsePositiveFindingRegex>
605
<RootCauseIdExcludeList></RootCauseIdExcludeList>
606
<AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
607
<EnforceEncoding>0</EnforceEncoding>
608
<AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
609
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
610
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
611
<AttackModulePolicyList>
612
<AttackModulePolicy>
613
<Enabled>1</Enabled>
614
<ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>
615
<ModulePriority>High</ModulePriority>
616
<Severity>Informational</Severity>
617
<MaxVulnLimit>10</MaxVulnLimit>
618
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
619
<MaxVarianceLimit>2</MaxVarianceLimit>
620
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
621
<EnforceEncoding>0</EnforceEncoding>
622
<ApplyPolicySeverity>0</ApplyPolicySeverity>
623
<AttackPoints>Web Site</AttackPoints>
624
<ParameterLocations></ParameterLocations>
625
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
626
<DisplayName>Anonymous Access</DisplayName>
627
</AttackModulePolicy>
628
<AttackModulePolicy>
629
<Enabled>1</Enabled>
630
<ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
631
<ModulePriority>High</ModulePriority>
632
<Severity>High</Severity>
633
<MaxVulnLimit>100</MaxVulnLimit>
634
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
635
<MaxVarianceLimit>3</MaxVarianceLimit>
636
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
637
<EnforceEncoding>0</EnforceEncoding>
638
<ApplyPolicySeverity>0</ApplyPolicySeverity>
639
<AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
640
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
641
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
642
<DisplayName>Apache Struts 2 Framework Checks</DisplayName>
643
</AttackModulePolicy>
644
<AttackModulePolicy>
645
<Enabled>1</Enabled>
646
<ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
647
<ModulePriority>High</ModulePriority>
648
<Severity>Informational</Severity>
649
<MaxVulnLimit>100</MaxVulnLimit>
650
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
651
<MaxVarianceLimit>3</MaxVarianceLimit>
652
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
653
<EnforceEncoding>0</EnforceEncoding>
654
<ApplyPolicySeverity>0</ApplyPolicySeverity>
655
<AttackPoints>Response Analysis</AttackPoints>
656
<ParameterLocations></ParameterLocations>
657
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
658
<DisplayName>Apache Struts Detection</DisplayName>
659
</AttackModulePolicy>
660
<AttackModulePolicy>
661
<Enabled>1</Enabled>
662
<ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
663
<ModulePriority>High</ModulePriority>
664
<Severity>High</Severity>
665
<MaxVulnLimit>100</MaxVulnLimit>
666
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
667
<MaxVarianceLimit>4</MaxVarianceLimit>
668
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
669
<EnforceEncoding>0</EnforceEncoding>
670
<ApplyPolicySeverity>0</ApplyPolicySeverity>
671
<AttackPoints>Parameter</AttackPoints>
672
<ParameterLocations>Post</ParameterLocations>
673
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
674
<DisplayName>Arbitrary File Upload</DisplayName>
675
</AttackModulePolicy>
676
<AttackModulePolicy>
677
<Enabled>1</Enabled>
678
<ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
679
<ModulePriority>Medium</ModulePriority>
680
<Severity>Low</Severity>
681
<MaxVulnLimit>25</MaxVulnLimit>
682
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
683
<MaxVarianceLimit>2</MaxVarianceLimit>
684
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
685
<EnforceEncoding>0</EnforceEncoding>
686
<ApplyPolicySeverity>0</ApplyPolicySeverity>
687
<AttackPoints>Directory</AttackPoints>
688
<ParameterLocations></ParameterLocations>
689
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
690
<DisplayName>ASP.NET Misconfiguration</DisplayName>
691
</AttackModulePolicy>
692
<AttackModulePolicy>
693
<Enabled>1</Enabled>
694
<ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>
695
<ModulePriority>Medium</ModulePriority>
696
<Severity>High</Severity>
697
<MaxVulnLimit>25</MaxVulnLimit>
698
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
699
<MaxVarianceLimit>4</MaxVarianceLimit>
700
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
701
<EnforceEncoding>0</EnforceEncoding>
702
<ApplyPolicySeverity>0</ApplyPolicySeverity>
703
<AttackPoints>Parameter</AttackPoints>
704
<ParameterLocations>Post|Cookie</ParameterLocations>
705
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
706
<DisplayName>ASP.NET Serialization</DisplayName>
707
</AttackModulePolicy>
708
<AttackModulePolicy>
709
<Enabled>1</Enabled>
710
<ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
711
<ModulePriority>Medium</ModulePriority>
712
<Severity>Low</Severity>
713
<MaxVulnLimit>200</MaxVulnLimit>
714
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
715
<MaxVarianceLimit>2</MaxVarianceLimit>
716
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
717
<EnforceEncoding>0</EnforceEncoding>
718
<ApplyPolicySeverity>0</ApplyPolicySeverity>
719
<AttackPoints>Response Analysis</AttackPoints>
720
<ParameterLocations></ParameterLocations>
721
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
722
<DisplayName>Autocomplete attribute</DisplayName>
723
</AttackModulePolicy>
724
<AttackModulePolicy>
725
<Enabled>1</Enabled>
726
<ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>
727
<ModulePriority>High</ModulePriority>
728
<Severity>High</Severity>
729
<MaxVulnLimit>75</MaxVulnLimit>
730
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
731
<MaxVarianceLimit>4</MaxVarianceLimit>
732
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
733
<EnforceEncoding>0</EnforceEncoding>
734
<ApplyPolicySeverity>0</ApplyPolicySeverity>
735
<AttackPoints>Parameter</AttackPoints>
736
<ParameterLocations>Query|Post</ParameterLocations>
737
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
738
<DisplayName>Blind LDAP Injection</DisplayName>
739
</AttackModulePolicy>
740
<AttackModulePolicy>
741
<Enabled>1</Enabled>
742
<ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
743
<ModulePriority>Medium</ModulePriority>
744
<Severity>Informational</Severity>
745
<MaxVulnLimit>100</MaxVulnLimit>
746
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
747
<MaxVarianceLimit>1</MaxVarianceLimit>
748
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
749
<EnforceEncoding>0</EnforceEncoding>
750
<ApplyPolicySeverity>0</ApplyPolicySeverity>
751
<AttackPoints>Response Analysis</AttackPoints>
752
<ParameterLocations></ParameterLocations>
753
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
754
<DisplayName>Browser Cache directive (web application performance)</DisplayName>
755
</AttackModulePolicy>
756
<AttackModulePolicy>
757
<Enabled>1</Enabled>
758
<ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
759
<ModulePriority>Medium</ModulePriority>
760
<Severity>Low</Severity>
761
<MaxVulnLimit>150</MaxVulnLimit>
762
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
763
<MaxVarianceLimit>4</MaxVarianceLimit>
764
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
765
<EnforceEncoding>0</EnforceEncoding>
766
<ApplyPolicySeverity>0</ApplyPolicySeverity>
767
<AttackPoints>Response Analysis</AttackPoints>
768
<ParameterLocations></ParameterLocations>
769
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
770
<DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>
771
</AttackModulePolicy>
772
<AttackModulePolicy>
773
<Enabled>1</Enabled>
774
<ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
775
<ModulePriority>High</ModulePriority>
776
<Severity>High</Severity>
777
<MaxVulnLimit>5</MaxVulnLimit>
778
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
779
<MaxVarianceLimit>2</MaxVarianceLimit>
780
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
781
<EnforceEncoding>0</EnforceEncoding>
782
<ApplyPolicySeverity>0</ApplyPolicySeverity>
783
<AttackPoints>Web Resource</AttackPoints>
784
<ParameterLocations></ParameterLocations>
785
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
786
<DisplayName>Brute Force (HTTP Auth)</DisplayName>
787
</AttackModulePolicy>
788
<AttackModulePolicy>
789
<Enabled>1</Enabled>
790
<ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
791
<ModulePriority>High</ModulePriority>
792
<Severity>High</Severity>
793
<MaxVulnLimit>5</MaxVulnLimit>
794
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
795
<MaxVarianceLimit>2</MaxVarianceLimit>
796
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
797
<EnforceEncoding>0</EnforceEncoding>
798
<ApplyPolicySeverity>0</ApplyPolicySeverity>
799
<AttackPoints>Parameter</AttackPoints>
800
<ParameterLocations>Query|Post</ParameterLocations>
801
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
802
<DisplayName>Brute Force (Form Auth)</DisplayName>
803
</AttackModulePolicy>
804
<AttackModulePolicy>
805
<Enabled>1</Enabled>
806
<ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
807
<ModulePriority>High</ModulePriority>
808
<Severity>High</Severity>
809
<MaxVulnLimit>250</MaxVulnLimit>
810
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
811
<MaxVarianceLimit>4</MaxVarianceLimit>
812
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
813
<EnforceEncoding>0</EnforceEncoding>
814
<ApplyPolicySeverity>0</ApplyPolicySeverity>
815
<AttackPoints>Parameter</AttackPoints>
816
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
817
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
818
<DisplayName>Blind SQL</DisplayName>
819
</AttackModulePolicy>
820
<AttackModulePolicy>
821
<Enabled>1</Enabled>
822
<ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
823
<ModulePriority>Low</ModulePriority>
824
<Severity>Low</Severity>
825
<MaxVulnLimit>100</MaxVulnLimit>
826
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
827
<MaxVarianceLimit>4</MaxVarianceLimit>
828
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
829
<EnforceEncoding>0</EnforceEncoding>
830
<ApplyPolicySeverity>0</ApplyPolicySeverity>
831
<AttackPoints>Directory</AttackPoints>
832
<ParameterLocations></ParameterLocations>
833
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
834
<DisplayName>Clients Cross-Domain Policy Files</DisplayName>
835
</AttackModulePolicy>
836
<AttackModulePolicy>
837
<Enabled>1</Enabled>
838
<ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
839
<ModulePriority>Low</ModulePriority>
840
<Severity>Informational</Severity>
841
<MaxVulnLimit>100</MaxVulnLimit>
842
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
843
<MaxVarianceLimit>4</MaxVarianceLimit>
844
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
845
<EnforceEncoding>0</EnforceEncoding>
846
<ApplyPolicySeverity>0</ApplyPolicySeverity>
847
<AttackPoints>Response Analysis</AttackPoints>
848
<ParameterLocations></ParameterLocations>
849
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
850
<DisplayName>Information Disclosure in comments</DisplayName>
851
</AttackModulePolicy>
852
<AttackModulePolicy>
853
<Enabled>1</Enabled>
854
<ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
855
<ModulePriority>Medium</ModulePriority>
856
<Severity>Low</Severity>
857
<MaxVulnLimit>50</MaxVulnLimit>
858
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
859
<MaxVarianceLimit>10</MaxVarianceLimit>
860
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
861
<EnforceEncoding>0</EnforceEncoding>
862
<ApplyPolicySeverity>0</ApplyPolicySeverity>
863
<AttackPoints>Response Analysis</AttackPoints>
864
<ParameterLocations></ParameterLocations>
865
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
866
<DisplayName>Cookie attributes</DisplayName>
867
</AttackModulePolicy>
868
<AttackModulePolicy>
869
<Enabled>1</Enabled>
870
<ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
871
<ModulePriority>Low</ModulePriority>
872
<Severity>Low</Severity>
873
<MaxVulnLimit>100</MaxVulnLimit>
874
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
875
<MaxVarianceLimit>5</MaxVarianceLimit>
876
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
877
<EnforceEncoding>0</EnforceEncoding>
878
<ApplyPolicySeverity>0</ApplyPolicySeverity>
879
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
880
<ParameterLocations></ParameterLocations>
881
<RequestOriginations>AJAX</RequestOriginations>
882
<DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>
883
</AttackModulePolicy>
884
<AttackModulePolicy>
885
<Enabled>1</Enabled>
886
<ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
887
<ModulePriority>Low</ModulePriority>
888
<Severity>Medium</Severity>
889
<MaxVulnLimit>25</MaxVulnLimit>
890
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
891
<MaxVarianceLimit>2</MaxVarianceLimit>
892
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
893
<EnforceEncoding>0</EnforceEncoding>
894
<ApplyPolicySeverity>0</ApplyPolicySeverity>
895
<AttackPoints>Response Analysis</AttackPoints>
896
<ParameterLocations></ParameterLocations>
897
<RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
898
<DisplayName>Credentials over an insecure channel</DisplayName>
899
</AttackModulePolicy>
900
<AttackModulePolicy>
901
<Enabled>1</Enabled>
902
<ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>
903
<ModulePriority>Medium</ModulePriority>
904
<Severity>Informational</Severity>
905
<MaxVulnLimit>100</MaxVulnLimit>
906
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
907
<MaxVarianceLimit>4</MaxVarianceLimit>
908
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
909
<EnforceEncoding>0</EnforceEncoding>
910
<ApplyPolicySeverity>0</ApplyPolicySeverity>
911
<AttackPoints>Response Analysis</AttackPoints>
912
<ParameterLocations></ParameterLocations>
913
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
914
<DisplayName>Content Security Policy Header</DisplayName>
915
</AttackModulePolicy>
916
<AttackModulePolicy>
917
<Enabled>1</Enabled>
918
<ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
919
<ModulePriority>Low</ModulePriority>
920
<Severity>Low</Severity>
921
<MaxVulnLimit>250</MaxVulnLimit>
922
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
923
<MaxVarianceLimit>2</MaxVarianceLimit>
924
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
925
<EnforceEncoding>0</EnforceEncoding>
926
<ApplyPolicySeverity>0</ApplyPolicySeverity>
927
<AttackPoints>Web Resource</AttackPoints>
928
<ParameterLocations></ParameterLocations>
929
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
930
<DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>
931
</AttackModulePolicy>
932
<AttackModulePolicy>
933
<Enabled>0</Enabled>
934
<ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
935
<ModulePriority>Medium</ModulePriority>
936
<Severity>Informational</Severity>
937
<MaxVulnLimit>20</MaxVulnLimit>
938
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
939
<MaxVarianceLimit>1</MaxVarianceLimit>
940
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
941
<EnforceEncoding>0</EnforceEncoding>
942
<ApplyPolicySeverity>0</ApplyPolicySeverity>
943
<AttackPoints>Directory</AttackPoints>
944
<ParameterLocations></ParameterLocations>
945
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
946
<DisplayName>Custom Directory Module</DisplayName>
947
</AttackModulePolicy>
948
<AttackModulePolicy>
949
<Enabled>0</Enabled>
950
<ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
951
<ModulePriority>Medium</ModulePriority>
952
<Severity>Informational</Severity>
953
<MaxVulnLimit>20</MaxVulnLimit>
954
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
955
<MaxVarianceLimit>1</MaxVarianceLimit>
956
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
957
<EnforceEncoding>0</EnforceEncoding>
958
<ApplyPolicySeverity>0</ApplyPolicySeverity>
959
<AttackPoints>Parameter</AttackPoints>
960
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
961
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
962
<DisplayName>Custom Parameter Module</DisplayName>
963
</AttackModulePolicy>
964
<AttackModulePolicy>
965
<Enabled>0</Enabled>
966
<ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
967
<ModulePriority>Medium</ModulePriority>
968
<Severity>Informational</Severity>
969
<MaxVulnLimit>20</MaxVulnLimit>
970
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
971
<MaxVarianceLimit>1</MaxVarianceLimit>
972
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
973
<EnforceEncoding>0</EnforceEncoding>
974
<ApplyPolicySeverity>0</ApplyPolicySeverity>
975
<AttackPoints>Response Analysis</AttackPoints>
976
<ParameterLocations></ParameterLocations>
977
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
978
<DisplayName>Custom Passive Module</DisplayName>
979
</AttackModulePolicy>
980
<AttackModulePolicy>
981
<Enabled>1</Enabled>
982
<ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
983
<ModulePriority>Medium</ModulePriority>
984
<Severity>Low</Severity>
985
<MaxVulnLimit>250</MaxVulnLimit>
986
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
987
<MaxVarianceLimit>1</MaxVarianceLimit>
988
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
989
<EnforceEncoding>0</EnforceEncoding>
990
<ApplyPolicySeverity>0</ApplyPolicySeverity>
991
<AttackPoints>Directory</AttackPoints>
992
<ParameterLocations></ParameterLocations>
993
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
994
<DisplayName>Directory Indexing</DisplayName>
995
</AttackModulePolicy>
996
<AttackModulePolicy>
997
<Enabled>1</Enabled>
998
<ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
999
<ModulePriority>Low</ModulePriority>
1000
<Severity>Informational</Severity>
1001
<MaxVulnLimit>150</MaxVulnLimit>
1002
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1003
<MaxVarianceLimit>4</MaxVarianceLimit>
1004
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1005
<EnforceEncoding>0</EnforceEncoding>
1006
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1007
<AttackPoints>Response Analysis</AttackPoints>
1008
<ParameterLocations></ParameterLocations>
1009
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1010
<DisplayName>Email Disclosure</DisplayName>
1011
</AttackModulePolicy>
1012
<AttackModulePolicy>
1013
<Enabled>1</Enabled>
1014
<ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
1015
<ModulePriority>High</ModulePriority>
1016
<Severity>High</Severity>
1017
<MaxVulnLimit>100</MaxVulnLimit>
1018
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1019
<MaxVarianceLimit>4</MaxVarianceLimit>
1020
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1021
<EnforceEncoding>0</EnforceEncoding>
1022
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1023
<AttackPoints>Parameter</AttackPoints>
1024
<ParameterLocations>Path|Query|Post</ParameterLocations>
1025
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1026
<DisplayName>Expression Language Injection</DisplayName>
1027
</AttackModulePolicy>
1028
<AttackModulePolicy>
1029
<Enabled>1</Enabled>
1030
<ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
1031
<ModulePriority>Low</ModulePriority>
1032
<Severity>Low</Severity>
1033
<MaxVulnLimit>100</MaxVulnLimit>
1034
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1035
<MaxVarianceLimit>2</MaxVarianceLimit>
1036
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1037
<EnforceEncoding>0</EnforceEncoding>
1038
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1039
<AttackPoints>Parameter</AttackPoints>
1040
<ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
1041
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1042
<DisplayName>Forced Browsing</DisplayName>
1043
</AttackModulePolicy>
1044
<AttackModulePolicy>
1045
<Enabled>1</Enabled>
1046
<ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
1047
<ModulePriority>Medium</ModulePriority>
1048
<Severity>Low</Severity>
1049
<MaxVulnLimit>200</MaxVulnLimit>
1050
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1051
<MaxVarianceLimit>2</MaxVarianceLimit>
1052
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1053
<EnforceEncoding>0</EnforceEncoding>
1054
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1055
<AttackPoints>Response Analysis</AttackPoints>
1056
<ParameterLocations></ParameterLocations>
1057
<RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
1058
<DisplayName>Sensitive Data Exposure</DisplayName>
1059
</AttackModulePolicy>
1060
<AttackModulePolicy>
1061
<Enabled>1</Enabled>
1062
<ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
1063
<ModulePriority>High</ModulePriority>
1064
<Severity>Low</Severity>
1065
<MaxVulnLimit>5</MaxVulnLimit>
1066
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1067
<MaxVarianceLimit>4</MaxVarianceLimit>
1068
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1069
<EnforceEncoding>0</EnforceEncoding>
1070
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1071
<AttackPoints>Web Resource</AttackPoints>
1072
<ParameterLocations></ParameterLocations>
1073
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1074
<DisplayName>Form Session Strength</DisplayName>
1075
</AttackModulePolicy>
1076
<AttackModulePolicy>
1077
<Enabled>1</Enabled>
1078
<ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
1079
<ModulePriority>High</ModulePriority>
1080
<Severity>High</Severity>
1081
<MaxVulnLimit>25</MaxVulnLimit>
1082
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1083
<MaxVarianceLimit>50</MaxVarianceLimit>
1084
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1085
<EnforceEncoding>0</EnforceEncoding>
1086
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1087
<AttackPoints>Web Site</AttackPoints>
1088
<ParameterLocations></ParameterLocations>
1089
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1090
<DisplayName>FrontPage Checks</DisplayName>
1091
</AttackModulePolicy>
1092
<AttackModulePolicy>
1093
<Enabled>1</Enabled>
1094
<ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
1095
<ModulePriority>High</ModulePriority>
1096
<Severity>High</Severity>
1097
<MaxVulnLimit>25</MaxVulnLimit>
1098
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1099
<MaxVarianceLimit>1</MaxVarianceLimit>
1100
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1101
<EnforceEncoding>0</EnforceEncoding>
1102
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1103
<AttackPoints>Web Site</AttackPoints>
1104
<ParameterLocations></ParameterLocations>
1105
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1106
<DisplayName>Heartbleed Check</DisplayName>
1107
</AttackModulePolicy>
1108
<AttackModulePolicy>
1109
<Enabled>1</Enabled>
1110
<ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
1111
<ModulePriority>Low</ModulePriority>
1112
<Severity>Informational</Severity>
1113
<MaxVulnLimit>20</MaxVulnLimit>
1114
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1115
<MaxVarianceLimit>1</MaxVarianceLimit>
1116
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1117
<EnforceEncoding>0</EnforceEncoding>
1118
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1119
<AttackPoints>Response Analysis</AttackPoints>
1120
<ParameterLocations></ParameterLocations>
1121
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1122
<DisplayName>HTTP Strict Transport Security</DisplayName>
1123
</AttackModulePolicy>
1124
<AttackModulePolicy>
1125
<Enabled>1</Enabled>
1126
<ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
1127
<ModulePriority>Low</ModulePriority>
1128
<Severity>Low</Severity>
1129
<MaxVulnLimit>20</MaxVulnLimit>
1130
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1131
<MaxVarianceLimit>4</MaxVarianceLimit>
1132
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1133
<EnforceEncoding>0</EnforceEncoding>
1134
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1135
<AttackPoints>Response Analysis</AttackPoints>
1136
<ParameterLocations></ParameterLocations>
1137
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1138
<DisplayName>HTTP Authentication over insecure channel</DisplayName>
1139
</AttackModulePolicy>
1140
<AttackModulePolicy>
1141
<Enabled>1</Enabled>
1142
<ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
1143
<ModulePriority>Low</ModulePriority>
1144
<Severity>Low</Severity>
1145
<MaxVulnLimit>200</MaxVulnLimit>
1146
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1147
<MaxVarianceLimit>1</MaxVarianceLimit>
1148
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1149
<EnforceEncoding>0</EnforceEncoding>
1150
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1151
<AttackPoints>Web Resource</AttackPoints>
1152
<ParameterLocations></ParameterLocations>
1153
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1154
<DisplayName>HTTPS Downgrade</DisplayName>
1155
</AttackModulePolicy>
1156
<AttackModulePolicy>
1157
<Enabled>1</Enabled>
1158
<ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
1159
<ModulePriority>Medium</ModulePriority>
1160
<Severity>Informational</Severity>
1161
<MaxVulnLimit>200</MaxVulnLimit>
1162
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1163
<MaxVarianceLimit>4</MaxVarianceLimit>
1164
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1165
<EnforceEncoding>0</EnforceEncoding>
1166
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1167
<AttackPoints>Response Analysis</AttackPoints>
1168
<ParameterLocations></ParameterLocations>
1169
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1170
<DisplayName>HTTP Headers</DisplayName>
1171
</AttackModulePolicy>
1172
<AttackModulePolicy>
1173
<Enabled>1</Enabled>
1174
<ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
1175
<ModulePriority>High</ModulePriority>
1176
<Severity>High</Severity>
1177
<MaxVulnLimit>200</MaxVulnLimit>
1178
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1179
<MaxVarianceLimit>4</MaxVarianceLimit>
1180
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1181
<EnforceEncoding>0</EnforceEncoding>
1182
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1183
<AttackPoints>Parameter</AttackPoints>
1184
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1185
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1186
<DisplayName>HTTP Response Splitting</DisplayName>
1187
</AttackModulePolicy>
1188
<AttackModulePolicy>
1189
<Enabled>1</Enabled>
1190
<ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>
1191
<ModulePriority>Low</ModulePriority>
1192
<Severity>Low</Severity>
1193
<MaxVulnLimit>200</MaxVulnLimit>
1194
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1195
<MaxVarianceLimit>1</MaxVarianceLimit>
1196
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1197
<EnforceEncoding>0</EnforceEncoding>
1198
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1199
<AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>
1200
<ParameterLocations></ParameterLocations>
1201
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1202
<DisplayName>HTTPS Everywhere</DisplayName>
1203
</AttackModulePolicy>
1204
<AttackModulePolicy>
1205
<Enabled>1</Enabled>
1206
<ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>
1207
<ModulePriority>Low</ModulePriority>
1208
<Severity>Informational</Severity>
1209
<MaxVulnLimit>20</MaxVulnLimit>
1210
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1211
<MaxVarianceLimit>1</MaxVarianceLimit>
1212
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1213
<EnforceEncoding>0</EnforceEncoding>
1214
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1215
<AttackPoints>Web Resource</AttackPoints>
1216
<ParameterLocations></ParameterLocations>
1217
<RequestOriginations>HTML|Form|Flash|Silverlight</RequestOriginations>
1218
<DisplayName>HTTP User-Agent Check</DisplayName>
1219
</AttackModulePolicy>
1220
<AttackModulePolicy>
1221
<Enabled>1</Enabled>
1222
<ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
1223
<ModulePriority>Low</ModulePriority>
1224
<Severity>Informational</Severity>
1225
<MaxVulnLimit>500</MaxVulnLimit>
1226
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1227
<MaxVarianceLimit>4</MaxVarianceLimit>
1228
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1229
<EnforceEncoding>0</EnforceEncoding>
1230
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1231
<AttackPoints>Response Analysis</AttackPoints>
1232
<ParameterLocations></ParameterLocations>
1233
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1234
<DisplayName>Information Disclosure in response</DisplayName>
1235
</AttackModulePolicy>
1236
<AttackModulePolicy>
1237
<Enabled>1</Enabled>
1238
<ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
1239
<ModulePriority>High</ModulePriority>
1240
<Severity>Low</Severity>
1241
<MaxVulnLimit>500</MaxVulnLimit>
1242
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1243
<MaxVarianceLimit>4</MaxVarianceLimit>
1244
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1245
<EnforceEncoding>0</EnforceEncoding>
1246
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1247
<AttackPoints>Response Analysis</AttackPoints>
1248
<ParameterLocations></ParameterLocations>
1249
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1250
<DisplayName>Information Leakage in responses</DisplayName>
1251
</AttackModulePolicy>
1252
<AttackModulePolicy>
1253
<Enabled>1</Enabled>
1254
<ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
1255
<ModulePriority>Low</ModulePriority>
1256
<Severity>Low</Severity>
1257
<MaxVulnLimit>100</MaxVulnLimit>
1258
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1259
<MaxVarianceLimit>4</MaxVarianceLimit>
1260
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1261
<EnforceEncoding>0</EnforceEncoding>
1262
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1263
<AttackPoints>Web Resource</AttackPoints>
1264
<ParameterLocations></ParameterLocations>
1265
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1266
<DisplayName>Java Grinder</DisplayName>
1267
</AttackModulePolicy>
1268
<AttackModulePolicy>
1269
<Enabled>1</Enabled>
1270
<ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>
1271
<ModulePriority>Low</ModulePriority>
1272
<Severity>Informational</Severity>
1273
<MaxVulnLimit>100</MaxVulnLimit>
1274
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1275
<MaxVarianceLimit>4</MaxVarianceLimit>
1276
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1277
<EnforceEncoding>0</EnforceEncoding>
1278
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1279
<AttackPoints>Response Analysis</AttackPoints>
1280
<ParameterLocations></ParameterLocations>
1281
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight</RequestOriginations>
1282
<DisplayName>JavaScript Memory Leaks</DisplayName>
1283
</AttackModulePolicy>
1284
<AttackModulePolicy>
1285
<Enabled>1</Enabled>
1286
<ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
1287
<ModulePriority>High</ModulePriority>
1288
<Severity>High</Severity>
1289
<MaxVulnLimit>100</MaxVulnLimit>
1290
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1291
<MaxVarianceLimit>4</MaxVarianceLimit>
1292
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1293
<EnforceEncoding>0</EnforceEncoding>
1294
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1295
<AttackPoints>Parameter</AttackPoints>
1296
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1297
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1298
<DisplayName>LDAP Injection</DisplayName>
1299
</AttackModulePolicy>
1300
<AttackModulePolicy>
1301
<Enabled>1</Enabled>
1302
<ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
1303
<ModulePriority>High</ModulePriority>
1304
<Severity>Informational</Severity>
1305
<MaxVulnLimit>250</MaxVulnLimit>
1306
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1307
<MaxVarianceLimit>4</MaxVarianceLimit>
1308
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1309
<EnforceEncoding>0</EnforceEncoding>
1310
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1311
<AttackPoints>Response Analysis</AttackPoints>
1312
<ParameterLocations></ParameterLocations>
1313
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1314
<DisplayName>Local Storage Usage</DisplayName>
1315
</AttackModulePolicy>
1316
<AttackModulePolicy>
1317
<Enabled>1</Enabled>
1318
<ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
1319
<ModulePriority>Medium</ModulePriority>
1320
<Severity>Low</Severity>
1321
<MaxVulnLimit>100</MaxVulnLimit>
1322
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1323
<MaxVarianceLimit>4</MaxVarianceLimit>
1324
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1325
<EnforceEncoding>0</EnforceEncoding>
1326
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1327
<AttackPoints>Parameter|Response Analysis</AttackPoints>
1328
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1329
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1330
<DisplayName>Business logic abuse attacks</DisplayName>
1331
</AttackModulePolicy>
1332
<AttackModulePolicy>
1333
<Enabled>1</Enabled>
1334
<ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
1335
<ModulePriority>High</ModulePriority>
1336
<Severity>High</Severity>
1337
<MaxVulnLimit>10</MaxVulnLimit>
1338
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1339
<MaxVarianceLimit>1</MaxVarianceLimit>
1340
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1341
<EnforceEncoding>0</EnforceEncoding>
1342
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1343
<AttackPoints>Parameter</AttackPoints>
1344
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1345
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1346
<DisplayName>Nginx NULL code</DisplayName>
1347
</AttackModulePolicy>
1348
<AttackModulePolicy>
1349
<Enabled>1</Enabled>
1350
<ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
1351
<ModulePriority>Medium</ModulePriority>
1352
<Severity>High</Severity>
1353
<MaxVulnLimit>200</MaxVulnLimit>
1354
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1355
<MaxVarianceLimit>4</MaxVarianceLimit>
1356
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1357
<EnforceEncoding>0</EnforceEncoding>
1358
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1359
<AttackPoints>Parameter</AttackPoints>
1360
<ParameterLocations>File|Path|Query|Post</ParameterLocations>
1361
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1362
<DisplayName>OS Commanding</DisplayName>
1363
</AttackModulePolicy>
1364
<AttackModulePolicy>
1365
<Enabled>1</Enabled>
1366
<ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
1367
<ModulePriority>High</ModulePriority>
1368
<Severity>High</Severity>
1369
<MaxVulnLimit>250</MaxVulnLimit>
1370
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1371
<MaxVarianceLimit>5</MaxVarianceLimit>
1372
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1373
<EnforceEncoding>0</EnforceEncoding>
1374
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1375
<AttackPoints>Parameter</AttackPoints>
1376
<ParameterLocations>Query|Post</ParameterLocations>
1377
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1378
<DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>
1379
</AttackModulePolicy>
1380
<AttackModulePolicy>
1381
<Enabled>1</Enabled>
1382
<ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
1383
<ModulePriority>High</ModulePriority>
1384
<Severity>Medium</Severity>
1385
<MaxVulnLimit>250</MaxVulnLimit>
1386
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1387
<MaxVarianceLimit>5</MaxVarianceLimit>
1388
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1389
<EnforceEncoding>0</EnforceEncoding>
1390
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1391
<AttackPoints>Parameter</AttackPoints>
1392
<ParameterLocations>Query|Post</ParameterLocations>
1393
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1394
<DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>
1395
</AttackModulePolicy>
1396
<AttackModulePolicy>
1397
<Enabled>1</Enabled>
1398
<ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
1399
<ModulePriority>High</ModulePriority>
1400
<Severity>Medium</Severity>
1401
<MaxVulnLimit>500</MaxVulnLimit>
1402
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1403
<MaxVarianceLimit>4</MaxVarianceLimit>
1404
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1405
<EnforceEncoding>0</EnforceEncoding>
1406
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1407
<AttackPoints>Parameter</AttackPoints>
1408
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1409
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1410
<DisplayName>Parameter Fuzzing</DisplayName>
1411
</AttackModulePolicy>
1412
<AttackModulePolicy>
1413
<Enabled>1</Enabled>
1414
<ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
1415
<ModulePriority>High</ModulePriority>
1416
<Severity>Low</Severity>
1417
<MaxVulnLimit>10</MaxVulnLimit>
1418
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1419
<MaxVarianceLimit>2</MaxVarianceLimit>
1420
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1421
<EnforceEncoding>0</EnforceEncoding>
1422
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1423
<AttackPoints>Response Analysis</AttackPoints>
1424
<ParameterLocations></ParameterLocations>
1425
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1426
<DisplayName>Credentials stored in clear text in a cookie.</DisplayName>
1427
</AttackModulePolicy>
1428
<AttackModulePolicy>
1429
<Enabled>1</Enabled>
1430
<ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
1431
<ModulePriority>Medium</ModulePriority>
1432
<Severity>Informational</Severity>
1433
<MaxVulnLimit>200</MaxVulnLimit>
1434
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1435
<MaxVarianceLimit>10</MaxVarianceLimit>
1436
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1437
<EnforceEncoding>0</EnforceEncoding>
1438
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1439
<AttackPoints>Response Analysis</AttackPoints>
1440
<ParameterLocations></ParameterLocations>
1441
<RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
1442
<DisplayName>Collecting Sensitive Personal Information</DisplayName>
1443
</AttackModulePolicy>
1444
<AttackModulePolicy>
1445
<Enabled>1</Enabled>
1446
<ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
1447
<ModulePriority>High</ModulePriority>
1448
<Severity>Medium</Severity>
1449
<MaxVulnLimit>100</MaxVulnLimit>
1450
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1451
<MaxVarianceLimit>4</MaxVarianceLimit>
1452
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1453
<EnforceEncoding>0</EnforceEncoding>
1454
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1455
<AttackPoints>Parameter</AttackPoints>
1456
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1457
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1458
<DisplayName>PHP Code Execution</DisplayName>
1459
</AttackModulePolicy>
1460
<AttackModulePolicy>
1461
<Enabled>1</Enabled>
1462
<ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>
1463
<ModulePriority>High</ModulePriority>
1464
<Severity>Low</Severity>
1465
<MaxVulnLimit>4</MaxVulnLimit>
1466
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1467
<MaxVarianceLimit>4</MaxVarianceLimit>
1468
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1469
<EnforceEncoding>0</EnforceEncoding>
1470
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1471
<AttackPoints>Web Resource</AttackPoints>
1472
<ParameterLocations></ParameterLocations>
1473
<RequestOriginations>HTML</RequestOriginations>
1474
<DisplayName>Privacy Policy Check</DisplayName>
1475
</AttackModulePolicy>
1476
<AttackModulePolicy>
1477
<Enabled>1</Enabled>
1478
<ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
1479
<ModulePriority>Low</ModulePriority>
1480
<Severity>Informational</Severity>
1481
<MaxVulnLimit>250</MaxVulnLimit>
1482
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1483
<MaxVarianceLimit>10</MaxVarianceLimit>
1484
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1485
<EnforceEncoding>0</EnforceEncoding>
1486
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1487
<AttackPoints>Response Analysis</AttackPoints>
1488
<ParameterLocations></ParameterLocations>
1489
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1490
<DisplayName>Privacy Disclosure</DisplayName>
1491
</AttackModulePolicy>
1492
<AttackModulePolicy>
1493
<Enabled>1</Enabled>
1494
<ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
1495
<ModulePriority>Medium</ModulePriority>
1496
<Severity>Low</Severity>
1497
<MaxVulnLimit>10</MaxVulnLimit>
1498
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1499
<MaxVarianceLimit>4</MaxVarianceLimit>
1500
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1501
<EnforceEncoding>0</EnforceEncoding>
1502
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1503
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
1504
<ParameterLocations></ParameterLocations>
1505
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1506
<DisplayName>Privilege Escalation</DisplayName>
1507
</AttackModulePolicy>
1508
<AttackModulePolicy>
1509
<Enabled>1</Enabled>
1510
<ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
1511
<ModulePriority>Low</ModulePriority>
1512
<Severity>Informational</Severity>
1513
<MaxVulnLimit>200</MaxVulnLimit>
1514
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1515
<MaxVarianceLimit>4</MaxVarianceLimit>
1516
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1517
<EnforceEncoding>0</EnforceEncoding>
1518
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1519
<AttackPoints>Response Analysis</AttackPoints>
1520
<ParameterLocations></ParameterLocations>
1521
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1522
<DisplayName>Profanity</DisplayName>
1523
</AttackModulePolicy>
1524
<AttackModulePolicy>
1525
<Enabled>1</Enabled>
1526
<ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
1527
<ModulePriority>Low</ModulePriority>
1528
<Severity>Safe</Severity>
1529
<MaxVulnLimit>500</MaxVulnLimit>
1530
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1531
<MaxVarianceLimit>4</MaxVarianceLimit>
1532
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1533
<EnforceEncoding>0</EnforceEncoding>
1534
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1535
<AttackPoints>Parameter</AttackPoints>
1536
<ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
1537
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1538
<DisplayName>Reflection</DisplayName>
1539
</AttackModulePolicy>
1540
<AttackModulePolicy>
1541
<Enabled>1</Enabled>
1542
<ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
1543
<ModulePriority>Medium</ModulePriority>
1544
<Severity>Medium</Severity>
1545
<MaxVulnLimit>1000</MaxVulnLimit>
1546
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1547
<MaxVarianceLimit>4</MaxVarianceLimit>
1548
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1549
<EnforceEncoding>0</EnforceEncoding>
1550
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1551
<AttackPoints>Directory|File|Parameter</AttackPoints>
1552
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1553
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1554
<DisplayName>File Inclusion</DisplayName>
1555
</AttackModulePolicy>
1556
<AttackModulePolicy>
1557
<Enabled>1</Enabled>
1558
<ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
1559
<ModulePriority>Low</ModulePriority>
1560
<Severity>Informational</Severity>
1561
<MaxVulnLimit>50</MaxVulnLimit>
1562
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1563
<MaxVarianceLimit>2</MaxVarianceLimit>
1564
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1565
<EnforceEncoding>0</EnforceEncoding>
1566
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1567
<AttackPoints>Web Resource</AttackPoints>
1568
<ParameterLocations></ParameterLocations>
1569
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1570
<DisplayName>HTTP Verb Tampering</DisplayName>
1571
</AttackModulePolicy>
1572
<AttackModulePolicy>
1573
<Enabled>1</Enabled>
1574
<ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
1575
<ModulePriority>Low</ModulePriority>
1576
<Severity>Low</Severity>
1577
<MaxVulnLimit>200</MaxVulnLimit>
1578
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1579
<MaxVarianceLimit>10</MaxVarianceLimit>
1580
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1581
<EnforceEncoding>0</EnforceEncoding>
1582
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1583
<AttackPoints>Web Site|Directory|File</AttackPoints>
1584
<ParameterLocations></ParameterLocations>
1585
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1586
<DisplayName>Predictable Resource Location</DisplayName>
1587
</AttackModulePolicy>
1588
<AttackModulePolicy>
1589
<Enabled>1</Enabled>
1590
<ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
1591
<ModulePriority>Medium</ModulePriority>
1592
<Severity>Medium</Severity>
1593
<MaxVulnLimit>250</MaxVulnLimit>
1594
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1595
<MaxVarianceLimit>4</MaxVarianceLimit>
1596
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1597
<EnforceEncoding>0</EnforceEncoding>
1598
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1599
<AttackPoints>Parameter</AttackPoints>
1600
<ParameterLocations>Query</ParameterLocations>
1601
<RequestOriginations>HTML|Form</RequestOriginations>
1602
<DisplayName>Reverse Clickjacking</DisplayName>
1603
</AttackModulePolicy>
1604
<AttackModulePolicy>
1605
<Enabled>1</Enabled>
1606
<ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
1607
<ModulePriority>High</ModulePriority>
1608
<Severity>Low</Severity>
1609
<MaxVulnLimit>25</MaxVulnLimit>
1610
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1611
<MaxVarianceLimit>1</MaxVarianceLimit>
1612
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1613
<EnforceEncoding>0</EnforceEncoding>
1614
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1615
<AttackPoints>Web Site</AttackPoints>
1616
<ParameterLocations></ParameterLocations>
1617
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1618
<DisplayName>Reverse Proxy</DisplayName>
1619
</AttackModulePolicy>
1620
<AttackModulePolicy>
1621
<Enabled>1</Enabled>
1622
<ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
1623
<ModulePriority>Low</ModulePriority>
1624
<Severity>Low</Severity>
1625
<MaxVulnLimit>200</MaxVulnLimit>
1626
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1627
<MaxVarianceLimit>4</MaxVarianceLimit>
1628
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1629
<EnforceEncoding>0</EnforceEncoding>
1630
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1631
<AttackPoints>Response Analysis</AttackPoints>
1632
<ParameterLocations></ParameterLocations>
1633
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1634
<DisplayName>Information Disclosure in scripts</DisplayName>
1635
</AttackModulePolicy>
1636
<AttackModulePolicy>
1637
<Enabled>1</Enabled>
1638
<ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
1639
<ModulePriority>Low</ModulePriority>
1640
<Severity>Informational</Severity>
1641
<MaxVulnLimit>250</MaxVulnLimit>
1642
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1643
<MaxVarianceLimit>3</MaxVarianceLimit>
1644
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1645
<EnforceEncoding>0</EnforceEncoding>
1646
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1647
<AttackPoints>Response Analysis</AttackPoints>
1648
<ParameterLocations></ParameterLocations>
1649
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1650
<DisplayName>Secure and non-secure content mix</DisplayName>
1651
</AttackModulePolicy>
1652
<AttackModulePolicy>
1653
<Enabled>1</Enabled>
1654
<ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
1655
<ModulePriority>Low</ModulePriority>
1656
<Severity>Low</Severity>
1657
<MaxVulnLimit>100</MaxVulnLimit>
1658
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1659
<MaxVarianceLimit>4</MaxVarianceLimit>
1660
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1661
<EnforceEncoding>0</EnforceEncoding>
1662
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1663
<AttackPoints>Response Analysis</AttackPoints>
1664
<ParameterLocations></ParameterLocations>
1665
<RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
1666
<DisplayName>Sensitive data over an insecure channel</DisplayName>
1667
</AttackModulePolicy>
1668
<AttackModulePolicy>
1669
<Enabled>1</Enabled>
1670
<ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
1671
<ModulePriority>High</ModulePriority>
1672
<Severity>Informational</Severity>
1673
<MaxVulnLimit>10</MaxVulnLimit>
1674
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1675
<MaxVarianceLimit>1</MaxVarianceLimit>
1676
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1677
<EnforceEncoding>0</EnforceEncoding>
1678
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1679
<AttackPoints>Web Site|Response Analysis</AttackPoints>
1680
<ParameterLocations></ParameterLocations>
1681
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1682
<DisplayName>Server Configuration</DisplayName>
1683
</AttackModulePolicy>
1684
<AttackModulePolicy>
1685
<Enabled>1</Enabled>
1686
<ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
1687
<ModulePriority>Medium</ModulePriority>
1688
<Severity>Medium</Severity>
1689
<MaxVulnLimit>150</MaxVulnLimit>
1690
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1691
<MaxVarianceLimit>4</MaxVarianceLimit>
1692
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1693
<EnforceEncoding>0</EnforceEncoding>
1694
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1695
<AttackPoints>Parameter</AttackPoints>
1696
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1697
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1698
<DisplayName>Server Side Include (SSI) Injection</DisplayName>
1699
</AttackModulePolicy>
1700
<AttackModulePolicy>
1701
<Enabled>1</Enabled>
1702
<ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>
1703
<ModulePriority>High</ModulePriority>
1704
<Severity>High</Severity>
1705
<MaxVulnLimit>200</MaxVulnLimit>
1706
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1707
<MaxVarianceLimit>4</MaxVarianceLimit>
1708
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1709
<EnforceEncoding>0</EnforceEncoding>
1710
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1711
<AttackPoints>Parameter</AttackPoints>
1712
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1713
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1714
<DisplayName>Server Side Template Injection</DisplayName>
1715
</AttackModulePolicy>
1716
<AttackModulePolicy>
1717
<Enabled>1</Enabled>
1718
<ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
1719
<ModulePriority>High</ModulePriority>
1720
<Severity>Medium</Severity>
1721
<MaxVulnLimit>25</MaxVulnLimit>
1722
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1723
<MaxVarianceLimit>2</MaxVarianceLimit>
1724
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1725
<EnforceEncoding>0</EnforceEncoding>
1726
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1727
<AttackPoints>Web Resource</AttackPoints>
1728
<ParameterLocations></ParameterLocations>
1729
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1730
<DisplayName>Session Fixation</DisplayName>
1731
</AttackModulePolicy>
1732
<AttackModulePolicy>
1733
<Enabled>1</Enabled>
1734
<ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>
1735
<ModulePriority>Low</ModulePriority>
1736
<Severity>Low</Severity>
1737
<MaxVulnLimit>10</MaxVulnLimit>
1738
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1739
<MaxVarianceLimit>1</MaxVarianceLimit>
1740
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1741
<EnforceEncoding>0</EnforceEncoding>
1742
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1743
<AttackPoints>Parameter</AttackPoints>
1744
<ParameterLocations>Directory|Path|Query</ParameterLocations>
1745
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
1746
<DisplayName>HTTP Query Session Check</DisplayName>
1747
</AttackModulePolicy>
1748
<AttackModulePolicy>
1749
<Enabled>1</Enabled>
1750
<ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
1751
<ModulePriority>Medium</ModulePriority>
1752
<Severity>Low</Severity>
1753
<MaxVulnLimit>10</MaxVulnLimit>
1754
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1755
<MaxVarianceLimit>4</MaxVarianceLimit>
1756
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1757
<EnforceEncoding>0</EnforceEncoding>
1758
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1759
<AttackPoints>Web Resource</AttackPoints>
1760
<ParameterLocations></ParameterLocations>
1761
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1762
<DisplayName>Session Strength</DisplayName>
1763
</AttackModulePolicy>
1764
<AttackModulePolicy>
1765
<Enabled>1</Enabled>
1766
<ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>
1767
<ModulePriority>Medium</ModulePriority>
1768
<Severity>Low</Severity>
1769
<MaxVulnLimit>50</MaxVulnLimit>
1770
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1771
<MaxVarianceLimit>4</MaxVarianceLimit>
1772
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1773
<EnforceEncoding>0</EnforceEncoding>
1774
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1775
<AttackPoints>Response Analysis</AttackPoints>
1776
<ParameterLocations></ParameterLocations>
1777
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1778
<DisplayName>Session Upgrade</DisplayName>
1779
</AttackModulePolicy>
1780
<AttackModulePolicy>
1781
<Enabled>1</Enabled>
1782
<ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
1783
<ModulePriority>Low</ModulePriority>
1784
<Severity>Medium</Severity>
1785
<MaxVulnLimit>100</MaxVulnLimit>
1786
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1787
<MaxVarianceLimit>4</MaxVarianceLimit>
1788
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1789
<EnforceEncoding>0</EnforceEncoding>
1790
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1791
<AttackPoints>File</AttackPoints>
1792
<ParameterLocations></ParameterLocations>
1793
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1794
<DisplayName>Source Code Disclosure</DisplayName>
1795
</AttackModulePolicy>
1796
<AttackModulePolicy>
1797
<Enabled>1</Enabled>
1798
<ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
1799
<ModulePriority>High</ModulePriority>
1800
<Severity>Low</Severity>
1801
<MaxVulnLimit>250</MaxVulnLimit>
1802
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1803
<MaxVarianceLimit>4</MaxVarianceLimit>
1804
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1805
<EnforceEncoding>0</EnforceEncoding>
1806
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1807
<AttackPoints>Response Analysis</AttackPoints>
1808
<ParameterLocations></ParameterLocations>
1809
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1810
<DisplayName>SQL Information Leakage</DisplayName>
1811
</AttackModulePolicy>
1812
<AttackModulePolicy>
1813
<Enabled>1</Enabled>
1814
<ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
1815
<ModulePriority>High</ModulePriority>
1816
<Severity>High</Severity>
1817
<MaxVulnLimit>500</MaxVulnLimit>
1818
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1819
<MaxVarianceLimit>4</MaxVarianceLimit>
1820
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1821
<EnforceEncoding>0</EnforceEncoding>
1822
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1823
<AttackPoints>Parameter</AttackPoints>
1824
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1825
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1826
<DisplayName>SQL Injection</DisplayName>
1827
</AttackModulePolicy>
1828
<AttackModulePolicy>
1829
<Enabled>1</Enabled>
1830
<ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
1831
<ModulePriority>High</ModulePriority>
1832
<Severity>High</Severity>
1833
<MaxVulnLimit>25</MaxVulnLimit>
1834
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1835
<MaxVarianceLimit>4</MaxVarianceLimit>
1836
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1837
<EnforceEncoding>0</EnforceEncoding>
1838
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1839
<AttackPoints>Parameter</AttackPoints>
1840
<ParameterLocations>Path|Query|Post</ParameterLocations>
1841
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1842
<DisplayName>SQL Injection Auth Bypass</DisplayName>
1843
</AttackModulePolicy>
1844
<AttackModulePolicy>
1845
<Enabled>1</Enabled>
1846
<ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
1847
<ModulePriority>Medium</ModulePriority>
1848
<Severity>Medium</Severity>
1849
<MaxVulnLimit>100</MaxVulnLimit>
1850
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1851
<MaxVarianceLimit>4</MaxVarianceLimit>
1852
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1853
<EnforceEncoding>0</EnforceEncoding>
1854
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1855
<AttackPoints>Response Analysis</AttackPoints>
1856
<ParameterLocations></ParameterLocations>
1857
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1858
<DisplayName>SQL Parameter Check</DisplayName>
1859
</AttackModulePolicy>
1860
<AttackModulePolicy>
1861
<Enabled>1</Enabled>
1862
<ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
1863
<ModulePriority>Medium</ModulePriority>
1864
<Severity>Informational</Severity>
1865
<MaxVulnLimit>25</MaxVulnLimit>
1866
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1867
<MaxVarianceLimit>1</MaxVarianceLimit>
1868
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1869
<EnforceEncoding>0</EnforceEncoding>
1870
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1871
<AttackPoints>Web Site</AttackPoints>
1872
<ParameterLocations></ParameterLocations>
1873
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1874
<DisplayName>SSL Strength</DisplayName>
1875
</AttackModulePolicy>
1876
<AttackModulePolicy>
1877
<Enabled>1</Enabled>
1878
<ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
1879
<ModulePriority>Medium</ModulePriority>
1880
<Severity>Informational</Severity>
1881
<MaxVulnLimit>50</MaxVulnLimit>
1882
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1883
<MaxVarianceLimit>20</MaxVarianceLimit>
1884
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1885
<EnforceEncoding>0</EnforceEncoding>
1886
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1887
<AttackPoints>Web Site</AttackPoints>
1888
<ParameterLocations></ParameterLocations>
1889
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1890
<DisplayName>Subdomain discovery</DisplayName>
1891
</AttackModulePolicy>
1892
<AttackModulePolicy>
1893
<Enabled>1</Enabled>
1894
<ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
1895
<ModulePriority>High</ModulePriority>
1896
<Severity>Medium</Severity>
1897
<MaxVulnLimit>40</MaxVulnLimit>
1898
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1899
<MaxVarianceLimit>4</MaxVarianceLimit>
1900
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1901
<EnforceEncoding>0</EnforceEncoding>
1902
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1903
<AttackPoints>Parameter</AttackPoints>
1904
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1905
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1906
<DisplayName>Unvalidated Redirect</DisplayName>
1907
</AttackModulePolicy>
1908
<AttackModulePolicy>
1909
<Enabled>1</Enabled>
1910
<ModuleId>B69E83831D26496BB2CC0C0D70181EC3</ModuleId>
1911
<ModulePriority>High</ModulePriority>
1912
<Severity>Low</Severity>
1913
<MaxVulnLimit>40</MaxVulnLimit>
1914
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1915
<MaxVarianceLimit>4</MaxVarianceLimit>
1916
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1917
<EnforceEncoding>0</EnforceEncoding>
1918
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1919
<AttackPoints>Response Analysis</AttackPoints>
1920
<ParameterLocations></ParameterLocations>
1921
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1922
<DisplayName>URL rewriting</DisplayName>
1923
</AttackModulePolicy>
1924
<AttackModulePolicy>
1925
<Enabled>1</Enabled>
1926
<ModuleId>4DE84100F31849A7B845FE5F62D2FD7A</ModuleId>
1927
<ModulePriority>Medium</ModulePriority>
1928
<Severity>Medium</Severity>
1929
<MaxVulnLimit>25</MaxVulnLimit>
1930
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1931
<MaxVarianceLimit>2</MaxVarianceLimit>
1932
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1933
<EnforceEncoding>0</EnforceEncoding>
1934
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1935
<AttackPoints>Response Analysis</AttackPoints>
1936
<ParameterLocations></ParameterLocations>
1937
<RequestOriginations>HTML|Form</RequestOriginations>
1938
<DisplayName>ASP.NET ViewState security</DisplayName>
1939
</AttackModulePolicy>
1940
<AttackModulePolicy>
1941
<Enabled>1</Enabled>
1942
<ModuleId>0BE4C251F44C4CF1924104ADFD86289C</ModuleId>
1943
<ModulePriority>Low</ModulePriority>
1944
<Severity>Informational</Severity>
1945
<MaxVulnLimit>100</MaxVulnLimit>
1946
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1947
<MaxVarianceLimit>4</MaxVarianceLimit>
1948
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1949
<EnforceEncoding>0</EnforceEncoding>
1950
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1951
<AttackPoints>Web Resource</AttackPoints>
1952
<ParameterLocations></ParameterLocations>
1953
<RequestOriginations>HTML|Form|Flash|Silverlight</RequestOriginations>
1954
<DisplayName>Web Beacon</DisplayName>
1955
</AttackModulePolicy>
1956
<AttackModulePolicy>
1957
<Enabled>1</Enabled>
1958
<ModuleId>667629EC1FDC4C6D98B5F4031717BB9B</ModuleId>
1959
<ModulePriority>Medium</ModulePriority>
1960
<Severity>Low</Severity>
1961
<MaxVulnLimit>250</MaxVulnLimit>
1962
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1963
<MaxVarianceLimit>4</MaxVarianceLimit>
1964
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1965
<EnforceEncoding>0</EnforceEncoding>
1966
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1967
<AttackPoints>Directory</AttackPoints>
1968
<ParameterLocations></ParameterLocations>
1969
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1970
<DisplayName>Web DAV Flaws Check</DisplayName>
1971
</AttackModulePolicy>
1972
<AttackModulePolicy>
1973
<Enabled>1</Enabled>
1974
<ModuleId>74FB936F2BBA499F8D0AF3B7A29B4F9E</ModuleId>
1975
<ModulePriority>High</ModulePriority>
1976
<Severity>Low</Severity>
1977
<MaxVulnLimit>30</MaxVulnLimit>
1978
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1979
<MaxVarianceLimit>4</MaxVarianceLimit>
1980
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1981
<EnforceEncoding>0</EnforceEncoding>
1982
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1983
<AttackPoints>Web Site</AttackPoints>
1984
<ParameterLocations></ParameterLocations>
1985
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1986
<DisplayName>Cross-site tracing (XST)</DisplayName>
1987
</AttackModulePolicy>
1988
<AttackModulePolicy>
1989
<Enabled>1</Enabled>
1990
<ModuleId>377030BFE58A4F01A112295D32A0744C</ModuleId>
1991
<ModulePriority>High</ModulePriority>
1992
<Severity>Medium</Severity>
1993
<MaxVulnLimit>250</MaxVulnLimit>
1994
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1995
<MaxVarianceLimit>4</MaxVarianceLimit>
1996
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1997
<EnforceEncoding>0</EnforceEncoding>
1998
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1999
<AttackPoints>Parameter</AttackPoints>
2000
<ParameterLocations>Post</ParameterLocations>
2001
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2002
<DisplayName>Web Service Parameter Fuzzing</DisplayName>
2003
</AttackModulePolicy>
2004
<AttackModulePolicy>
2005
<Enabled>1</Enabled>
2006
<ModuleId>8399FA8EDF5C41BC9D3CF85DC23DC26B</ModuleId>
2007
<ModulePriority>Low</ModulePriority>
2008
<Severity>Informational</Severity>
2009
<MaxVulnLimit>20</MaxVulnLimit>
2010
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2011
<MaxVarianceLimit>2</MaxVarianceLimit>
2012
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2013
<EnforceEncoding>0</EnforceEncoding>
2014
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2015
<AttackPoints>Response Analysis</AttackPoints>
2016
<ParameterLocations></ParameterLocations>
2017
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2018
<DisplayName>X-Content-Type-Options</DisplayName>
2019
</AttackModulePolicy>
2020
<AttackModulePolicy>
2021
<Enabled>1</Enabled>
2022
<ModuleId>3E2E60F7D0E04D8596918C2D1F639064</ModuleId>
2023
<ModulePriority>Low</ModulePriority>
2024
<Severity>Informational</Severity>
2025
<MaxVulnLimit>50</MaxVulnLimit>
2026
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2027
<MaxVarianceLimit>2</MaxVarianceLimit>
2028
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2029
<EnforceEncoding>0</EnforceEncoding>
2030
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2031
<AttackPoints>Response Analysis</AttackPoints>
2032
<ParameterLocations></ParameterLocations>
2033
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2034
<DisplayName>X-Frame-Options</DisplayName>
2035
</AttackModulePolicy>
2036
<AttackModulePolicy>
2037
<Enabled>1</Enabled>
2038
<ModuleId>615D72F401BC447AB4A2139654BC9945</ModuleId>
2039
<ModulePriority>Low</ModulePriority>
2040
<Severity>Informational</Severity>
2041
<MaxVulnLimit>25</MaxVulnLimit>
2042
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2043
<MaxVarianceLimit>2</MaxVarianceLimit>
2044
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2045
<EnforceEncoding>0</EnforceEncoding>
2046
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2047
<AttackPoints>Response Analysis</AttackPoints>
2048
<ParameterLocations></ParameterLocations>
2049
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2050
<DisplayName>X-XSS-Protection</DisplayName>
2051
</AttackModulePolicy>
2052
<AttackModulePolicy>
2053
<Enabled>1</Enabled>
2054
<ModuleId>ABFA075919804435A25A22A8CAC191DF</ModuleId>
2055
<ModulePriority>High</ModulePriority>
2056
<Severity>Medium</Severity>
2057
<MaxVulnLimit>100</MaxVulnLimit>
2058
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2059
<MaxVarianceLimit>4</MaxVarianceLimit>
2060
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2061
<EnforceEncoding>0</EnforceEncoding>
2062
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2063
<AttackPoints>Parameter</AttackPoints>
2064
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2065
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2066
<DisplayName>XML External Entity Attack</DisplayName>
2067
</AttackModulePolicy>
2068
<AttackModulePolicy>
2069
<Enabled>1</Enabled>
2070
<ModuleId>BBE9F36A88A944ECB837D5193D356E4C</ModuleId>
2071
<ModulePriority>Medium</ModulePriority>
2072
<Severity>High</Severity>
2073
<MaxVulnLimit>100</MaxVulnLimit>
2074
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2075
<MaxVarianceLimit>4</MaxVarianceLimit>
2076
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2077
<EnforceEncoding>0</EnforceEncoding>
2078
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2079
<AttackPoints>Parameter</AttackPoints>
2080
<ParameterLocations>Path|Query|Post</ParameterLocations>
2081
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2082
<DisplayName>XPath Injection</DisplayName>
2083
</AttackModulePolicy>
2084
<AttackModulePolicy>
2085
<Enabled>1</Enabled>
2086
<ModuleId>6CEF426D33514825B50741616DB2120B</ModuleId>
2087
<ModulePriority>Low</ModulePriority>
2088
<Severity>Informational</Severity>
2089
<MaxVulnLimit>25</MaxVulnLimit>
2090
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2091
<MaxVarianceLimit>2</MaxVarianceLimit>
2092
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2093
<EnforceEncoding>0</EnforceEncoding>
2094
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2095
<AttackPoints>Response Analysis</AttackPoints>
2096
<ParameterLocations></ParameterLocations>
2097
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2098
<DisplayName>X-Powered-By</DisplayName>
2099
</AttackModulePolicy>
2100
<AttackModulePolicy>
2101
<Enabled>1</Enabled>
2102
<ModuleId>46A8FE469F6C44BFB9946C021A2BCDC8</ModuleId>
2103
<ModulePriority>High</ModulePriority>
2104
<Severity>Medium</Severity>
2105
<MaxVulnLimit>250</MaxVulnLimit>
2106
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2107
<MaxVarianceLimit>4</MaxVarianceLimit>
2108
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2109
<EnforceEncoding>0</EnforceEncoding>
2110
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2111
<AttackPoints>Response Analysis</AttackPoints>
2112
<ParameterLocations></ParameterLocations>
2113
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2114
<DisplayName>Cross-site scripting (XSS), (DOM based)</DisplayName>
2115
</AttackModulePolicy>
2116
<AttackModulePolicy>
2117
<Enabled>1</Enabled>
2118
<ModuleId>BD57F92E956A493DA39ADDF215B29D96</ModuleId>
2119
<ModulePriority>High</ModulePriority>
2120
<Severity>Medium</Severity>
2121
<MaxVulnLimit>100</MaxVulnLimit>
2122
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2123
<MaxVarianceLimit>4</MaxVarianceLimit>
2124
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2125
<EnforceEncoding>0</EnforceEncoding>
2126
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2127
<AttackPoints>Web Resource</AttackPoints>
2128
<ParameterLocations></ParameterLocations>
2129
<RequestOriginations>AJAX</RequestOriginations>
2130
<DisplayName>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</DisplayName>
2131
</AttackModulePolicy>
2132
<AttackModulePolicy>
2133
<Enabled>1</Enabled>
2134
<ModuleId>62AA6A08FA764E209551B4A4C479F08D</ModuleId>
2135
<ModulePriority>High</ModulePriority>
2136
<Severity>High</Severity>
2137
<MaxVulnLimit>100</MaxVulnLimit>
2138
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2139
<MaxVarianceLimit>4</MaxVarianceLimit>
2140
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2141
<EnforceEncoding>0</EnforceEncoding>
2142
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2143
<AttackPoints>Response Analysis</AttackPoints>
2144
<ParameterLocations></ParameterLocations>
2145
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2146
<DisplayName>Persistent Cross-site scripting (XSS) (passive)</DisplayName>
2147
</AttackModulePolicy>
2148
<AttackModulePolicy>
2149
<Enabled>1</Enabled>
2150
<ModuleId>050ABD8CF99F4EE4AA18C12F06FA3051</ModuleId>
2151
<ModulePriority>High</ModulePriority>
2152
<Severity>High</Severity>
2153
<MaxVulnLimit>250</MaxVulnLimit>
2154
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2155
<MaxVarianceLimit>5</MaxVarianceLimit>
2156
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2157
<EnforceEncoding>0</EnforceEncoding>
2158
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2159
<AttackPoints>Parameter</AttackPoints>
2160
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2161
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2162
<DisplayName>Persistent Cross-site scripting (XSS), (active)</DisplayName>
2163
</AttackModulePolicy>
2164
<AttackModulePolicy>
2165
<Enabled>1</Enabled>
2166
<ModuleId>ABEB2E590AA24A39BB6FE7DBD6338277</ModuleId>
2167
<ModulePriority>High</ModulePriority>
2168
<Severity>Medium</Severity>
2169
<MaxVulnLimit>400</MaxVulnLimit>
2170
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2171
<MaxVarianceLimit>5</MaxVarianceLimit>
2172
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2173
<EnforceEncoding>0</EnforceEncoding>
2174
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2175
<AttackPoints>Parameter</AttackPoints>
2176
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2177
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
2178
<DisplayName>Reflected Cross-site scripting (XSS)</DisplayName>
2179
</AttackModulePolicy>
2180
<AttackModulePolicy>
2181
<Enabled>1</Enabled>
2182
<ModuleId>FFBF4640C8A4475E93E099018951B409</ModuleId>
2183
<ModulePriority>Medium</ModulePriority>
2184
<Severity>Medium</Severity>
2185
<MaxVulnLimit>250</MaxVulnLimit>
2186
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2187
<MaxVarianceLimit>4</MaxVarianceLimit>
2188
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2189
<EnforceEncoding>0</EnforceEncoding>
2190
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2191
<AttackPoints>Parameter</AttackPoints>
2192
<ParameterLocations>File|Query|Post</ParameterLocations>
2193
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
2194
<DisplayName>Reflected Cross-site scripting (XSS), (simple)</DisplayName>
2195
</AttackModulePolicy>
2196
<AttackModulePolicy>
2197
<Enabled>1</Enabled>
2198
<ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>
2199
<ModulePriority>Low</ModulePriority>
2200
<Severity>Low</Severity>
2201
<MaxVulnLimit>100</MaxVulnLimit>
2202
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2203
<MaxVarianceLimit>4</MaxVarianceLimit>
2204
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2205
<EnforceEncoding>0</EnforceEncoding>
2206
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2207
<AttackPoints>Response Analysis</AttackPoints>
2208
<ParameterLocations></ParameterLocations>
2209
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight</RequestOriginations>
2210
<DisplayName>Subresource Integrity</DisplayName>
2211
</AttackModulePolicy>
2212
<AttackModulePolicy>
2213
<Enabled>0</Enabled>
2214
<ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>
2215
<ModulePriority>High</ModulePriority>
2216
<Severity>High</Severity>
2217
<MaxVulnLimit>500</MaxVulnLimit>
2218
<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
2219
<MaxVarianceLimit>4</MaxVarianceLimit>
2220
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2221
<EnforceEncoding>0</EnforceEncoding>
2222
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2223
<AttackPoints>Parameter</AttackPoints>
2224
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
2225
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2226
<DisplayName>NoSQLi Injection</DisplayName>
2227
</AttackModulePolicy>
2228
<AttackModulePolicy>
2229
<Enabled>0</Enabled>
2230
<ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>
2231
<ModulePriority>High</ModulePriority>
2232
<Severity>High</Severity>
2233
<MaxVulnLimit>250</MaxVulnLimit>
2234
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
2235
<MaxVarianceLimit>4</MaxVarianceLimit>
2236
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2237
<EnforceEncoding>0</EnforceEncoding>
2238
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2239
<AttackPoints>Parameter</AttackPoints>
2240
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
2241
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2242
<DisplayName>Blind NoSQLi</DisplayName>
2243
</AttackModulePolicy>
2244
<AttackModulePolicy>
2245
<Enabled>0</Enabled>
2246
<ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>
2247
<ModulePriority>High</ModulePriority>
2248
<Severity>High</Severity>
2249
<MaxVulnLimit>250</MaxVulnLimit>
2250
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2251
<MaxVarianceLimit>4</MaxVarianceLimit>
2252
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2253
<EnforceEncoding>0</EnforceEncoding>
2254
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2255
<AttackPoints>Directory|File|Parameter</AttackPoints>
2256
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
2257
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2258
<DisplayName>Server Side Request Forgery</DisplayName>
2259
</AttackModulePolicy>
2260
</AttackModulePolicyList>
2261
</AttackPolicyConfig>
2262
<ScanConfig>
2263
<Enabled>0</Enabled>
2264
<NotExistingFilePath>/aaaaaaaa.aaa</NotExistingFilePath>
2265
<NotExistingDirPath>/aaaaaaaa/</NotExistingDirPath>
2266
<AppendToOriginalValue>1</AppendToOriginalValue>
2267
<ReplaceOriginalValue>0</ReplaceOriginalValue>
2268
</ScanConfig>
2269
<AuthConfig>
2270
<Type>Selenium</Type>
2271
<HttpAuth>0</HttpAuth>
2272
<OAuth>0</OAuth>
2273
<ReloginAfterSessionLoss>1</ReloginAfterSessionLoss>
2274
<LogoutDetection>1</LogoutDetection>
2275
<UserAssistance>0</UserAssistance>
2276
<AssumeSuccessfulLogin>0</AssumeSuccessfulLogin>
2277
<VerifyNotLoggedin>1</VerifyNotLoggedin>
2278
<PostponeLoginAction>1</PostponeLoginAction>
2279
<CreateNonAuthenticatedSession>0</CreateNonAuthenticatedSession>
2280
<TreatFailedReloginAsError>1</TreatFailedReloginAsError>
2281
<RestartProxyBeforeRelogin>0</RestartProxyBeforeRelogin>
2282
<TemplateLoginMacro>0</TemplateLoginMacro>
2283
<BlacklistSinglePasswordForms>0</BlacklistSinglePasswordForms>
2284
<BlacklistMultiPasswordForms>1</BlacklistMultiPasswordForms>
2285
<ResetCookies>1</ResetCookies>
2286
<AccountType>Restricted</AccountType>
2287
<UsernameForm></UsernameForm>
2288
<PasswordForm></PasswordForm>
2289
<UsernameHttp></UsernameHttp>
2290
<PasswordHttp></PasswordHttp>
2291
<AutoLogonSecurity>Medium</AutoLogonSecurity>
2292
<LoginLinkRegex>((log|sign)[ -]?(in|on))|auth</LoginLinkRegex>
2293
<LoggedInRegex>(sign|log)[ -]?(out|off)</LoggedInRegex>
2294
<LoggedInHeaderRegex></LoggedInHeaderRegex>
2295
<SessionLossRegex>please (re)?login|have been logged out|session has expired</SessionLossRegex>
2296
<SessionLossHeaderRegex>Location: [^\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\b</SessionLossHeaderRegex>
2297
<LogoutLinkRegex>(sign|log|time)[ -]?(in|on|out|off)|password</LogoutLinkRegex>
2298
<LogoutPostBodyRegex>(sign|log|time)[ -]?(in|on|out|off)</LogoutPostBodyRegex>
2299
<CanaryPage></CanaryPage>
2300
<SessionLossOnCanaryPageRegex></SessionLossOnCanaryPageRegex>
2301
<FormSubmissionScript></FormSubmissionScript>
2302
<SessionCookieRegex>\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\b</SessionCookieRegex>
2303
<SessionCookieLifespan>32</SessionCookieLifespan>
2304
<URLSessionTokenRegex></URLSessionTokenRegex>
2305
<PostSessionTokenRegex></PostSessionTokenRegex>
2306
<ResponseBodyTokenRegex></ResponseBodyTokenRegex>
2307
<SecondResponseBodyTokenRegex></SecondResponseBodyTokenRegex>
2308
<HTTPHeaderWithTokenReplacement></HTTPHeaderWithTokenReplacement>
2309
<SecondHTTPHeaderWithTokenReplacement></SecondHTTPHeaderWithTokenReplacement>
2310
<LogoutDetectionFrequency>60</LogoutDetectionFrequency>
2311
<DiscoveryMaxLinks>100</DiscoveryMaxLinks>
2312
<LoginMaxLinks>50</LoginMaxLinks>
2313
<DiscoveryDepth>10</DiscoveryDepth>
2314
<LoginDepth>10</LoginDepth>
2315
<MaxMacroReloginAttempts>3</MaxMacroReloginAttempts>
2316
<DiscoveryPrioritization>Login Form Discovery</DiscoveryPrioritization>
2317
<LoginPrioritization>Login</LoginPrioritization>
2318
<BootstrapDelay>60000</BootstrapDelay>
2319
<SeedLink></SeedLink>
2320
<DiscoverLoginForm>1</DiscoverLoginForm>
2321
<UseBrowserFormLogin>1</UseBrowserFormLogin>
2322
<PingFrequency>600</PingFrequency>
2323
<PingURL></PingURL>
2324
<HmacConfig>
2325
<HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2326
<HMACUsername></HMACUsername>
2327
<HMACApiKey></HMACApiKey>
2328
<HMACHashAlgorithm>32780</HMACHashAlgorithm>
2329
</HmacConfig>
2330
<HawkConfig>
2331
<HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2332
<HMACUsername></HMACUsername>
2333
<HMACApiKey></HMACApiKey>
2334
<HMACHashAlgorithm>32780</HMACHashAlgorithm>
2335
<HAWKAuthKeyId></HAWKAuthKeyId>
2336
<HAWKAuthKey></HAWKAuthKey>
2337
<HAWKExtAppData></HAWKExtAppData>
2338
</HawkConfig>
2339
<OauthConfig>
2340
<ResourceOwnerURL></ResourceOwnerURL>
2341
<ResourceServerURL></ResourceServerURL>
2342
<AuthorizationServerURL>/authorize</AuthorizationServerURL>
2343
<ClientId></ClientId>
2344
<ClientScope></ClientScope>
2345
<ClientState></ClientState>
2346
<ClientSecret></ClientSecret>
2347
<RedirectURI></RedirectURI>
2348
<Username></Username>
2349
<Password></Password>
2350
<UsernameForm></UsernameForm>
2351
<PasswordForm></PasswordForm>
2352
<ExtensionGrant></ExtensionGrant>
2353
<AuthorizationGrantType>Null</AuthorizationGrantType>
2354
<NeverDoBasicAuth>0</NeverDoBasicAuth>
2355
<JsonPostBodies>0</JsonPostBodies>
2356
<AzureResponseMode>NullAzureResponseMode</AzureResponseMode>
2357
<AzureResourceUrl></AzureResourceUrl>
2358
<AzurePrompt>NullAzurePrompt</AzurePrompt>
2359
<AzureLoginHint></AzureLoginHint>
2360
<AzureDomainHint></AzureDomainHint>
2361
</OauthConfig>
2362
<ADALConfig>
2363
<ResourceId>https://graph.windows.net</ResourceId>
2364
<Tenant></Tenant>
2365
<ClientId></ClientId>
2366
<AuthorityURL></AuthorityURL>
2367
<Username></Username>
2368
<Password></Password>
2369
<TokenRefreshPeriod>0:10:01</TokenRefreshPeriod>
2370
</ADALConfig>
2371
<MacroFile>
2372
<MacroFileName><![CDATA[]]></MacroFileName>
2373
<JavaScriptEngine>Default</JavaScriptEngine>
2374
<ShowInBrowser>0</ShowInBrowser>
2375
<ReplaySpeed>1</ReplaySpeed>
2376
<ASAPMode>1</ASAPMode>
2377
<ASAPModeMinDelay>3000</ASAPModeMinDelay>
2378
<ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro>
2379
<AttackAsSequence>0</AttackAsSequence>
2380
<SequenceConfig>
2381
<ResetSession>1</ResetSession>
2382
<AutoSequenceConfig>1</AutoSequenceConfig>
2383
<ManualSequenceConfig>
2384
</ManualSequenceConfig>
2385
</SequenceConfig>
2386
<WebDriverConfig>
2387
<ChromeDriverPort>1235</ChromeDriverPort>
2388
<ChromeDebugPort>1234</ChromeDebugPort>
2389
</WebDriverConfig>
2390
</MacroFile>
2391
<WebServiceAuthConfig>
2392
<Enabled>0</Enabled>
2393
<AuthWSDL></AuthWSDL>
2394
<AuthWebMethod></AuthWebMethod>
2395
<GetAuthTokenXPath></GetAuthTokenXPath>
2396
<PutAuthTokenXPath></PutAuthTokenXPath>
2397
<ExtractAuthToken>1</ExtractAuthToken>
2398
</WebServiceAuthConfig>
2399
<SeleniumFile>
2400
<SeleniumFileName><![CDATA[C:\Users\tperry\Desktop\scripts\firefox.htm]]></SeleniumFileName>
2401
</SeleniumFile>
2402
<TrafficFile>
2403
<TrafficFileName></TrafficFileName>
2404
<TrafficFilePassword></TrafficFilePassword>
2405
<AttackAsSequence>0</AttackAsSequence>
2406
<BeginAttackRequest>0</BeginAttackRequest>
2407
<EndAttackRequest>-1</EndAttackRequest>
2408
</TrafficFile>
2409
<BrowserFormLoginConfig>
2410
<ShowInBrowser>0</ShowInBrowser>
2411
<InitialNavigateEventDuration>10000</InitialNavigateEventDuration>
2412
<FinalDelayEventDuration>20000</FinalDelayEventDuration>
2413
</BrowserFormLoginConfig>
2414
</AuthConfig>
2415
<ProxyConfig>
2416
<Type>Internet Explorer Settings</Type>
2417
<HttpHost></HttpHost>
2418
<HttpPort>0</HttpPort>
2419
<HttpsHost></HttpsHost>
2420
<HttpsPort>0</HttpsPort>
2421
<PACFile></PACFile>
2422
<Username></Username>
2423
<Password></Password>
2424
</ProxyConfig>
2425
<RemediationConfig>
2426
<DollarsPerHourAppDev>250</DollarsPerHourAppDev>
2427
<DollarsPerHourServerAdmin>250</DollarsPerHourServerAdmin>
2428
<DollarsPerHourDatabaseAdmin>250</DollarsPerHourDatabaseAdmin>
2429
<SetupHoursAppDev>8</SetupHoursAppDev>
2430
<SetupHoursServerAdmin>2</SetupHoursServerAdmin>
2431
<SetupHoursDatabaseAdmin>8</SetupHoursDatabaseAdmin>
2432
<MinHoursPerIssueAppDev>0.75</MinHoursPerIssueAppDev>
2433
<MaxHoursPerIssueAppDev>1.25</MaxHoursPerIssueAppDev>
2434
<MinHoursPerIssueServerAdmin>0.25</MinHoursPerIssueServerAdmin>
2435
<MaxHoursPerIssueServerAdmin>1</MaxHoursPerIssueServerAdmin>
2436
<MinHoursPerIssueDatabaseAdmin>0.75</MinHoursPerIssueDatabaseAdmin>
2437
<MaxHoursPerIssueDatabaseAdmin>1.25</MaxHoursPerIssueDatabaseAdmin>
2438
</RemediationConfig>
2439
<SSLCertConfig>
2440
<Type>NoCert</Type>
2441
<File></File>
2442
<Password></Password>
2443
<Index>-3</Index>
2444
<Name></Name>
2445
<SerialNumber></SerialNumber>
2446
<IssuerNameBase64></IssuerNameBase64>
2447
<Pin></Pin>
2448
<RequestPinAtStartup>0</RequestPinAtStartup>
2449
<SetPinInterval>180</SetPinInterval>
2450
</SSLCertConfig>
2451
<NetworkSettingsConfig>
2452
<CloseConnection>0</CloseConnection>
2453
<SendKeepAliveHeader>0</SendKeepAliveHeader>
2454
<PreAuthenticateBasicAuth>0</PreAuthenticateBasicAuth>
2455
<MaxRetries>2</MaxRetries>
2456
<MaxResponseSize>7000000</MaxResponseSize>
2457
<MaxJavasciptResponseSize>12000000</MaxJavasciptResponseSize>
2458
<ResolveTimeout>60000</ResolveTimeout>
2459
<ConnectTimeout>60000</ConnectTimeout>
2460
<WriteTimeout>60000</WriteTimeout>
2461
<ReadTimeout>60000</ReadTimeout>
2462
<AssumeDisconnectedTimeout>18000000</AssumeDisconnectedTimeout>
2463
<DripDelayMilliSeconds>25</DripDelayMilliSeconds>
2464
<MaxConsecutiveFailures>500</MaxConsecutiveFailures>
2465
<CustomNetworkLib>0</CustomNetworkLib>
2466
<NetworkPreferredAuthScheme>npasDefault</NetworkPreferredAuthScheme>
2467
<UseSecureProtocols>0</UseSecureProtocols>
2468
<SecureProtocols>SSL3|TLS1</SecureProtocols>
2469
<RASPScanDataSinkHost></RASPScanDataSinkHost>
2470
<RASPScanKickoffRESTHost></RASPScanKickoffRESTHost>
2471
<RASPScanKickoffRESTEndpoint>advise_rasp_of_scan</RASPScanKickoffRESTEndpoint>
2472
<RASPTimeout>0:03:00</RASPTimeout>
2473
</NetworkSettingsConfig>
2474
<PerformanceConfig>
2475
<MaxConcurrentRequests>16</MaxConcurrentRequests>
2476
<MaxBandwidthKB>1200</MaxBandwidthKB>
2477
<MaxBrowserLimit>10</MaxBrowserLimit>
2478
<MaxBrowserReuseCount>10</MaxBrowserReuseCount>
2479
<MaxBrowserMemorySize>209715200</MaxBrowserMemorySize>
2480
<MaxCPUUsage>50</MaxCPUUsage>
2481
<MemoryCeiling>2800</MemoryCeiling>
2482
<AntiDoS>0</AntiDoS>
2483
<MonitorPerformanceUsage>1</MonitorPerformanceUsage>
2484
<DumpUserProcessMemoryUsage>0</DumpUserProcessMemoryUsage>
2485
<SingleThreadedScan>0</SingleThreadedScan>
2486
<KillStrayIEInstances>0</KillStrayIEInstances>
2487
<KillStrayChromeInstances>0</KillStrayChromeInstances>
2488
<MinFreeDiskSpace>524288000</MinFreeDiskSpace>
2489
<MaxMemoryUsagePercent>70</MaxMemoryUsagePercent>
2490
<MaxThreadCount>400</MaxThreadCount>
2491
<MaxBrowserProcessLifetime>240000</MaxBrowserProcessLifetime>
2492
<MinDatabaseCompactInterval>900000</MinDatabaseCompactInterval>
2493
<DatabaseCompactDuringScan>0</DatabaseCompactDuringScan>
2494
<DatabaseCompactPostScan>0</DatabaseCompactPostScan>
2495
</PerformanceConfig>
2496
<SystemRecommendationsConfig>
2497
<Enabled>1</Enabled>
2498
<MinLogicalProcessors>2</MinLogicalProcessors>
2499
<MinTotalPhysicalMemoryFor64Bit>4187593113</MinTotalPhysicalMemoryFor64Bit>
2500
<MinAvailablePhysicalMemoryFor64Bit>2147483648</MinAvailablePhysicalMemoryFor64Bit>
2501
<MinTotalPhysicalMemoryFor32Bit>2147483648</MinTotalPhysicalMemoryFor32Bit>
2502
<MinAvailablePhysicalMemoryFor32Bit>1073741824</MinAvailablePhysicalMemoryFor32Bit>
2503
<MinFreeDiskSpace>10737418240</MinFreeDiskSpace>
2504
</SystemRecommendationsConfig>
2505
<HTTPHeadersConfig>
2506
<HttpProtocol>HTTP/1.1</HttpProtocol>
2507
<Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept>
2508
<AcceptCharset></AcceptCharset>
2509
<AcceptEncoding>gzip, deflate</AcceptEncoding>
2510
<AcceptLanguage>en-US</AcceptLanguage>
2511
<Cookie></Cookie>
2512
<UserAgent>Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36</UserAgent>
2513
<OverwriteWithDefaultHeaders>0</OverwriteWithDefaultHeaders>
2514
<TrafficHeaderList>
2515
<TrafficHeader>
2516
<Value>Authorization</Value>
2517
</TrafficHeader>
2518
<TrafficHeader>
2519
<Value>X-XSRF-TOKEN</Value>
2520
</TrafficHeader>
2521
<TrafficHeader>
2522
<Value>X-CSRF-Token</Value>
2523
</TrafficHeader>
2524
</TrafficHeaderList>
2525
</HTTPHeadersConfig>
2526
<ManualCrawlingConfig>
2527
</ManualCrawlingConfig>
2528
<ParameterTrainingConfig>
2529
<FormPopulation>Smart</FormPopulation>
2530
<TrainingParameterList>
2531
<TrainingParameter>
2532
<PatternName>Username</PatternName>
2533
<Types>text,textarea</Types>
2534
<Language>en</Language>
2535
<Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match>
2536
<Value>%RANDALPHANUM%</Value>
2537
<ValueMatch></ValueMatch>
2538
<MatchCriteria>Regex</MatchCriteria>
2539
</TrainingParameter>
2540
<TrainingParameter>
2541
<PatternName>Password</PatternName>
2542
<Types>password</Types>
2543
<Language>en</Language>
2544
<Match>password|passwd|pw|pwd</Match>
2545
<Value>%RANDALPHANUM%$</Value>
2546
<ValueMatch></ValueMatch>
2547
<MatchCriteria>Regex</MatchCriteria>
2548
</TrainingParameter>
2549
<TrainingParameter>
2550
<PatternName>Social Security Number</PatternName>
2551
<Types>text,textarea,password</Types>
2552
<Language>en</Language>
2553
<Match>SSN|social|security</Match>
2554
<Value>987-65-4320</Value>
2555
<ValueMatch></ValueMatch>
2556
<MatchCriteria>Regex</MatchCriteria>
2557
</TrainingParameter>
2558
<TrainingParameter>
2559
<PatternName>Address</PatternName>
2560
<Types>text,textarea</Types>
2561
<Language>en</Language>
2562
<Match>income</Match>
2563
<Value>100000</Value>
2564
<ValueMatch></ValueMatch>
2565
<MatchCriteria>Regex</MatchCriteria>
2566
</TrainingParameter>
2567
<TrainingParameter>
2568
<PatternName>Address</PatternName>
2569
<Types>text,textarea</Types>
2570
<Language>en</Language>
2571
<Match>address|street</Match>
2572
<Value>600 Fairy Land Drive</Value>
2573
<ValueMatch></ValueMatch>
2574
<MatchCriteria>Regex</MatchCriteria>
2575
</TrainingParameter>
2576
<TrainingParameter>
2577
<PatternName>Apartment number</PatternName>
2578
<Types>text,textarea</Types>
2579
<Language>en</Language>
2580
<Match>address|apartment|house</Match>
2581
<Value>123</Value>
2582
<ValueMatch></ValueMatch>
2583
<MatchCriteria>Regex</MatchCriteria>
2584
</TrainingParameter>
2585
<TrainingParameter>
2586
<PatternName>First name</PatternName>
2587
<Types>text,textarea</Types>
2588
<Language>en</Language>
2589
<Match>name</Match>
2590
<Value>John</Value>
2591
<ValueMatch></ValueMatch>
2592
<MatchCriteria>Regex</MatchCriteria>
2593
</TrainingParameter>
2594
<TrainingParameter>
2595
<PatternName>Last name</PatternName>
2596
<Types>text,textarea</Types>
2597
<Language>en</Language>
2598
<Match>last[:space:]*name|surname</Match>
2599
<Value>Johnson</Value>
2600
<ValueMatch></ValueMatch>
2601
<MatchCriteria>Regex</MatchCriteria>
2602
</TrainingParameter>
2603
<TrainingParameter>
2604
<PatternName>Full name</PatternName>
2605
<Types>text,textarea</Types>
2606
<Language>en</Language>
2607
<Match>(your|full)[:space:]+name|name</Match>
2608
<Value>John Johnson</Value>
2609
<ValueMatch></ValueMatch>
2610
<MatchCriteria>Regex</MatchCriteria>
2611
</TrainingParameter>
2612
<TrainingParameter>
2613
<PatternName>User Signature</PatternName>
2614
<Types>text,textarea</Types>
2615
<Language>en</Language>
2616
<Match>signature</Match>
2617
<Value>John Johnson</Value>
2618
<ValueMatch></ValueMatch>
2619
<MatchCriteria>Regex</MatchCriteria>
2620
</TrainingParameter>
2621
<TrainingParameter>
2622
<PatternName>Middle name</PatternName>
2623
<Types>text,textarea</Types>
2624
<Language>en</Language>
2625
<Match>middle[:space:]+name</Match>
2626
<Value>L</Value>
2627
<ValueMatch></ValueMatch>
2628
<MatchCriteria>Regex</MatchCriteria>
2629
</TrainingParameter>
2630
<TrainingParameter>
2631
<PatternName>City</PatternName>
2632
<Types>text,textarea</Types>
2633
<Language>en</Language>
2634
<Match>city|town</Match>
2635
<Value>Costa Mesa</Value>
2636
<ValueMatch></ValueMatch>
2637
<MatchCriteria>Regex</MatchCriteria>
2638
</TrainingParameter>
2639
<TrainingParameter>
2640
<PatternName>County</PatternName>
2641
<Types>text,textarea</Types>
2642
<Language>en</Language>
2643
<Match>county</Match>
2644
<Value>Orange</Value>
2645
<ValueMatch></ValueMatch>
2646
<MatchCriteria>Regex</MatchCriteria>
2647
</TrainingParameter>
2648
<TrainingParameter>
2649
<PatternName>State</PatternName>
2650
<Types>text,textarea</Types>
2651
<Language>en</Language>
2652
<Match>state</Match>
2653
<Value>CA</Value>
2654
<ValueMatch></ValueMatch>
2655
<MatchCriteria>Regex</MatchCriteria>
2656
</TrainingParameter>
2657
<TrainingParameter>
2658
<PatternName>Zip code</PatternName>
2659
<Types>text,textarea</Types>
2660
<Language>en</Language>
2661
<Match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</Match>
2662
<Value>92626</Value>
2663
<ValueMatch></ValueMatch>
2664
<MatchCriteria>Regex</MatchCriteria>
2665
</TrainingParameter>
2666
<TrainingParameter>
2667
<PatternName>Country</PatternName>
2668
<Types>text,textarea,select</Types>
2669
<Language>en</Language>
2670
<Match>united[:space:]*states|country</Match>
2671
<Value>US</Value>
2672
<ValueMatch>us</ValueMatch>
2673
<MatchCriteria>Regex</MatchCriteria>
2674
</TrainingParameter>
2675
<TrainingParameter>
2676
<PatternName>Phone number</PatternName>
2677
<Types>text,textarea</Types>
2678
<Language>en</Language>
2679
<Match>tele[:space:]*phone|fax|phone</Match>
2680
<Value>123-456-7890</Value>
2681
<ValueMatch></ValueMatch>
2682
<MatchCriteria>Regex</MatchCriteria>
2683
</TrainingParameter>
2684
<TrainingParameter>
2685
<PatternName>Phone area code</PatternName>
2686
<Types>text,textarea</Types>
2687
<Language>en</Language>
2688
<Match>area[:space:]+code</Match>
2689
<Value>123</Value>
2690
<ValueMatch></ValueMatch>
2691
<MatchCriteria>Regex</MatchCriteria>
2692
</TrainingParameter>
2693
<TrainingParameter>
2694
<PatternName>Company name</PatternName>
2695
<Types>text,textarea</Types>
2696
<Language>en</Language>
2697
<Match>company|employer|organization</Match>
2698
<Value>Example</Value>
2699
<ValueMatch></ValueMatch>
2700
<MatchCriteria>Regex</MatchCriteria>
2701
</TrainingParameter>
2702
<TrainingParameter>
2703
<PatternName>Email</PatternName>
2704
<Types>text,textarea</Types>
2705
<Language>en</Language>
2706
<Match>e[-_]?mail([-_]?address)?</Match>
2707
<Value>a%RANDALPHANUM%@example.com</Value>
2708
<ValueMatch></ValueMatch>
2709
<MatchCriteria>Regex</MatchCriteria>
2710
</TrainingParameter>
2711
<TrainingParameter>
2712
<PatternName>Birthday</PatternName>
2713
<Types>text,textarea</Types>
2714
<Language>en</Language>
2715
<Match>birth[:space:]day|birth</Match>
2716
<Value>12/25/1975</Value>
2717
<ValueMatch></ValueMatch>
2718
<MatchCriteria>Regex</MatchCriteria>
2719
</TrainingParameter>
2720
<TrainingParameter>
2721
<PatternName>Day</PatternName>
2722
<Types>text,textarea,select</Types>
2723
<Language>en</Language>
2724
<Match>dd|day</Match>
2725
<Value>25</Value>
2726
<ValueMatch>25</ValueMatch>
2727
<MatchCriteria>Regex</MatchCriteria>
2728
</TrainingParameter>
2729
<TrainingParameter>
2730
<PatternName>Month</PatternName>
2731
<Types>text,textarea,select</Types>
2732
<Language>en</Language>
2733
<Match>mm|month</Match>
2734
<Value>12</Value>
2735
<ValueMatch>12|dec|d</ValueMatch>
2736
<MatchCriteria>Regex</MatchCriteria>
2737
</TrainingParameter>
2738
<TrainingParameter>
2739
<PatternName>FutureYear</PatternName>
2740
<Types>text,textarea,select</Types>
2741
<Language>en</Language>
2742
<Match>2015|2016|2017</Match>
2743
<Value>2016</Value>
2744
<ValueMatch>2015|2016|2017</ValueMatch>
2745
<MatchCriteria>Regex</MatchCriteria>
2746
</TrainingParameter>
2747
<TrainingParameter>
2748
<PatternName>BirthYear</PatternName>
2749
<Types>text,textarea,select</Types>
2750
<Language>en</Language>
2751
<Match>yyyy|year|1975|1970|1960|1950</Match>
2752
<Value></Value>
2753
<ValueMatch>1975|1970|1960|1950</ValueMatch>
2754
<MatchCriteria>Regex</MatchCriteria>
2755
</TrainingParameter>
2756
<TrainingParameter>
2757
<PatternName>Past Date mm/dd/yyyy</PatternName>
2758
<Types>text,textarea</Types>
2759
<Language>en</Language>
2760
<Match>(start|from)[-\s_]*date</Match>
2761
<Value>02/02/2003</Value>
2762
<ValueMatch></ValueMatch>
2763
<MatchCriteria>Regex</MatchCriteria>
2764
</TrainingParameter>
2765
<TrainingParameter>
2766
<PatternName>Future Date mm/dd/yy</PatternName>
2767
<Types>text,textarea</Types>
2768
<Language>en</Language>
2769
<Match>mm/dd/yy</Match>
2770
<Value>02/02/15</Value>
2771
<ValueMatch></ValueMatch>
2772
<MatchCriteria>Regex</MatchCriteria>
2773
</TrainingParameter>
2774
<TrainingParameter>
2775
<PatternName>Future Date mm/dd/yyyy</PatternName>
2776
<Types>text,textarea</Types>
2777
<Language>en</Language>
2778
<Match>mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\s_]*date</Match>
2779
<Value>02/02/2015</Value>
2780
<ValueMatch></ValueMatch>
2781
<MatchCriteria>Regex</MatchCriteria>
2782
</TrainingParameter>
2783
<TrainingParameter>
2784
<PatternName>Old password</PatternName>
2785
<Types>password</Types>
2786
<Language>en</Language>
2787
<Match>old[:space:]+password</Match>
2788
<Value>%RANDALPHANUM%1'</Value>
2789
<ValueMatch></ValueMatch>
2790
<MatchCriteria>Regex</MatchCriteria>
2791
</TrainingParameter>
2792
<TrainingParameter>
2793
<PatternName>Accept terms</PatternName>
2794
<Types>checkbox,radio</Types>
2795
<Language>en</Language>
2796
<Match><![CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]></Match>
2797
<Value></Value>
2798
<ValueMatch>yes|1|on</ValueMatch>
2799
<MatchCriteria>Regex</MatchCriteria>
2800
</TrainingParameter>
2801
<TrainingParameter>
2802
<PatternName>Save login</PatternName>
2803
<Types>checkbox,radio,select</Types>
2804
<Language>en</Language>
2805
<Match>save|remember</Match>
2806
<Value></Value>
2807
<ValueMatch>yes|1|on</ValueMatch>
2808
<MatchCriteria>Regex</MatchCriteria>
2809
</TrainingParameter>
2810
<TrainingParameter>
2811
<PatternName>Remove item</PatternName>
2812
<Types>checkbox,radio</Types>
2813
<Language>en</Language>
2814
<Match>remove|delete</Match>
2815
<Value></Value>
2816
<ValueMatch></ValueMatch>
2817
<MatchCriteria>Regex</MatchCriteria>
2818
</TrainingParameter>
2819
<TrainingParameter>
2820
<PatternName>Search</PatternName>
2821
<Types>text,textarea</Types>
2822
<Language>en</Language>
2823
<Match>keyword|search|query</Match>
2824
<Value>water</Value>
2825
<ValueMatch></ValueMatch>
2826
<MatchCriteria>Regex</MatchCriteria>
2827
</TrainingParameter>
2828
<TrainingParameter>
2829
<PatternName>Quantity</PatternName>
2830
<Types>text,textarea,select</Types>
2831
<Language>en</Language>
2832
<Match>quantity|amount|number|qty|num</Match>
2833
<Value>3</Value>
2834
<ValueMatch></ValueMatch>
2835
<MatchCriteria>Regex</MatchCriteria>
2836
</TrainingParameter>
2837
<TrainingParameter>
2838
<PatternName>Number</PatternName>
2839
<Types>text,textarea</Types>
2840
<Language>en</Language>
2841
<Match>number|count|nmr|cnt|rate|decimal|digit</Match>
2842
<Value>21</Value>
2843
<ValueMatch></ValueMatch>
2844
<MatchCriteria>Regex</MatchCriteria>
2845
</TrainingParameter>
2846
<TrainingParameter>
2847
<PatternName>Account Number</PatternName>
2848
<Types>text,textarea,select,radio,checkbox</Types>
2849
<Language>en</Language>
2850
<Match>account</Match>
2851
<Value>20</Value>
2852
<ValueMatch></ValueMatch>
2853
<MatchCriteria>Regex</MatchCriteria>
2854
</TrainingParameter>
2855
<TrainingParameter>
2856
<PatternName>Shipping method</PatternName>
2857
<Types>select,radio,checkbox</Types>
2858
<Language>en</Language>
2859
<Match>shipping|fedex|standard|ups</Match>
2860
<Value></Value>
2861
<ValueMatch>fedex|standard|ups</ValueMatch>
2862
<MatchCriteria>Regex</MatchCriteria>
2863
</TrainingParameter>
2864
<TrainingParameter>
2865
<PatternName>Gift</PatternName>
2866
<Types>checkbox</Types>
2867
<Language>en</Language>
2868
<Match>gift</Match>
2869
<Value></Value>
2870
<ValueMatch>yes|1|on</ValueMatch>
2871
<MatchCriteria>Regex</MatchCriteria>
2872
</TrainingParameter>
2873
<TrainingParameter>
2874
<PatternName>Credit card number</PatternName>
2875
<Types>text,textarea,password</Types>
2876
<Language>en</Language>
2877
<Match>credit[:space:]*card|card[:space:]*number</Match>
2878
<Value>5105105105105100</Value>
2879
<ValueMatch></ValueMatch>
2880
<MatchCriteria>Regex</MatchCriteria>
2881
</TrainingParameter>
2882
<TrainingParameter>
2883
<PatternName>Credit card type</PatternName>
2884
<Types>select,checkbox,radio</Types>
2885
<Language>en</Language>
2886
<Match>master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex</Match>
2887
<Value></Value>
2888
<ValueMatch></ValueMatch>
2889
<MatchCriteria>Regex</MatchCriteria>
2890
</TrainingParameter>
2891
<TrainingParameter>
2892
<PatternName>Credit card security code</PatternName>
2893
<Types>text,textarea,password</Types>
2894
<Language>en</Language>
2895
<Match>security[:space:]*code|verification[:space:]*number</Match>
2896
<Value>123</Value>
2897
<ValueMatch></ValueMatch>
2898
<MatchCriteria>Regex</MatchCriteria>
2899
</TrainingParameter>
2900
<TrainingParameter>
2901
<PatternName>PIN</PatternName>
2902
<Types>text,textarea,password</Types>
2903
<Language>en</Language>
2904
<Match>PIN</Match>
2905
<Value>1234</Value>
2906
<ValueMatch></ValueMatch>
2907
<MatchCriteria>Regex</MatchCriteria>
2908
</TrainingParameter>
2909
<TrainingParameter>
2910
<PatternName>CAPTCHA</PatternName>
2911
<Types>text,textarea</Types>
2912
<Language>en</Language>
2913
<Match>code[:space:]*shown|captcha</Match>
2914
<Value>%RANDALPHANUM%</Value>
2915
<ValueMatch></ValueMatch>
2916
<MatchCriteria>Regex</MatchCriteria>
2917
</TrainingParameter>
2918
<TrainingParameter>
2919
<PatternName>Size</PatternName>
2920
<Types>select</Types>
2921
<Language>en</Language>
2922
<Match>size|xxl</Match>
2923
<Value></Value>
2924
<ValueMatch>(\b(m|s|42)\b</ValueMatch>
2925
<MatchCriteria>Regex</MatchCriteria>
2926
</TrainingParameter>
2927
<TrainingParameter>
2928
<PatternName>Color</PatternName>
2929
<Types>select</Types>
2930
<Language>en</Language>
2931
<Match>\b(color|red|black)\b</Match>
2932
<Value>Blue</Value>
2933
<ValueMatch>\b(blue|red|black)\b</ValueMatch>
2934
<MatchCriteria>Regex</MatchCriteria>
2935
</TrainingParameter>
2936
<TrainingParameter>
2937
<PatternName>Price</PatternName>
2938
<Types>text,textare</Types>
2939
<Language>en</Language>
2940
<Match>price</Match>
2941
<Value>20</Value>
2942
<ValueMatch></ValueMatch>
2943
<MatchCriteria>Regex</MatchCriteria>
2944
</TrainingParameter>
2945
<TrainingParameter>
2946
<PatternName>Attention</PatternName>
2947
<Types>text,textare</Types>
2948
<Language>en</Language>
2949
<Match>attention</Match>
2950
<Value>John</Value>
2951
<ValueMatch></ValueMatch>
2952
<MatchCriteria>Regex</MatchCriteria>
2953
</TrainingParameter>
2954
<TrainingParameter>
2955
<PatternName>Gender</PatternName>
2956
<Types>select,radio</Types>
2957
<Language>en</Language>
2958
<Match>gender|male|female</Match>
2959
<Value>male</Value>
2960
<ValueMatch>\b(male|m|f)\b</ValueMatch>
2961
<MatchCriteria>Regex</MatchCriteria>
2962
</TrainingParameter>
2963
<TrainingParameter>
2964
<PatternName>Legal age</PatternName>
2965
<Types>checkbox,radio</Types>
2966
<Language>en</Language>
2967
<Match>legal|\d\d[:space:]*years[:space:]*old</Match>
2968
<Value>yes</Value>
2969
<ValueMatch>\b(on|1|yes)\b</ValueMatch>
2970
<MatchCriteria>Regex</MatchCriteria>
2971
</TrainingParameter>
2972
<TrainingParameter>
2973
<PatternName>Coupon code</PatternName>
2974
<Types>text,textarea</Types>
2975
<Language>en</Language>
2976
<Match>promotion|coupon</Match>
2977
<Value>%RANDALPHANUM%</Value>
2978
<ValueMatch></ValueMatch>
2979
<MatchCriteria>Regex</MatchCriteria>
2980
</TrainingParameter>
2981
<TrainingParameter>
2982
<PatternName>Send message</PatternName>
2983
<Types>text,textarea</Types>
2984
<Language>en</Language>
2985
<Match>message|comment|complain|enquiry|review</Match>
2986
<Value>comment</Value>
2987
<ValueMatch></ValueMatch>
2988
<MatchCriteria>Regex</MatchCriteria>
2989
</TrainingParameter>
2990
<TrainingParameter>
2991
<PatternName>Existing user</PatternName>
2992
<Types>checkbox,radio</Types>
2993
<Language>en</Language>
2994
<Match>returning|existing|customer</Match>
2995
<Value></Value>
2996
<ValueMatch>\b(on|1|yes)\b</ValueMatch>
2997
<MatchCriteria>Regex</MatchCriteria>
2998
</TrainingParameter>
2999
<TrainingParameter>
3000
<PatternName>Age</PatternName>
3001
<Types>text,textarea</Types>
3002
<Language>en</Language>
3003
<Match>age|under|over</Match>
3004
<Value>40</Value>
3005
<ValueMatch></ValueMatch>
3006
<MatchCriteria>Regex</MatchCriteria>
3007
</TrainingParameter>
3008
<TrainingParameter>
3009
<PatternName>Passphrase Hint</PatternName>
3010
<Types>text,textarea</Types>
3011
<Language>en</Language>
3012
<Match>What make|pet's name|your father|high school|friend</Match>
3013
<Value>What make was your first car?</Value>
3014
<ValueMatch></ValueMatch>
3015
<MatchCriteria>Regex</MatchCriteria>
3016
</TrainingParameter>
3017
<TrainingParameter>
3018
<PatternName>Passphrase Hint Answer</PatternName>
3019
<Types>text,textarea</Types>
3020
<Language>en</Language>
3021
<Match>Answer</Match>
3022
<Value>Ford</Value>
3023
<ValueMatch></ValueMatch>
3024
<MatchCriteria>Regex</MatchCriteria>
3025
</TrainingParameter>
3026
<TrainingParameter>
3027
<PatternName>Doctor name</PatternName>
3028
<Types>text,textarea</Types>
3029
<Language>en</Language>
3030
<Match>doctor</Match>
3031
<Value>John Johnson</Value>
3032
<ValueMatch></ValueMatch>
3033
<MatchCriteria>Regex</MatchCriteria>
3034
</TrainingParameter>
3035
<TrainingParameter>
3036
<PatternName>Website</PatternName>
3037
<Types>text,textarea</Types>
3038
<Language>en</Language>
3039
<Match>website</Match>
3040
<Value>www.example.com</Value>
3041
<ValueMatch></ValueMatch>
3042
<MatchCriteria>Regex</MatchCriteria>
3043
</TrainingParameter>
3044
<TrainingParameter>
3045
<PatternName>Address</PatternName>
3046
<Types>text,textarea</Types>
3047
<Language>de</Language>
3048
<Match>adresse|strasse</Match>
3049
<Value>600 Fairy Land Drive</Value>
3050
<ValueMatch></ValueMatch>
3051
<MatchCriteria>Regex</MatchCriteria>
3052
</TrainingParameter>
3053
<TrainingParameter>
3054
<PatternName>Apartment number</PatternName>
3055
<Types>text,textarea</Types>
3056
<Language>de</Language>
3057
<Match>adresse|wohnung|haus</Match>
3058
<Value>123</Value>
3059
<ValueMatch></ValueMatch>
3060
<MatchCriteria>Regex</MatchCriteria>
3061
</TrainingParameter>
3062
<TrainingParameter>
3063
<PatternName>First name</PatternName>
3064
<Types>text,textarea</Types>
3065
<Language>de</Language>
3066
<Match>name</Match>
3067
<Value>John</Value>
3068
<ValueMatch></ValueMatch>
3069
<MatchCriteria>Regex</MatchCriteria>
3070
</TrainingParameter>
3071
<TrainingParameter>
3072
<PatternName>Last name</PatternName>
3073
<Types>text,textarea</Types>
3074
<Language>de</Language>
3075
<Match>vorname|name</Match>
3076
<Value>Johnson</Value>
3077
<ValueMatch></ValueMatch>
3078
<MatchCriteria>Regex</MatchCriteria>
3079
</TrainingParameter>
3080
<TrainingParameter>
3081
<PatternName>Full name</PatternName>
3082
<Types>text,textarea</Types>
3083
<Language>de</Language>
3084
<Match>ihren namen|name</Match>
3085
<Value>John Johnson</Value>
3086
<ValueMatch></ValueMatch>
3087
<MatchCriteria>Regex</MatchCriteria>
3088
</TrainingParameter>
3089
<TrainingParameter>
3090
<PatternName>User Signature</PatternName>
3091
<Types>text,textarea</Types>
3092
<Language>de</Language>
3093
<Match>unterschrift</Match>
3094
<Value>John Johnson</Value>
3095
<ValueMatch></ValueMatch>
3096
<MatchCriteria>Regex</MatchCriteria>
3097
</TrainingParameter>
3098
<TrainingParameter>
3099
<PatternName>City</PatternName>
3100
<Types>text,textarea</Types>
3101
<Language>de</Language>
3102
<Match>stadt|stadt</Match>
3103
<Value>Berlin</Value>
3104
<ValueMatch></ValueMatch>
3105
<MatchCriteria>Regex</MatchCriteria>
3106
</TrainingParameter>
3107
<TrainingParameter>
3108
<PatternName>Regierungsbezirke</PatternName>
3109
<Types>text,textarea</Types>
3110
<Language>de</Language>
3111
<Match>regierungsbezirke</Match>
3112
<Value>Berlin</Value>
3113
<ValueMatch></ValueMatch>
3114
<MatchCriteria>Regex</MatchCriteria>
3115
</TrainingParameter>
3116
<TrainingParameter>
3117
<PatternName>Zip code</PatternName>
3118
<Types>text,textarea</Types>
3119
<Language>de</Language>
3120
<Match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</Match>
3121
<Value>10115</Value>
3122
<ValueMatch></ValueMatch>
3123
<MatchCriteria>Regex</MatchCriteria>
3124
</TrainingParameter>
3125
<TrainingParameter>
3126
<PatternName>Country</PatternName>
3127
<Types>text,textarea</Types>
3128
<Language>de</Language>
3129
<Match>\b(deutschland|land)\b</Match>
3130
<Value>DE</Value>
3131
<ValueMatch>\bDE\b</ValueMatch>
3132
<MatchCriteria>Regex</MatchCriteria>
3133
</TrainingParameter>
3134
<TrainingParameter>
3135
<PatternName>Phone number</PatternName>
3136
<Types>text,textarea</Types>
3137
<Language>de</Language>
3138
<Match>telefon|telefon|fax</Match>
3139
<Value>(1234) 567890</Value>
3140
<ValueMatch></ValueMatch>
3141
<MatchCriteria>Regex</MatchCriteria>
3142
</TrainingParameter>
3143
<TrainingParameter>
3144
<PatternName>Phone area code</PatternName>
3145
<Types>text,textarea</Types>
3146
<Language>de</Language>
3147
<Match>vorwahl</Match>
3148
<Value>123</Value>
3149
<ValueMatch></ValueMatch>
3150
<MatchCriteria>Regex</MatchCriteria>
3151
</TrainingParameter>
3152
<TrainingParameter>
3153
<PatternName>Company name</PatternName>
3154
<Types>text,textarea</Types>
3155
<Language>de</Language>
3156
<Match>unternehmen|arbeitgeber|organisation</Match>
3157
<Value>Example</Value>
3158
<ValueMatch></ValueMatch>
3159
<MatchCriteria>Regex</MatchCriteria>
3160
</TrainingParameter>
3161
<TrainingParameter>
3162
<PatternName>Email</PatternName>
3163
<Types>text,textarea</Types>
3164
<Language>de</Language>
3165
<Match>E[-_]Mailadresse|email|E[-_]Mail</Match>
3166
<Value>a%RANDALPHANUM%@example.com</Value>
3167
<ValueMatch></ValueMatch>
3168
<MatchCriteria>Regex</MatchCriteria>
3169
</TrainingParameter>
3170
<TrainingParameter>
3171
<PatternName>Birthday</PatternName>
3172
<Types>text,textarea</Types>
3173
<Language>de</Language>
3174
<Match>geburtstag|geburt</Match>
3175
<Value>12/25/1975</Value>
3176
<ValueMatch></ValueMatch>
3177
<MatchCriteria>Regex</MatchCriteria>
3178
</TrainingParameter>
3179
<TrainingParameter>
3180
<PatternName>Day</PatternName>
3181
<Types>text,textarea</Types>
3182
<Language>de</Language>
3183
<Match>tag</Match>
3184
<Value>25</Value>
3185
<ValueMatch></ValueMatch>
3186
<MatchCriteria>Regex</MatchCriteria>
3187
</TrainingParameter>
3188
<TrainingParameter>
3189
<PatternName>Month</PatternName>
3190
<Types>text,textarea</Types>
3191
<Language>de</Language>
3192
<Match>monat</Match>
3193
<Value>12</Value>
3194
<ValueMatch></ValueMatch>
3195
<MatchCriteria>Regex</MatchCriteria>
3196
</TrainingParameter>
3197
<TrainingParameter>
3198
<PatternName>Year</PatternName>
3199
<Types>text,textarea</Types>
3200
<Language>de</Language>
3201
<Match>Jahr</Match>
3202
<Value>2007</Value>
3203
<ValueMatch></ValueMatch>
3204
<MatchCriteria>Regex</MatchCriteria>
3205
</TrainingParameter>
3206
<TrainingParameter>
3207
<PatternName>BirthYear</PatternName>
3208
<Types>text,textarea</Types>
3209
<Language>de</Language>
3210
<Match>Jahr|1975|1970|1960|1950</Match>
3211
<Value>1975</Value>
3212
<ValueMatch></ValueMatch>
3213
<MatchCriteria>Regex</MatchCriteria>
3214
</TrainingParameter>
3215
<TrainingParameter>
3216
<PatternName>Past Date mm/dd/yy</PatternName>
3217
<Types>text,textarea</Types>
3218
<Language>de</Language>
3219
<Match>Datum|d.m.yyyy|dd.mm.yyyy</Match>
3220
<Value>02.02.03</Value>
3221
<ValueMatch></ValueMatch>
3222
<MatchCriteria>Regex</MatchCriteria>
3223
</TrainingParameter>
3224
<TrainingParameter>
3225
<PatternName>Past Date mm/dd/yyyy</PatternName>
3226
<Types>text,textarea</Types>
3227
<Language>de</Language>
3228
<Match>Datum|mm/dd/yyyy</Match>
3229
<Value>02/02/2003</Value>
3230
<ValueMatch></ValueMatch>
3231
<MatchCriteria>Regex</MatchCriteria>
3232
</TrainingParameter>
3233
<TrainingParameter>
3234
<PatternName>Future Date mm/dd/yy</PatternName>
3235
<Types>text,textarea</Types>
3236
<Language>de</Language>
3237
<Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==</Match>
3238
<Value>02/02/11</Value>
3239
<ValueMatch></ValueMatch>
3240
<MatchCriteria>Regex</MatchCriteria>
3241
</TrainingParameter>
3242
<TrainingParameter>
3243
<PatternName>Future Date mm/dd/yyyy</PatternName>
3244
<Types>text,textarea</Types>
3245
<Language>de</Language>
3246
<Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5</Match>
3247
<Value>02/02/2011</Value>
3248
<ValueMatch></ValueMatch>
3249
<MatchCriteria>Regex</MatchCriteria>
3250
</TrainingParameter>
3251
<TrainingParameter>
3252
<PatternName>Username</PatternName>
3253
<Types>text,textarea</Types>
3254
<Language>de</Language>
3255
<Match>Benutzername|Mitgliedsnamen|Benutzer</Match>
3256
<Value>%RANDALPHANUM%</Value>
3257
<ValueMatch></ValueMatch>
3258
<MatchCriteria>Regex</MatchCriteria>
3259
</TrainingParameter>
3260
<TrainingParameter>
3261
<PatternName>Password</PatternName>
3262
<Types>password</Types>
3263
<Language>de</Language>
3264
<Match>password|passwort|passwd</Match>
3265
<Value>%RANDALPHANUM%1'</Value>
3266
<ValueMatch></ValueMatch>
3267
<MatchCriteria>Regex</MatchCriteria>
3268
</TrainingParameter>
3269
<TrainingParameter>
3270
<PatternName>Old password</PatternName>
3271
<Types>password</Types>
3272
<Language>de</Language>
3273
<Match>alte[:space:]passwort</Match>
3274
<Value>%RANDALPHANUM%1'</Value>
3275
<ValueMatch></ValueMatch>
3276
<MatchCriteria>Regex</MatchCriteria>
3277
</TrainingParameter>
3278
<TrainingParameter>
3279
<PatternName>Accept terms</PatternName>
3280
<Types>checkbox,radio</Types>
3281
<Language>de</Language>
3282
<Match>Ich habe gelesen und akzeptiere|Ich habe gelesen und akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</Match>
3283
<Value></Value>
3284
<ValueMatch></ValueMatch>
3285
<MatchCriteria>Regex</MatchCriteria>
3286
</TrainingParameter>
3287
<TrainingParameter>
3288
<PatternName>Remove item</PatternName>
3289
<Types>checkbox,radio</Types>
3290
<Language>de</Language>
3291
<Match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</Match>
3292
<Value></Value>
3293
<ValueMatch></ValueMatch>
3294
<MatchCriteria>Regex</MatchCriteria>
3295
</TrainingParameter>
3296
<TrainingParameter>
3297
<PatternName>Search</PatternName>
3298
<Types>text,textarea</Types>
3299
<Language>de</Language>
3300
<Match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</Match>
3301
<Value>water</Value>
3302
<ValueMatch></ValueMatch>
3303
<MatchCriteria>Regex</MatchCriteria>
3304
</TrainingParameter>
3305
<TrainingParameter>
3306
<PatternName>Quantity</PatternName>
3307
<Types>text,textarea</Types>
3308
<Language>de</Language>
3309
<Match>qty|Menge|Betrag|Anzahl</Match>
3310
<Value>3</Value>
3311
<ValueMatch></ValueMatch>
3312
<MatchCriteria>Regex</MatchCriteria>
3313
</TrainingParameter>
3314
<TrainingParameter>
3315
<PatternName>Number</PatternName>
3316
<Types>text,textarea</Types>
3317
<Language>de</Language>
3318
<Match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</Match>
3319
<Value>21</Value>
3320
<ValueMatch></ValueMatch>
3321
<MatchCriteria>Regex</MatchCriteria>
3322
</TrainingParameter>
3323
<TrainingParameter>
3324
<PatternName>Account Number</PatternName>
3325
<Types>text,textarea</Types>
3326
<Language>de</Language>
3327
<Match>Konto</Match>
3328
<Value>3456</Value>
3329
<ValueMatch></ValueMatch>
3330
<MatchCriteria>Regex</MatchCriteria>
3331
</TrainingParameter>
3332
<TrainingParameter>
3333
<PatternName>Shipping method</PatternName>
3334
<Types>select</Types>
3335
<Language>de</Language>
3336
<Match>Versand</Match>
3337
<Value></Value>
3338
<ValueMatch></ValueMatch>
3339
<MatchCriteria>Regex</MatchCriteria>
3340
</TrainingParameter>
3341
<TrainingParameter>
3342
<PatternName>Gift</PatternName>
3343
<Types>text,textarea</Types>
3344
<Language>de</Language>
3345
<Match>Geschenk</Match>
3346
<Value></Value>
3347
<ValueMatch></ValueMatch>
3348
<MatchCriteria>Regex</MatchCriteria>
3349
</TrainingParameter>
3350
<TrainingParameter>
3351
<PatternName>Credit card number</PatternName>
3352
<Types>text,textarea</Types>
3353
<Language>de</Language>
3354
<Match>Kreditkarte|Kredit|Kartennummer</Match>
3355
<Value>5105105105105100</Value>
3356
<ValueMatch></ValueMatch>
3357
<MatchCriteria>Regex</MatchCriteria>
3358
</TrainingParameter>
3359
<TrainingParameter>
3360
<PatternName>Credit card type</PatternName>
3361
<Types>text,textarea</Types>
3362
<Language>de</Language>
3363
<Match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</Match>
3364
<Value></Value>
3365
<ValueMatch>Master</ValueMatch>
3366
<MatchCriteria>Regex</MatchCriteria>
3367
</TrainingParameter>
3368
<TrainingParameter>