Advanced Scan Configuration

There are several ways to create or edit a Scan Configuration.

In this article we will go over accessing the advanced options within AppSpider and using the Scan configuration file.

Advanced options settings

The panel allows you to configure the advanced options. You may sort the settings by name, value, or description.

This panel contains the same information located in the Scan configuration XML file.

Scan configuration XML file

You can edit an existing scan configuration file or provide a new custom file.

AppSpider Scan Configuration File

File structure

The Scan Configuration file is an XML file and has a hierarchical structure. The top-level data structure in the file is ScanConfig. Everything else in the file resides below ScanConfig in the hierarchy.

There are 3 types of elements in the Scan configuration file:

  • Scalar - Options that have a single value. For example, ScanName.
  • Composite Object - An object that can contain other heterogeneous elements such as Scalars, Composite Objects and Lists. For example, the top-level object in the Scan Configuration file, the ScanConfig object is a Composite Object.
  • List - Options that can have a list of values. Lists cannot contain other Lists directly.

Scalar types

Scalar values in the Scan configuration file can be of 1 of the following types:

  • String - A String type.
  • LargeString - A String type optimized for large strings
  • UniqueString - A string type optimized for string that most likely be repeated multiple times.
  • LargeUniqueString - A string type optimized for large strings that a likely to be repeated multiple times.
  • LargeCompressedString - A string type that store strings in compressed form.
  • ByteNumber - A one-byte number
  • WordNumber - A two-byte number
  • Number - A four-byte number
  • LargeNumber - An eight-byte number
  • Enumeration - A data type consisted on named predefined values.
  • Float - A four-byte floating point number
  • Double - An eight-byte floating point number
  • Boolean - A boolean type. Boolean is not an enumerated type; it is stored as a Number with values either 0 or 1.
    • 1 = TRUE
    • 0 = FALSE
  • Date - Store Date data. It is stored in the format YYYY-MM-DD HH:MM:SS
  • Duration - Store time duration data. It is stored in the format [DD Day[s]] HH:MM::SS, where DD is the number of days, and square brackets show optional elements.

Enumerated types

Many Scalar elements in the Scan configuration file have Enumeration types. Enumeration type is stored as an integer but allows a user to reference integer values by their symbolic name. An enumerated type value can be set using either its numeric or symbolic form. For example, the following 2 lines from Scan configuration file are equivalent because 'High' is enumerated value defines as '4'.

xml
1
<Severity>High</Severity>
2
<Severity>4</Severity>

Bitmasks

Some Enumerated Types can be BitMasks, where the value of an element is defined by several bits. Enumerated values of BitMasks are defined so they do not have same bit set and can be used in a bitwise-OR operation to produce the final value. Multiple bits that are set in the bitmask are separated with character '|' for example:

xml
1
<AttackPoints>Directory|File|Parameter</AttackPoints>

For Enumerated Types, the values of the Bitmasks can be set using either numeric or symbolic form. The following 2 lines below are equivalent because value Parameter is defined as 16.

xml
1
<AttackPoints>Directory|File|Parameter</AttackPoints>
2
<AttackPoints>Directory|File|16</AttackPoints>

Default values

When a new Scan configuration file is created all Scalar Elements are assigned their default values. Default values are configured so that they produce best results for majority of web sites. Even if an element is not present in the Scan configuration file AppSpider will use the default value of the element.

Scan configuration schema changes

AppSpider development is an ongoing process. Developers frequently come across new types of web sites that require some special treatment and require new ways of configuring a scan execution. As a result, the number of parameters in the Scan configuration increases with every major release of AppSpider. To avoid any problems with Scan Configuration files created by the previous versions of AppSpider or by user's programs only new elements are added to the scan configuration files and all existing elements and their meaning are preserved.

XML file example

When you create or export a ScanConfig file it generated a file with the objects and fields.

To get more information on what is in each object see Scan Configuration Parameters.

XML File example
xml
1
<?xml version="1.0"?>
2
<scanconfig>
3
<name>webscantest</name>
4
<appversion>7.0</appversion>
5
<log>1</log>
6
<detailedlogging>0</detailedlogging>
7
<includetraffic>0</includetraffic>
8
<windowserrors>0</windowserrors>
9
<usesystemdsn>0</usesystemdsn>
10
<recrawl>0</recrawl>
11
<pauseonrecoverableerror>1</pauseonrecoverableerror>
12
<executecommandlineurl></executecommandlineurl>
13
<notifyscandoneurl></notifyscandoneurl>
14
<javascriptengine>Chrome</javascriptengine>
15
<maxdatabasesize>1073741824</maxdatabasesize>
16
<maxtrafficfiles>0</maxtrafficfiles>
17
<crawlconfig>
18
<maxdomain>100</maxdomain>
19
<maxcrawlresults>5000</maxcrawlresults>
20
<maxperwebsitecrawlresults>-1</maxperwebsitecrawlresults>
21
<maxperdircrawlresults>500</maxperdircrawlresults>
22
<maxperlinkcrawlresults>50</maxperlinkcrawlresults>
23
<maxpernormalizedlinkcrawlresult>100</maxpernormalizedlinkcrawlresult>
24
<maxperdirchildnodes>300</maxperdirchildnodes>
25
<maxblacklistextcrawlresults>100</maxblacklistextcrawlresults>
26
<maxattackfeedbacklinkscount>300</maxattackfeedbacklinkscount>
27
<maxperfilenamecrawlresults>250</maxperfilenamecrawlresults>
28
<maxperquerycrawlresults>400</maxperquerycrawlresults>
29
<recursiondepth>2</recursiondepth>
30
<maxdirdepth>15</maxdirdepth>
31
<discoverydepth>-1</discoverydepth>
32
<urlrepetitiontolerance>25</urlrepetitiontolerance>
33
<sequencerepetitiontolerance>5</sequencerepetitiontolerance>
34
<maxreportedimages>500</maxreportedimages>
35
<maxreportedlinks>2500</maxreportedlinks>
36
<maxreportedcomments>500</maxreportedcomments>
37
<maxreportedscripts>500</maxreportedscripts>
38
<maxreportedemails>500</maxreportedemails>
39
<maxreportedforms>500</maxreportedforms>
40
<maxbrowserpagewaittimeout>60000</maxbrowserpagewaittimeout>
41
<maxbrowserwaittillrequesttimeout>4000</maxbrowserwaittillrequesttimeout>
42
<maxbrowserdomdepth>4</maxbrowserdomdepth>
43
<maxbrowsereventsperlink>600</maxbrowsereventsperlink>
44
<maxbrowsereventspercrawlresult>400</maxbrowsereventspercrawlresult>
45
<maxbrowsereventsperdom>100</maxbrowsereventsperdom>
46
<maxbrowsernonewresourcedomcount>400</maxbrowsernonewresourcedomcount>
47
<notinsertedlinkcountthreshold>2</notinsertedlinkcountthreshold>
48
<maxcookiesfromjavascript>100</maxcookiesfromjavascript>
49
<maxcookiessamenamefromjavascript>10</maxcookiessamenamefromjavascript>
50
<maxdaysthresholdgoodtraffic>7</maxdaysthresholdgoodtraffic>
51
<crawlprioritization>Smart</crawlprioritization>
52
<filenotfoundregex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</filenotfoundregex>
53
<servererrorregex></servererrorregex>
54
<invalidurlregexattack><!--[CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]--></invalidurlregexattack>
55
<invalidurlregexcrawl><!--[CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]--></invalidurlregexcrawl>
56
<prioritylinksregex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</prioritylinksregex>
57
<lockcookies>0</lockcookies>
58
<casesensitivity>Case Sensitive</casesensitivity>
59
<uniqueurlsacrosswebsites>0</uniqueurlsacrosswebsites>
60
<savereferences>0</savereferences>
61
<usebrowser>1</usebrowser>
62
<showbrowser>0</showbrowser>
63
<stayonport>0</stayonport>
64
<restricttomacro>0</restricttomacro>
65
<restricttomanualcrawling>0</restricttomanualcrawling>
66
<restricttoseedlist>0</restricttoseedlist>
67
<restricttowebservice>0</restricttowebservice>
68
<restricttoselenium>0</restricttoselenium>
69
<restricttoswagger>0</restricttoswagger>
70
<importcookiesfromtraffic>0</importcookiesfromtraffic>
71
<pageequalthreshhold>0.95</pageequalthreshhold>
72
<pagesimilarthreshhold>0.8</pagesimilarthreshhold>
73
<experimentalcrawling>Disabled</experimentalcrawling>
74
<flash>1</flash>
75
<enableadvancedparsers>1</enableadvancedparsers>
76
<searchforurls>1</searchforurls>
77
<cookiecommaseparator>1</cookiecommaseparator>
78
<maxwebresourcesoverhead>1000</maxwebresourcesoverhead>
79
<blacklistcontactforms>0</blacklistcontactforms>
80
<frameworkscrawlconfig>
81
<enableframeworkscrawling>1</enableframeworkscrawling>
82
<frameworkconfiglist>
83
<frameworkconfig>
84
<name>ReactJS</name>
85
<defaultconfigversion>2</defaultconfigversion>
86
<enabled>1</enabled>
87
<head>1</head>
88
<detectionregex>createReactRootIndex</detectionregex>
89
<healthcheckstring>react</healthcheckstring>
90
<filename>fm.react.min.js</filename>
91
<getalleventsscript>window.fm.react.getAllEvents('appspider');</getalleventsscript>
92
<getalleventsdelay>0</getalleventsdelay>
93
<getversionstringscript></getversionstringscript>
94
</frameworkconfig>
95
<frameworkconfig>
96
<name>AngularJS</name>
97
<defaultconfigversion>1</defaultconfigversion>
98
<enabled>1</enabled>
99
<head>0</head>
100
<detectionregex>ng-controller</detectionregex>
101
<healthcheckstring>angular</healthcheckstring>
102
<filename>angular-hook-bundle.min.js</filename>
103
<getalleventsscript>NG_HOOK.getAllNgEvents();</getalleventsscript>
104
<getalleventsdelay>0</getalleventsdelay>
105
<getversionstringscript>NG_HOOK.getVersionString();</getversionstringscript>
106
</frameworkconfig>
107
<frameworkconfig>
108
<name>KnockoutJS</name>
109
<defaultconfigversion>1</defaultconfigversion>
110
<enabled>1</enabled>
111
<head>0</head>
112
<detectionregex>data-bind</detectionregex>
113
<healthcheckstring>ko</healthcheckstring>
114
<filename>ko-hook-bundle.min.js</filename>
115
<getalleventsscript>KO_HOOK.getAllKOEvents();</getalleventsscript>
116
<getalleventsdelay>5000</getalleventsdelay>
117
<getversionstringscript>KO_HOOK.getVersionString();</getversionstringscript>
118
</frameworkconfig>
119
<frameworkconfig>
120
<name>AngularLib</name>
121
<defaultconfigversion>2</defaultconfigversion>
122
<enabled>1</enabled>
123
<head>0</head>
124
<detectionregex>(?-i)angular(?!\w)</detectionregex>
125
<healthcheckstring></healthcheckstring>
126
<filename>angular-4-hook-bundle.min.js</filename>
127
<getalleventsscript>NG_HOOK_LIB.getAllAngularFmEvents();</getalleventsscript>
128
<getalleventsdelay>5000</getalleventsdelay>
129
<getversionstringscript>NG_HOOK_LIB.getVersionString();</getversionstringscript>
130
</frameworkconfig>
131
<frameworkconfig>
132
<name>ReactLib</name>
133
<defaultconfigversion>1</defaultconfigversion>
134
<enabled>1</enabled>
135
<head>0</head>
136
<detectionregex>react-text</detectionregex>
137
<healthcheckstring></healthcheckstring>
138
<filename>react-hook-bundle.min.js</filename>
139
<getalleventsscript>REACT_HOOK_LIB.getAllReactEvents();</getalleventsscript>
140
<getalleventsdelay>5000</getalleventsdelay>
141
<getversionstringscript>REACT_HOOK_LIB.getVersionString();</getversionstringscript>
142
</frameworkconfig>
143
<frameworkconfig>
144
<name>ReactTwo</name>
145
<defaultconfigversion>1</defaultconfigversion>
146
<enabled>1</enabled>
147
<head>0</head>
148
<detectionregex>(?-i)"react[.][a-df-z][a-z]+"</detectionregex>
149
<healthcheckstring></healthcheckstring>
150
<filename>react-hook-bundle.min.js</filename>
151
<getalleventsscript>REACT_HOOK_LIB.getAllReactTwoEvents();</getalleventsscript>
152
<getalleventsdelay>5000</getalleventsdelay>
153
<getversionstringscript>REACT_HOOK_LIB.getVersionString();</getversionstringscript>
154
</frameworkconfig>
155
<frameworkconfig>
156
<name>OpenUI5</name>
157
<defaultconfigversion>1</defaultconfigversion>
158
<enabled>1</enabled>
159
<head>0</head>
160
<detectionregex>(?-i)sap-ui-debug</detectionregex>
161
<healthcheckstring></healthcheckstring>
162
<filename>sap-open-ui5-hook-bundle.min.js</filename>
163
<getalleventsscript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</getalleventsscript>
164
<getalleventsdelay>5000</getalleventsdelay>
165
<getversionstringscript>OPEN_UI5_HOOK_LIB.getVersionString();</getversionstringscript>
166
</frameworkconfig>
167
<frameworkconfig>
168
<name>Vue</name>
169
<defaultconfigversion>1</defaultconfigversion>
170
<enabled>1</enabled>
171
<head>0</head>
172
<detectionregex>(?-i)__VUE_SSR_CONTEXT__</detectionregex>
173
<healthcheckstring></healthcheckstring>
174
<filename>vue-hook-bundle.min.js</filename>
175
<getalleventsscript>VUE_HOOK_LIB.getAllVueEvents();</getalleventsscript>
176
<getalleventsdelay>5000</getalleventsdelay>
177
<getversionstringscript>VUE_HOOK_LIB.getVersionString();</getversionstringscript>
178
</frameworkconfig>
179
<frameworkconfig>
180
<name>Ember</name>
181
<defaultconfigversion>1</defaultconfigversion>
182
<enabled>1</enabled>
183
<head>0</head>
184
<detectionregex>(?-i)EMBER_LOAD_HOOKS</detectionregex>
185
<healthcheckstring></healthcheckstring>
186
<filename>ember-hook-bundle.min.js</filename>
187
<getalleventsscript>EMBER_HOOK_LIB.getAllEmberEvents();</getalleventsscript>
188
<getalleventsdelay>5000</getalleventsdelay>
189
<getversionstringscript>EMBER_HOOK_LIB.getVersionString();</getversionstringscript>
190
</frameworkconfig>
191
<frameworkconfig>
192
<name>Backbone</name>
193
<defaultconfigversion>1</defaultconfigversion>
194
<enabled>1</enabled>
195
<head>0</head>
196
<detectionregex>(?-i)Backbone</detectionregex>
197
<healthcheckstring></healthcheckstring>
198
<filename>backbone-hook-bundle.min.js</filename>
199
<getalleventsscript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</getalleventsscript>
200
<getalleventsdelay>5000</getalleventsdelay>
201
<getversionstringscript>BACKBONE_HOOK_LIB.getVersionString();</getversionstringscript>
202
</frameworkconfig>
203
</frameworkconfiglist>
204
</frameworkscrawlconfig>
205
<seedurllist>
206
<seedurl>
207
<value>http://www.webscantest.com/</value>
208
</seedurl>
209
</seedurllist>
210
<scopeconstraintlist>
211
<scopeconstraint>
212
<url>http://www.webscantest.com/*</url>
213
<method>All</method>
214
<matchcriteria>Wildcard</matchcriteria>
215
<exclusion>Include</exclusion>
216
</scopeconstraint>
217
<scopeconstraint>
218
<url>http://*.www.webscantest.com/*</url>
219
<method>All</method>
220
<matchcriteria>Wildcard</matchcriteria>
221
<exclusion>Include</exclusion>
222
</scopeconstraint>
223
</scopeconstraintlist>
224
<blacklistextensionlist>
225
<blacklistextension>
226
<value>css</value>
227
</blacklistextension>
228
<blacklistextension>
229
<value>axd</value>
230
</blacklistextension>
231
</blacklistextensionlist>
232
<graylistextensionlist>
233
<graylistextension>
234
<value>pdf</value>
235
</graylistextension>
236
<graylistextension>
237
<value>doc</value>
238
</graylistextension>
239
<graylistextension>
240
<value>jpg</value>
241
</graylistextension>
242
<graylistextension>
243
<value>jpeg</value>
244
</graylistextension>
245
<graylistextension>
246
<value>gif</value>
247
</graylistextension>
248
<graylistextension>
249
<value>png</value>
250
</graylistextension>
251
<graylistextension>
252
<value>bmp</value>
253
</graylistextension>
254
<graylistextension>
255
<value>ico</value>
256
</graylistextension>
257
<graylistextension>
258
<value>js</value>
259
</graylistextension>
260
<graylistextension>
261
<value>tiff</value>
262
</graylistextension>
263
<graylistextension>
264
<value>eot</value>
265
</graylistextension>
266
<graylistextension>
267
<value>ttf</value>
268
</graylistextension>
269
<graylistextension>
270
<value>mid</value>
271
</graylistextension>
272
<graylistextension>
273
<value>midi</value>
274
</graylistextension>
275
<graylistextension>
276
<value>mp3</value>
277
</graylistextension>
278
<graylistextension>
279
<value>mpeg</value>
280
</graylistextension>
281
<graylistextension>
282
<value>wav</value>
283
</graylistextension>
284
<graylistextension>
285
<value>avi</value>
286
</graylistextension>
287
<graylistextension>
288
<value>woff</value>
289
</graylistextension>
290
<graylistextension>
291
<value>svg</value>
292
</graylistextension>
293
</graylistextensionlist>
294
<binaryextensionlist>
295
<binaryextension>
296
<value>fla</value>
297
</binaryextension>
298
<binaryextension>
299
<value>swf</value>
300
</binaryextension>
301
<binaryextension>
302
<value>pdf</value>
303
</binaryextension>
304
<binaryextension>
305
<value>doc</value>
306
</binaryextension>
307
<binaryextension>
308
<value>jpg</value>
309
</binaryextension>
310
<binaryextension>
311
<value>jpeg</value>
312
</binaryextension>
313
<binaryextension>
314
<value>gif</value>
315
</binaryextension>
316
<binaryextension>
317
<value>png</value>
318
</binaryextension>
319
<binaryextension>
320
<value>bmp</value>
321
</binaryextension>
322
<binaryextension>
323
<value>ico</value>
324
</binaryextension>
325
<binaryextension>
326
<value>dll</value>
327
</binaryextension>
328
<binaryextension>
329
<value>exe</value>
330
</binaryextension>
331
<binaryextension>
332
<value>eot</value>
333
</binaryextension>
334
<binaryextension>
335
<value>ttf</value>
336
</binaryextension>
337
<binaryextension>
338
<value>mp3</value>
339
</binaryextension>
340
<binaryextension>
341
<value>mp4</value>
342
</binaryextension>
343
<binaryextension>
344
<value>wav</value>
345
</binaryextension>
346
<binaryextension>
347
<value>woff</value>
348
</binaryextension>
349
<binaryextension>
350
<value>svg</value>
351
</binaryextension>
352
</binaryextensionlist>
353
<textextensionlist>
354
<textextension>
355
<value>txt</value>
356
</textextension>
357
<textextension>
358
<value>js</value>
359
</textextension>
360
<textextension>
361
<value>css</value>
362
</textextension>
363
<textextension>
364
<value>json</value>
365
</textextension>
366
</textextensionlist>
367
<binarycontenttypelist>
368
<binarycontenttype>
369
<value>audio/*</value>
370
</binarycontenttype>
371
<binarycontenttype>
372
<value>image/*</value>
373
</binarycontenttype>
374
<binarycontenttype>
375
<value>video/*</value>
376
</binarycontenttype>
377
<binarycontenttype>
378
<value>application/pdf</value>
379
</binarycontenttype>
380
<binarycontenttype>
381
<value>application/zip</value>
382
</binarycontenttype>
383
<binarycontenttype>
384
<value>application/x-rar-compressed</value>
385
</binarycontenttype>
386
<binarycontenttype>
387
<value>application/x-dvi</value>
388
</binarycontenttype>
389
<binarycontenttype>
390
<value>application/x-shockwave-flash</value>
391
</binarycontenttype>
392
<binarycontenttype>
393
<value>application/msword</value>
394
</binarycontenttype>
395
<binarycontenttype>
396
<value>application/ogg</value>
397
</binarycontenttype>
398
<binarycontenttype>
399
<value>application/x-tar</value>
400
</binarycontenttype>
401
<binarycontenttype>
402
<value>application/octet-stream</value>
403
</binarycontenttype>
404
</binarycontenttypelist>
405
<htmlcontenttypelist>
406
<htmlcontenttype>
407
<value>text/html</value>
408
</htmlcontenttype>
409
<htmlcontenttype>
410
<value>html/*</value>
411
</htmlcontenttype>
412
<htmlcontenttype>
413
<value>application/xhtml+xml</value>
414
</htmlcontenttype>
415
</htmlcontenttypelist>
416
<textcontenttypelist>
417
<textcontenttype>
418
<value>text/plain</value>
419
</textcontenttype>
420
<textcontenttype>
421
<value>text/csv</value>
422
</textcontenttype>
423
<textcontenttype>
424
<value>text/css</value>
425
</textcontenttype>
426
<textcontenttype>
427
<value>text/javascript</value>
428
</textcontenttype>
429
<textcontenttype>
430
<value>application/javascript</value>
431
</textcontenttype>
432
<textcontenttype>
433
<value>application/x-javascript</value>
434
</textcontenttype>
435
<textcontenttype>
436
<value>application/json</value>
437
</textcontenttype>
438
<textcontenttype>
439
<value>application/x-httpd-php-source</value>
440
</textcontenttype>
441
</textcontenttypelist>
442
<xmlcontenttypelist>
443
<xmlcontenttype>
444
<value>application/xml-dtd</value>
445
</xmlcontenttype>
446
<xmlcontenttype>
447
<value>text/xml</value>
448
</xmlcontenttype>
449
<xmlcontenttype>
450
<value>application/soap+xml</value>
451
</xmlcontenttype>
452
<xmlcontenttype>
453
<value>application/xml</value>
454
</xmlcontenttype>
455
</xmlcontenttypelist>
456
<browserdownloadwhitelistlist>
457
<browserdownloadwhitelist>
458
<value>*.css</value>
459
</browserdownloadwhitelist>
460
<browserdownloadwhitelist>
461
<value>*.js</value>
462
</browserdownloadwhitelist>
463
<browserdownloadwhitelist>
464
<value>*.xml</value>
465
</browserdownloadwhitelist>
466
<browserdownloadwhitelist>
467
<value>*.dtd</value>
468
</browserdownloadwhitelist>
469
<browserdownloadwhitelist>
470
<value>*.axd</value>
471
</browserdownloadwhitelist>
472
<browserdownloadwhitelist>
473
<value>*.json</value>
474
</browserdownloadwhitelist>
475
<browserdownloadwhitelist>
476
<value>*/js/*</value>
477
</browserdownloadwhitelist>
478
<browserdownloadwhitelist>
479
<value>*/css/*</value>
480
</browserdownloadwhitelist>
481
</browserdownloadwhitelistlist>
482
<browserdonotdownloadextensionlist>
483
<browserdonotdownloadextension>
484
<value>pdf</value>
485
</browserdonotdownloadextension>
486
<browserdonotdownloadextension>
487
<value>doc</value>
488
</browserdonotdownloadextension>
489
<browserdonotdownloadextension>
490
<value>jpg</value>
491
</browserdonotdownloadextension>
492
<browserdonotdownloadextension>
493
<value>jpeg</value>
494
</browserdonotdownloadextension>
495
<browserdonotdownloadextension>
496
<value>gif</value>
497
</browserdonotdownloadextension>
498
<browserdonotdownloadextension>
499
<value>png</value>
500
</browserdonotdownloadextension>
501
<browserdonotdownloadextension>
502
<value>bmp</value>
503
</browserdonotdownloadextension>
504
<browserdonotdownloadextension>
505
<value>ico</value>
506
</browserdonotdownloadextension>
507
<browserdonotdownloadextension>
508
<value>exe</value>
509
</browserdonotdownloadextension>
510
<browserdonotdownloadextension>
511
<value>swf</value>
512
</browserdonotdownloadextension>
513
<browserdonotdownloadextension>
514
<value>mp3</value>
515
</browserdonotdownloadextension>
516
<browserdonotdownloadextension>
517
<value>mp4</value>
518
</browserdonotdownloadextension>
519
<browserdonotdownloadextension>
520
<value>wav</value>
521
</browserdonotdownloadextension>
522
<browserdonotdownloadextension>
523
<value>eot</value>
524
</browserdonotdownloadextension>
525
<browserdonotdownloadextension>
526
<value>ttf</value>
527
</browserdonotdownloadextension>
528
<browserdonotdownloadextension>
529
<value>woff</value>
530
</browserdonotdownloadextension>
531
<browserdonotdownloadextension>
532
<value>ico</value>
533
</browserdonotdownloadextension>
534
<browserdonotdownloadextension>
535
<value>svg</value>
536
</browserdonotdownloadextension>
537
</browserdonotdownloadextensionlist>
538
<browserdonotdownloadcontenttypelist>
539
<browserdonotdownloadcontenttype>
540
<value>audio/*</value>
541
</browserdonotdownloadcontenttype>
542
<browserdonotdownloadcontenttype>
543
<value>image/*</value>
544
</browserdonotdownloadcontenttype>
545
<browserdonotdownloadcontenttype>
546
<value>video/*</value>
547
</browserdonotdownloadcontenttype>
548
<browserdonotdownloadcontenttype>
549
<value>application/pdf</value>
550
</browserdonotdownloadcontenttype>
551
<browserdonotdownloadcontenttype>
552
<value>application/zip</value>
553
</browserdonotdownloadcontenttype>
554
<browserdonotdownloadcontenttype>
555
<value>application/x-rar-compressed</value>
556
</browserdonotdownloadcontenttype>
557
<browserdonotdownloadcontenttype>
558
<value>application/x-dvi</value>
559
</browserdonotdownloadcontenttype>
560
<browserdonotdownloadcontenttype>
561
<value>application/x-shockwave-flash</value>
562
</browserdonotdownloadcontenttype>
563
<browserdonotdownloadcontenttype>
564
<value>application/msword</value>
565
</browserdonotdownloadcontenttype>
566
<browserdonotdownloadcontenttype>
567
<value>application/ogg</value>
568
</browserdonotdownloadcontenttype>
569
<browserdonotdownloadcontenttype>
570
<value>application/x-tar</value>
571
</browserdonotdownloadcontenttype>
572
<browserdonotdownloadcontenttype>
573
<value>application/octet-stream</value>
574
</browserdonotdownloadcontenttype>
575
</browserdonotdownloadcontenttypelist>
576
</crawlconfig>
577
<attackerconfig>
578
<parameterstoattackbeforelimitingattacks>400</parameterstoattackbeforelimitingattacks>
579
<linkstoattackbeforelimitingattacks>200</linkstoattackbeforelimitingattacks>
580
<maxsamenameparameterattackpoints>25</maxsamenameparameterattackpoints>
581
<maxsamecookieparameterattackpoints>15</maxsamecookieparameterattackpoints>
582
<maxsamenameparameterattackpointsperlink>2</maxsamenameparameterattackpointsperlink>
583
<maxparameterattackpointsperlink>50</maxparameterattackpointsperlink>
584
<maxnormalizedsamenameparameterattackpointsperlink>4</maxnormalizedsamenameparameterattackpointsperlink>
585
<applyglobalfindingssettings>1</applyglobalfindingssettings>
586
<applycrawlerconstraints>1</applycrawlerconstraints>
587
<maxnumberofscheduledpassiveattacks>1000000</maxnumberofscheduledpassiveattacks>
588
<mincookielifetimeforattacks>3600</mincookielifetimeforattacks>
589
<excludelowconfidencefindings>0</excludelowconfidencefindings>
590
<outofbandhost></outofbandhost>
591
<defaultdonotattackparamlist>
592
<defaultdonotattackparam>
593
<parametername>^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$</parametername>
594
<matchcriteria>Regex</matchcriteria>
595
</defaultdonotattackparam>
596
</defaultdonotattackparamlist>
597
</attackerconfig>
598
<attackpolicyconfig>
599
<policy>Default attack policy</policy>
600
<attackprioritization>Smart</attackprioritization>
601
<attackdepth>Smart</attackdepth>
602
<enableadvancedattacks>0</enableadvancedattacks>
603
<falsepositiveregex>This web browser does not support JavaScript or JavaScript in this web browser is not enabled.</falsepositiveregex>
604
<falsepositivefindingregex></falsepositivefindingregex>
605
<rootcauseidexcludelist></rootcauseidexcludelist>
606
<attackonlycontrollingheaders>1</attackonlycontrollingheaders>
607
<enforceencoding>0</enforceencoding>
608
<attackpoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</attackpoints>
609
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations>
610
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
611
<attackmodulepolicylist>
612
<attackmodulepolicy>
613
<enabled>1</enabled>
614
<moduleid>C0B05B9C334341B180D2494235FF8F99</moduleid>
615
<modulepriority>High</modulepriority>
616
<severity>Informational</severity>
617
<maxvulnlimit>10</maxvulnlimit>
618
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
619
<maxvariancelimit>2</maxvariancelimit>
620
<passiveanalysisonattacks>0</passiveanalysisonattacks>
621
<enforceencoding>0</enforceencoding>
622
<applypolicyseverity>0</applypolicyseverity>
623
<attackpoints>Web Site</attackpoints>
624
<parameterlocations></parameterlocations>
625
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
626
<displayname>Anonymous Access</displayname>
627
</attackmodulepolicy>
628
<attackmodulepolicy>
629
<enabled>1</enabled>
630
<moduleid>59597A25A9504D5AAD20B74A4DCCABB7</moduleid>
631
<modulepriority>High</modulepriority>
632
<severity>High</severity>
633
<maxvulnlimit>100</maxvulnlimit>
634
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
635
<maxvariancelimit>3</maxvariancelimit>
636
<passiveanalysisonattacks>0</passiveanalysisonattacks>
637
<enforceencoding>0</enforceencoding>
638
<applypolicyseverity>0</applypolicyseverity>
639
<attackpoints>Directory|File|Web Resource|Parameter</attackpoints>
640
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations>
641
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
642
<displayname>Apache Struts 2 Framework Checks</displayname>
643
</attackmodulepolicy>
644
<attackmodulepolicy>
645
<enabled>1</enabled>
646
<moduleid>9F6600FB2E7840E48B156790FEFAC10A</moduleid>
647
<modulepriority>High</modulepriority>
648
<severity>Informational</severity>
649
<maxvulnlimit>100</maxvulnlimit>
650
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
651
<maxvariancelimit>3</maxvariancelimit>
652
<passiveanalysisonattacks>1</passiveanalysisonattacks>
653
<enforceencoding>0</enforceencoding>
654
<applypolicyseverity>0</applypolicyseverity>
655
<attackpoints>Response Analysis</attackpoints>
656
<parameterlocations></parameterlocations>
657
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
658
<displayname>Apache Struts Detection</displayname>
659
</attackmodulepolicy>
660
<attackmodulepolicy>
661
<enabled>1</enabled>
662
<moduleid>929E08F60E084936B12C984ED0F5F47C</moduleid>
663
<modulepriority>High</modulepriority>
664
<severity>High</severity>
665
<maxvulnlimit>100</maxvulnlimit>
666
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
667
<maxvariancelimit>4</maxvariancelimit>
668
<passiveanalysisonattacks>0</passiveanalysisonattacks>
669
<enforceencoding>0</enforceencoding>
670
<applypolicyseverity>0</applypolicyseverity>
671
<attackpoints>Parameter</attackpoints>
672
<parameterlocations>Post</parameterlocations>
673
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
674
<displayname>Arbitrary File Upload</displayname>
675
</attackmodulepolicy>
676
<attackmodulepolicy>
677
<enabled>1</enabled>
678
<moduleid>719FF94DEF014D29B16234909941E48E</moduleid>
679
<modulepriority>Medium</modulepriority>
680
<severity>Low</severity>
681
<maxvulnlimit>25</maxvulnlimit>
682
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
683
<maxvariancelimit>2</maxvariancelimit>
684
<passiveanalysisonattacks>0</passiveanalysisonattacks>
685
<enforceencoding>0</enforceencoding>
686
<applypolicyseverity>0</applypolicyseverity>
687
<attackpoints>Directory</attackpoints>
688
<parameterlocations></parameterlocations>
689
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
690
<displayname>ASP.NET Misconfiguration</displayname>
691
</attackmodulepolicy>
692
<attackmodulepolicy>
693
<enabled>1</enabled>
694
<moduleid>B7CEE386C7C64618A510F3F8FED5400B</moduleid>
695
<modulepriority>Medium</modulepriority>
696
<severity>High</severity>
697
<maxvulnlimit>25</maxvulnlimit>
698
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
699
<maxvariancelimit>4</maxvariancelimit>
700
<passiveanalysisonattacks>0</passiveanalysisonattacks>
701
<enforceencoding>0</enforceencoding>
702
<applypolicyseverity>0</applypolicyseverity>
703
<attackpoints>Parameter</attackpoints>
704
<parameterlocations>Post|Cookie</parameterlocations>
705
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
706
<displayname>ASP.NET Serialization</displayname>
707
</attackmodulepolicy>
708
<attackmodulepolicy>
709
<enabled>1</enabled>
710
<moduleid>865E5CE0E5144D3E899B825EC8603969</moduleid>
711
<modulepriority>Medium</modulepriority>
712
<severity>Low</severity>
713
<maxvulnlimit>200</maxvulnlimit>
714
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
715
<maxvariancelimit>2</maxvariancelimit>
716
<passiveanalysisonattacks>0</passiveanalysisonattacks>
717
<enforceencoding>0</enforceencoding>
718
<applypolicyseverity>0</applypolicyseverity>
719
<attackpoints>Response Analysis</attackpoints>
720
<parameterlocations></parameterlocations>
721
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
722
<displayname>Autocomplete attribute</displayname>
723
</attackmodulepolicy>
724
<attackmodulepolicy>
725
<enabled>1</enabled>
726
<moduleid>38354857D10048B68A34CD2E3EBC3B52</moduleid>
727
<modulepriority>High</modulepriority>
728
<severity>High</severity>
729
<maxvulnlimit>75</maxvulnlimit>
730
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
731
<maxvariancelimit>4</maxvariancelimit>
732
<passiveanalysisonattacks>0</passiveanalysisonattacks>
733
<enforceencoding>0</enforceencoding>
734
<applypolicyseverity>0</applypolicyseverity>
735
<attackpoints>Parameter</attackpoints>
736
<parameterlocations>Query|Post</parameterlocations>
737
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
738
<displayname>Blind LDAP Injection</displayname>
739
</attackmodulepolicy>
740
<attackmodulepolicy>
741
<enabled>1</enabled>
742
<moduleid>13B4C758BA174200885A29CBA7346165</moduleid>
743
<modulepriority>Medium</modulepriority>
744
<severity>Informational</severity>
745
<maxvulnlimit>100</maxvulnlimit>
746
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
747
<maxvariancelimit>1</maxvariancelimit>
748
<passiveanalysisonattacks>0</passiveanalysisonattacks>
749
<enforceencoding>0</enforceencoding>
750
<applypolicyseverity>0</applypolicyseverity>
751
<attackpoints>Response Analysis</attackpoints>
752
<parameterlocations></parameterlocations>
753
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
754
<displayname>Browser Cache directive (web application performance)</displayname>
755
</attackmodulepolicy>
756
<attackmodulepolicy>
757
<enabled>1</enabled>
758
<moduleid>E33B272027B844D5BBB8EDE541983474</moduleid>
759
<modulepriority>Medium</modulepriority>
760
<severity>Low</severity>
761
<maxvulnlimit>150</maxvulnlimit>
762
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
763
<maxvariancelimit>4</maxvariancelimit>
764
<passiveanalysisonattacks>0</passiveanalysisonattacks>
765
<enforceencoding>0</enforceencoding>
766
<applypolicyseverity>0</applypolicyseverity>
767
<attackpoints>Response Analysis</attackpoints>
768
<parameterlocations></parameterlocations>
769
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
770
<displayname>Browser Cache directive (leaking sensitive information)</displayname>
771
</attackmodulepolicy>
772
<attackmodulepolicy>
773
<enabled>1</enabled>
774
<moduleid>A8091DB7769C49ED9E844B9F19529AC1</moduleid>
775
<modulepriority>High</modulepriority>
776
<severity>High</severity>
777
<maxvulnlimit>5</maxvulnlimit>
778
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
779
<maxvariancelimit>2</maxvariancelimit>
780
<passiveanalysisonattacks>0</passiveanalysisonattacks>
781
<enforceencoding>0</enforceencoding>
782
<applypolicyseverity>0</applypolicyseverity>
783
<attackpoints>Web Resource</attackpoints>
784
<parameterlocations></parameterlocations>
785
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
786
<displayname>Brute Force (HTTP Auth)</displayname>
787
</attackmodulepolicy>
788
<attackmodulepolicy>
789
<enabled>1</enabled>
790
<moduleid>7F61DDD522C5439B9EAB4FC17B2F47AA</moduleid>
791
<modulepriority>High</modulepriority>
792
<severity>High</severity>
793
<maxvulnlimit>5</maxvulnlimit>
794
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
795
<maxvariancelimit>2</maxvariancelimit>
796
<passiveanalysisonattacks>0</passiveanalysisonattacks>
797
<enforceencoding>0</enforceencoding>
798
<applypolicyseverity>0</applypolicyseverity>
799
<attackpoints>Parameter</attackpoints>
800
<parameterlocations>Query|Post</parameterlocations>
801
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
802
<displayname>Brute Force (Form Auth)</displayname>
803
</attackmodulepolicy>
804
<attackmodulepolicy>
805
<enabled>1</enabled>
806
<moduleid>22E85EEA6883403982D8C298AEBC935A</moduleid>
807
<modulepriority>High</modulepriority>
808
<severity>High</severity>
809
<maxvulnlimit>250</maxvulnlimit>
810
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
811
<maxvariancelimit>4</maxvariancelimit>
812
<passiveanalysisonattacks>0</passiveanalysisonattacks>
813
<enforceencoding>0</enforceencoding>
814
<applypolicyseverity>0</applypolicyseverity>
815
<attackpoints>Parameter</attackpoints>
816
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
817
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
818
<displayname>Blind SQL</displayname>
819
</attackmodulepolicy>
820
<attackmodulepolicy>
821
<enabled>1</enabled>
822
<moduleid>FD1C760270CE493D92F50C347C79218F</moduleid>
823
<modulepriority>Low</modulepriority>
824
<severity>Low</severity>
825
<maxvulnlimit>100</maxvulnlimit>
826
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
827
<maxvariancelimit>4</maxvariancelimit>
828
<passiveanalysisonattacks>0</passiveanalysisonattacks>
829
<enforceencoding>0</enforceencoding>
830
<applypolicyseverity>0</applypolicyseverity>
831
<attackpoints>Directory</attackpoints>
832
<parameterlocations></parameterlocations>
833
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
834
<displayname>Clients Cross-Domain Policy Files</displayname>
835
</attackmodulepolicy>
836
<attackmodulepolicy>
837
<enabled>1</enabled>
838
<moduleid>A41D5AC842594BF086E9A96DD3353333</moduleid>
839
<modulepriority>Low</modulepriority>
840
<severity>Informational</severity>
841
<maxvulnlimit>100</maxvulnlimit>
842
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
843
<maxvariancelimit>4</maxvariancelimit>
844
<passiveanalysisonattacks>0</passiveanalysisonattacks>
845
<enforceencoding>0</enforceencoding>
846
<applypolicyseverity>0</applypolicyseverity>
847
<attackpoints>Response Analysis</attackpoints>
848
<parameterlocations></parameterlocations>
849
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
850
<displayname>Information Disclosure in comments</displayname>
851
</attackmodulepolicy>
852
<attackmodulepolicy>
853
<enabled>1</enabled>
854
<moduleid>BBFCB66779ED4E7292C08F19E9BB45DF</moduleid>
855
<modulepriority>Medium</modulepriority>
856
<severity>Low</severity>
857
<maxvulnlimit>50</maxvulnlimit>
858
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
859
<maxvariancelimit>10</maxvariancelimit>
860
<passiveanalysisonattacks>0</passiveanalysisonattacks>
861
<enforceencoding>0</enforceencoding>
862
<applypolicyseverity>0</applypolicyseverity>
863
<attackpoints>Response Analysis</attackpoints>
864
<parameterlocations></parameterlocations>
865
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
866
<displayname>Cookie attributes</displayname>
867
</attackmodulepolicy>
868
<attackmodulepolicy>
869
<enabled>1</enabled>
870
<moduleid>2227AE47A2AA40A6B6B1328AC13A6F0C</moduleid>
871
<modulepriority>Low</modulepriority>
872
<severity>Low</severity>
873
<maxvulnlimit>100</maxvulnlimit>
874
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
875
<maxvariancelimit>5</maxvariancelimit>
876
<passiveanalysisonattacks>0</passiveanalysisonattacks>
877
<enforceencoding>0</enforceencoding>
878
<applypolicyseverity>0</applypolicyseverity>
879
<attackpoints>Web Resource|Response Analysis</attackpoints>
880
<parameterlocations></parameterlocations>
881
<requestoriginations>AJAX</requestoriginations>
882
<displayname>Cross Origin Resources Sharing (CORS)</displayname>
883
</attackmodulepolicy>
884
<attackmodulepolicy>
885
<enabled>1</enabled>
886
<moduleid>F8A0814584594965B0AF68B4E190F566</moduleid>
887
<modulepriority>Low</modulepriority>
888
<severity>Medium</severity>
889
<maxvulnlimit>25</maxvulnlimit>
890
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
891
<maxvariancelimit>2</maxvariancelimit>
892
<passiveanalysisonattacks>0</passiveanalysisonattacks>
893
<enforceencoding>0</enforceencoding>
894
<applypolicyseverity>0</applypolicyseverity>
895
<attackpoints>Response Analysis</attackpoints>
896
<parameterlocations></parameterlocations>
897
<requestoriginations>HTML|Form|Silverlight</requestoriginations>
898
<displayname>Credentials over an insecure channel</displayname>
899
</attackmodulepolicy>
900
<attackmodulepolicy>
901
<enabled>1</enabled>
902
<moduleid>C35E7D79DD6F4DA489BBF6BC1D9D012B</moduleid>
903
<modulepriority>Medium</modulepriority>
904
<severity>Informational</severity>
905
<maxvulnlimit>100</maxvulnlimit>
906
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
907
<maxvariancelimit>4</maxvariancelimit>
908
<passiveanalysisonattacks>0</passiveanalysisonattacks>
909
<enforceencoding>0</enforceencoding>
910
<applypolicyseverity>0</applypolicyseverity>
911
<attackpoints>Response Analysis</attackpoints>
912
<parameterlocations></parameterlocations>
913
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
914
<displayname>Content Security Policy Header</displayname>
915
</attackmodulepolicy>
916
<attackmodulepolicy>
917
<enabled>1</enabled>
918
<moduleid>81C9D7ED0E33447899D5CD20B978617B</moduleid>
919
<modulepriority>Low</modulepriority>
920
<severity>Low</severity>
921
<maxvulnlimit>250</maxvulnlimit>
922
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
923
<maxvariancelimit>2</maxvariancelimit>
924
<passiveanalysisonattacks>0</passiveanalysisonattacks>
925
<enforceencoding>0</enforceencoding>
926
<applypolicyseverity>0</applypolicyseverity>
927
<attackpoints>Web Resource</attackpoints>
928
<parameterlocations></parameterlocations>
929
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
930
<displayname>Cross-Site Request Forgery (CSRF)</displayname>
931
</attackmodulepolicy>
932
<attackmodulepolicy>
933
<enabled>0</enabled>
934
<moduleid>3A586D24C653446196BAAC345FDE8C53</moduleid>
935
<modulepriority>Medium</modulepriority>
936
<severity>Informational</severity>
937
<maxvulnlimit>20</maxvulnlimit>
938
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
939
<maxvariancelimit>1</maxvariancelimit>
940
<passiveanalysisonattacks>0</passiveanalysisonattacks>
941
<enforceencoding>0</enforceencoding>
942
<applypolicyseverity>0</applypolicyseverity>
943
<attackpoints>Directory</attackpoints>
944
<parameterlocations></parameterlocations>
945
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
946
<displayname>Custom Directory Module</displayname>
947
</attackmodulepolicy>
948
<attackmodulepolicy>
949
<enabled>0</enabled>
950
<moduleid>EE998B281CE840948E90BF2D61E4C5F9</moduleid>
951
<modulepriority>Medium</modulepriority>
952
<severity>Informational</severity>
953
<maxvulnlimit>20</maxvulnlimit>
954
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
955
<maxvariancelimit>1</maxvariancelimit>
956
<passiveanalysisonattacks>0</passiveanalysisonattacks>
957
<enforceencoding>0</enforceencoding>
958
<applypolicyseverity>0</applypolicyseverity>
959
<attackpoints>Parameter</attackpoints>
960
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations>
961
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
962
<displayname>Custom Parameter Module</displayname>
963
</attackmodulepolicy>
964
<attackmodulepolicy>
965
<enabled>0</enabled>
966
<moduleid>1DE8C004C53D4B89A41E6B98DC6FD3B4</moduleid>
967
<modulepriority>Medium</modulepriority>
968
<severity>Informational</severity>
969
<maxvulnlimit>20</maxvulnlimit>
970
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
971
<maxvariancelimit>1</maxvariancelimit>
972
<passiveanalysisonattacks>0</passiveanalysisonattacks>
973
<enforceencoding>0</enforceencoding>
974
<applypolicyseverity>0</applypolicyseverity>
975
<attackpoints>Response Analysis</attackpoints>
976
<parameterlocations></parameterlocations>
977
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
978
<displayname>Custom Passive Module</displayname>
979
</attackmodulepolicy>
980
<attackmodulepolicy>
981
<enabled>1</enabled>
982
<moduleid>2CE90A403F704F80961E381BE19CCA2F</moduleid>
983
<modulepriority>Medium</modulepriority>
984
<severity>Low</severity>
985
<maxvulnlimit>250</maxvulnlimit>
986
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
987
<maxvariancelimit>1</maxvariancelimit>
988
<passiveanalysisonattacks>0</passiveanalysisonattacks>
989
<enforceencoding>0</enforceencoding>
990
<applypolicyseverity>0</applypolicyseverity>
991
<attackpoints>Directory</attackpoints>
992
<parameterlocations></parameterlocations>
993
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
994
<displayname>Directory Indexing</displayname>
995
</attackmodulepolicy>
996
<attackmodulepolicy>
997
<enabled>1</enabled>
998
<moduleid>240EBB4A72024BA585833EB1F1AB4EC0</moduleid>
999
<modulepriority>Low</modulepriority>
1000
<severity>Informational</severity>
1001
<maxvulnlimit>150</maxvulnlimit>
1002
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1003
<maxvariancelimit>4</maxvariancelimit>
1004
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1005
<enforceencoding>0</enforceencoding>
1006
<applypolicyseverity>0</applypolicyseverity>
1007
<attackpoints>Response Analysis</attackpoints>
1008
<parameterlocations></parameterlocations>
1009
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
1010
<displayname>Email Disclosure</displayname>
1011
</attackmodulepolicy>
1012
<attackmodulepolicy>
1013
<enabled>1</enabled>
1014
<moduleid>9B62D146FF00456388F9822A76F95841</moduleid>
1015
<modulepriority>High</modulepriority>
1016
<severity>High</severity>
1017
<maxvulnlimit>100</maxvulnlimit>
1018
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1019
<maxvariancelimit>4</maxvariancelimit>
1020
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1021
<enforceencoding>0</enforceencoding>
1022
<applypolicyseverity>0</applypolicyseverity>
1023
<attackpoints>Parameter</attackpoints>
1024
<parameterlocations>Path|Query|Post</parameterlocations>
1025
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1026
<displayname>Expression Language Injection</displayname>
1027
</attackmodulepolicy>
1028
<attackmodulepolicy>
1029
<enabled>1</enabled>
1030
<moduleid>D07D5C8EF8664392A0CC1509A6DE5940</moduleid>
1031
<modulepriority>Low</modulepriority>
1032
<severity>Low</severity>
1033
<maxvulnlimit>100</maxvulnlimit>
1034
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1035
<maxvariancelimit>2</maxvariancelimit>
1036
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1037
<enforceencoding>0</enforceencoding>
1038
<applypolicyseverity>0</applypolicyseverity>
1039
<attackpoints>Parameter</attackpoints>
1040
<parameterlocations>Directory|Path|Query|Post|Cookie</parameterlocations>
1041
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1042
<displayname>Forced Browsing</displayname>
1043
</attackmodulepolicy>
1044
<attackmodulepolicy>
1045
<enabled>1</enabled>
1046
<moduleid>FD28B5D41E064D37B5543CE22BBC6306</moduleid>
1047
<modulepriority>Medium</modulepriority>
1048
<severity>Low</severity>
1049
<maxvulnlimit>200</maxvulnlimit>
1050
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1051
<maxvariancelimit>2</maxvariancelimit>
1052
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1053
<enforceencoding>0</enforceencoding>
1054
<applypolicyseverity>0</applypolicyseverity>
1055
<attackpoints>Response Analysis</attackpoints>
1056
<parameterlocations></parameterlocations>
1057
<requestoriginations>HTML|Form|Silverlight</requestoriginations>
1058
<displayname>Sensitive Data Exposure</displayname>
1059
</attackmodulepolicy>
1060
<attackmodulepolicy>
1061
<enabled>1</enabled>
1062
<moduleid>7B61BD81D278490C9B1A7B0568E94E30</moduleid>
1063
<modulepriority>High</modulepriority>
1064
<severity>Low</severity>
1065
<maxvulnlimit>5</maxvulnlimit>
1066
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1067
<maxvariancelimit>4</maxvariancelimit>
1068
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1069
<enforceencoding>0</enforceencoding>
1070
<applypolicyseverity>0</applypolicyseverity>
1071
<attackpoints>Web Resource</attackpoints>
1072
<parameterlocations></parameterlocations>
1073
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
1074
<displayname>Form Session Strength</displayname>
1075
</attackmodulepolicy>
1076
<attackmodulepolicy>
1077
<enabled>1</enabled>
1078
<moduleid>5032DAF0D8FE4294B23F0D1DAA4C0337</moduleid>
1079
<modulepriority>High</modulepriority>
1080
<severity>High</severity>
1081
<maxvulnlimit>25</maxvulnlimit>
1082
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1083
<maxvariancelimit>50</maxvariancelimit>
1084
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1085
<enforceencoding>0</enforceencoding>
1086
<applypolicyseverity>0</applypolicyseverity>
1087
<attackpoints>Web Site</attackpoints>
1088
<parameterlocations></parameterlocations>
1089
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
1090
<displayname>FrontPage Checks</displayname>
1091
</attackmodulepolicy>
1092
<attackmodulepolicy>
1093
<enabled>1</enabled>
1094
<moduleid>748E90FC47AB4B438C3A49660989B44A</moduleid>
1095
<modulepriority>High</modulepriority>
1096
<severity>High</severity>
1097
<maxvulnlimit>25</maxvulnlimit>
1098
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1099
<maxvariancelimit>1</maxvariancelimit>
1100
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1101
<enforceencoding>0</enforceencoding>
1102
<applypolicyseverity>0</applypolicyseverity>
1103
<attackpoints>Web Site</attackpoints>
1104
<parameterlocations></parameterlocations>
1105
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1106
<displayname>Heartbleed Check</displayname>
1107
</attackmodulepolicy>
1108
<attackmodulepolicy>
1109
<enabled>1</enabled>
1110
<moduleid>EBEE6CA2515F4FBEB8B7EC0197C5A74F</moduleid>
1111
<modulepriority>Low</modulepriority>
1112
<severity>Informational</severity>
1113
<maxvulnlimit>20</maxvulnlimit>
1114
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1115
<maxvariancelimit>1</maxvariancelimit>
1116
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1117
<enforceencoding>0</enforceencoding>
1118
<applypolicyseverity>0</applypolicyseverity>
1119
<attackpoints>Response Analysis</attackpoints>
1120
<parameterlocations></parameterlocations>
1121
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1122
<displayname>HTTP Strict Transport Security</displayname>
1123
</attackmodulepolicy>
1124
<attackmodulepolicy>
1125
<enabled>1</enabled>
1126
<moduleid>F25AF6387E8A429F8E664F31E2974054</moduleid>
1127
<modulepriority>Low</modulepriority>
1128
<severity>Low</severity>
1129
<maxvulnlimit>20</maxvulnlimit>
1130
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1131
<maxvariancelimit>4</maxvariancelimit>
1132
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1133
<enforceencoding>0</enforceencoding>
1134
<applypolicyseverity>0</applypolicyseverity>
1135
<attackpoints>Response Analysis</attackpoints>
1136
<parameterlocations></parameterlocations>
1137
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1138
<displayname>HTTP Authentication over insecure channel</displayname>
1139
</attackmodulepolicy>
1140
<attackmodulepolicy>
1141
<enabled>1</enabled>
1142
<moduleid>60B0D57597EF4542A15FCB8D907669B0</moduleid>
1143
<modulepriority>Low</modulepriority>
1144
<severity>Low</severity>
1145
<maxvulnlimit>200</maxvulnlimit>
1146
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1147
<maxvariancelimit>1</maxvariancelimit>
1148
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1149
<enforceencoding>0</enforceencoding>
1150
<applypolicyseverity>0</applypolicyseverity>
1151
<attackpoints>Web Resource</attackpoints>
1152
<parameterlocations></parameterlocations>
1153
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1154
<displayname>HTTPS Downgrade</displayname>
1155
</attackmodulepolicy>
1156
<attackmodulepolicy>
1157
<enabled>1</enabled>
1158
<moduleid>55D76EB20CE54C01856E43223232E3DD</moduleid>
1159
<modulepriority>Medium</modulepriority>
1160
<severity>Informational</severity>
1161
<maxvulnlimit>200</maxvulnlimit>
1162
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1163
<maxvariancelimit>4</maxvariancelimit>
1164
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1165
<enforceencoding>0</enforceencoding>
1166
<applypolicyseverity>0</applypolicyseverity>
1167
<attackpoints>Response Analysis</attackpoints>
1168
<parameterlocations></parameterlocations>
1169
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1170
<displayname>HTTP Headers</displayname>
1171
</attackmodulepolicy>
1172
<attackmodulepolicy>
1173
<enabled>1</enabled>
1174
<moduleid>DE08B6DDD872440E91347969D514CFD6</moduleid>
1175
<modulepriority>High</modulepriority>
1176
<severity>High</severity>
1177
<maxvulnlimit>200</maxvulnlimit>
1178
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1179
<maxvariancelimit>4</maxvariancelimit>
1180
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1181
<enforceencoding>0</enforceencoding>
1182
<applypolicyseverity>0</applypolicyseverity>
1183
<attackpoints>Parameter</attackpoints>
1184
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations>
1185
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1186
<displayname>HTTP Response Splitting</displayname>
1187
</attackmodulepolicy>
1188
<attackmodulepolicy>
1189
<enabled>1</enabled>
1190
<moduleid>1712CD453B074C78A8A561E0ED66DD1F</moduleid>
1191
<modulepriority>Low</modulepriority>
1192
<severity>Low</severity>
1193
<maxvulnlimit>200</maxvulnlimit>
1194
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1195
<maxvariancelimit>1</maxvariancelimit>
1196
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1197
<enforceencoding>0</enforceencoding>
1198
<applypolicyseverity>0</applypolicyseverity>
1199
<attackpoints>Web Site|Web Resource|Response Analysis</attackpoints>
1200
<parameterlocations></parameterlocations>
1201
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1202
<displayname>HTTPS Everywhere</displayname>
1203
</attackmodulepolicy>
1204
<attackmodulepolicy>
1205
<enabled>1</enabled>
1206
<moduleid>881B35A841414BBAA05084A2A8CE7904</moduleid>
1207
<modulepriority>Low</modulepriority>
1208
<severity>Informational</severity>
1209
<maxvulnlimit>20</maxvulnlimit>
1210
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1211
<maxvariancelimit>1</maxvariancelimit>
1212
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1213
<enforceencoding>0</enforceencoding>
1214
<applypolicyseverity>0</applypolicyseverity>
1215
<attackpoints>Web Resource</attackpoints>
1216
<parameterlocations></parameterlocations>
1217
<requestoriginations>HTML|Form|Flash|Silverlight</requestoriginations>
1218
<displayname>HTTP User-Agent Check</displayname>
1219
</attackmodulepolicy>
1220
<attackmodulepolicy>
1221
<enabled>1</enabled>
1222
<moduleid>6A609D0096124619842EE23FA7C989B5</moduleid>
1223
<modulepriority>Low</modulepriority>
1224
<severity>Informational</severity>
1225
<maxvulnlimit>500</maxvulnlimit>
1226
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1227
<maxvariancelimit>4</maxvariancelimit>
1228
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1229
<enforceencoding>0</enforceencoding>
1230
<applypolicyseverity>0</applypolicyseverity>
1231
<attackpoints>Response Analysis</attackpoints>
1232
<parameterlocations></parameterlocations>
1233
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1234
<displayname>Information Disclosure in response</displayname>
1235
</attackmodulepolicy>
1236
<attackmodulepolicy>
1237
<enabled>1</enabled>
1238
<moduleid>E617D008F7534C808064D2B1A4BFE81A</moduleid>
1239
<modulepriority>High</modulepriority>
1240
<severity>Low</severity>
1241
<maxvulnlimit>500</maxvulnlimit>
1242
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1243
<maxvariancelimit>4</maxvariancelimit>
1244
<passiveanalysisonattacks>1</passiveanalysisonattacks>
1245
<enforceencoding>0</enforceencoding>
1246
<applypolicyseverity>0</applypolicyseverity>
1247
<attackpoints>Response Analysis</attackpoints>
1248
<parameterlocations></parameterlocations>
1249
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1250
<displayname>Information Leakage in responses</displayname>
1251
</attackmodulepolicy>
1252
<attackmodulepolicy>
1253
<enabled>1</enabled>
1254
<moduleid>B86A3A67D710456898A9009DBF6A4989</moduleid>
1255
<modulepriority>Low</modulepriority>
1256
<severity>Low</severity>
1257
<maxvulnlimit>100</maxvulnlimit>
1258
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1259
<maxvariancelimit>4</maxvariancelimit>
1260
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1261
<enforceencoding>0</enforceencoding>
1262
<applypolicyseverity>0</applypolicyseverity>
1263
<attackpoints>Web Resource</attackpoints>
1264
<parameterlocations></parameterlocations>
1265
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
1266
<displayname>Java Grinder</displayname>
1267
</attackmodulepolicy>
1268
<attackmodulepolicy>
1269
<enabled>1</enabled>
1270
<moduleid>F10ACEB0A6804D0F93516428E64B46FD</moduleid>
1271
<modulepriority>Low</modulepriority>
1272
<severity>Informational</severity>
1273
<maxvulnlimit>100</maxvulnlimit>
1274
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1275
<maxvariancelimit>4</maxvariancelimit>
1276
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1277
<enforceencoding>0</enforceencoding>
1278
<applypolicyseverity>0</applypolicyseverity>
1279
<attackpoints>Response Analysis</attackpoints>
1280
<parameterlocations></parameterlocations>
1281
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight</requestoriginations>
1282
<displayname>JavaScript Memory Leaks</displayname>
1283
</attackmodulepolicy>
1284
<attackmodulepolicy>
1285
<enabled>1</enabled>
1286
<moduleid>B7FD0D454CB246AC85A29AF53C27157F</moduleid>
1287
<modulepriority>High</modulepriority>
1288
<severity>High</severity>
1289
<maxvulnlimit>100</maxvulnlimit>
1290
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1291
<maxvariancelimit>4</maxvariancelimit>
1292
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1293
<enforceencoding>0</enforceencoding>
1294
<applypolicyseverity>0</applypolicyseverity>
1295
<attackpoints>Parameter</attackpoints>
1296
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
1297
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1298
<displayname>LDAP Injection</displayname>
1299
</attackmodulepolicy>
1300
<attackmodulepolicy>
1301
<enabled>1</enabled>
1302
<moduleid>FCD9A41AD39247C0B45A8D42FF7A4E5E</moduleid>
1303
<modulepriority>High</modulepriority>
1304
<severity>Informational</severity>
1305
<maxvulnlimit>250</maxvulnlimit>
1306
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1307
<maxvariancelimit>4</maxvariancelimit>
1308
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1309
<enforceencoding>0</enforceencoding>
1310
<applypolicyseverity>0</applypolicyseverity>
1311
<attackpoints>Response Analysis</attackpoints>
1312
<parameterlocations></parameterlocations>
1313
<requestoriginations>HTML|Form|AJAX</requestoriginations>
1314
<displayname>Local Storage Usage</displayname>
1315
</attackmodulepolicy>
1316
<attackmodulepolicy>
1317
<enabled>1</enabled>
1318
<moduleid>466E4CC294D94A11AFD50FD01D56261F</moduleid>
1319
<modulepriority>Medium</modulepriority>
1320
<severity>Low</severity>
1321
<maxvulnlimit>100</maxvulnlimit>
1322
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1323
<maxvariancelimit>4</maxvariancelimit>
1324
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1325
<enforceencoding>0</enforceencoding>
1326
<applypolicyseverity>0</applypolicyseverity>
1327
<attackpoints>Parameter|Response Analysis</attackpoints>
1328
<parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations>
1329
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1330
<displayname>Business logic abuse attacks</displayname>
1331
</attackmodulepolicy>
1332
<attackmodulepolicy>
1333
<enabled>1</enabled>
1334
<moduleid>7D06B46D915644E9870F4A6B903FC09F</moduleid>
1335
<modulepriority>High</modulepriority>
1336
<severity>High</severity>
1337
<maxvulnlimit>10</maxvulnlimit>
1338
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1339
<maxvariancelimit>1</maxvariancelimit>
1340
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1341
<enforceencoding>0</enforceencoding>
1342
<applypolicyseverity>0</applypolicyseverity>
1343
<attackpoints>Parameter</attackpoints>
1344
<parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations>
1345
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1346
<displayname>Nginx NULL code</displayname>
1347
</attackmodulepolicy>
1348
<attackmodulepolicy>
1349
<enabled>1</enabled>
1350
<moduleid>99E5E4DD1B734047B95402FB7C76BEC3</moduleid>
1351
<modulepriority>Medium</modulepriority>
1352
<severity>High</severity>
1353
<maxvulnlimit>200</maxvulnlimit>
1354
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1355
<maxvariancelimit>4</maxvariancelimit>
1356
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1357
<enforceencoding>0</enforceencoding>
1358
<applypolicyseverity>0</applypolicyseverity>
1359
<attackpoints>Parameter</attackpoints>
1360
<parameterlocations>File|Path|Query|Post</parameterlocations>
1361
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1362
<displayname>OS Commanding</displayname>
1363
</attackmodulepolicy>
1364
<attackmodulepolicy>
1365
<enabled>1</enabled>
1366
<moduleid>2934BC76771C4016BD3524B432CEBCA8</moduleid>
1367
<modulepriority>High</modulepriority>
1368
<severity>High</severity>
1369
<maxvulnlimit>250</maxvulnlimit>
1370
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1371
<maxvariancelimit>5</maxvariancelimit>
1372
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1373
<enforceencoding>0</enforceencoding>
1374
<applypolicyseverity>0</applypolicyseverity>
1375
<attackpoints>Parameter</attackpoints>
1376
<parameterlocations>Query|Post</parameterlocations>
1377
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1378
<displayname>Out of Band Stored Cross-site scripting (XSS)</displayname>
1379
</attackmodulepolicy>
1380
<attackmodulepolicy>
1381
<enabled>1</enabled>
1382
<moduleid>A62D1481CB394632B06C0C54FCDD0579</moduleid>
1383
<modulepriority>High</modulepriority>
1384
<severity>Medium</severity>
1385
<maxvulnlimit>250</maxvulnlimit>
1386
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1387
<maxvariancelimit>5</maxvariancelimit>
1388
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1389
<enforceencoding>0</enforceencoding>
1390
<applypolicyseverity>0</applypolicyseverity>
1391
<attackpoints>Parameter</attackpoints>
1392
<parameterlocations>Query|Post</parameterlocations>
1393
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1394
<displayname>Out of Band Cross-site scripting (XSS)</displayname>
1395
</attackmodulepolicy>
1396
<attackmodulepolicy>
1397
<enabled>1</enabled>
1398
<moduleid>A8AB603EABC04875A5B2320CF6990C24</moduleid>
1399
<modulepriority>High</modulepriority>
1400
<severity>Medium</severity>
1401
<maxvulnlimit>500</maxvulnlimit>
1402
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1403
<maxvariancelimit>4</maxvariancelimit>
1404
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1405
<enforceencoding>0</enforceencoding>
1406
<applypolicyseverity>0</applypolicyseverity>
1407
<attackpoints>Parameter</attackpoints>
1408
<parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations>
1409
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1410
<displayname>Parameter Fuzzing</displayname>
1411
</attackmodulepolicy>
1412
<attackmodulepolicy>
1413
<enabled>1</enabled>
1414
<moduleid>FAC53175FF1E4478AA6D3E2DD4D66B6D</moduleid>
1415
<modulepriority>High</modulepriority>
1416
<severity>Low</severity>
1417
<maxvulnlimit>10</maxvulnlimit>
1418
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1419
<maxvariancelimit>2</maxvariancelimit>
1420
<passiveanalysisonattacks>1</passiveanalysisonattacks>
1421
<enforceencoding>0</enforceencoding>
1422
<applypolicyseverity>0</applypolicyseverity>
1423
<attackpoints>Response Analysis</attackpoints>
1424
<parameterlocations></parameterlocations>
1425
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1426
<displayname>Credentials stored in clear text in a cookie.</displayname>
1427
</attackmodulepolicy>
1428
<attackmodulepolicy>
1429
<enabled>1</enabled>
1430
<moduleid>243C315A46A14C92A2717A29A4290167</moduleid>
1431
<modulepriority>Medium</modulepriority>
1432
<severity>Informational</severity>
1433
<maxvulnlimit>200</maxvulnlimit>
1434
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1435
<maxvariancelimit>10</maxvariancelimit>
1436
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1437
<enforceencoding>0</enforceencoding>
1438
<applypolicyseverity>0</applypolicyseverity>
1439
<attackpoints>Response Analysis</attackpoints>
1440
<parameterlocations></parameterlocations>
1441
<requestoriginations>HTML|Form|Silverlight</requestoriginations>
1442
<displayname>Collecting Sensitive Personal Information</displayname>
1443
</attackmodulepolicy>
1444
<attackmodulepolicy>
1445
<enabled>1</enabled>
1446
<moduleid>B97A29683AEE4AA2B94FC26BFC2694A9</moduleid>
1447
<modulepriority>High</modulepriority>
1448
<severity>Medium</severity>
1449
<maxvulnlimit>100</maxvulnlimit>
1450
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1451
<maxvariancelimit>4</maxvariancelimit>
1452
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1453
<enforceencoding>0</enforceencoding>
1454
<applypolicyseverity>0</applypolicyseverity>
1455
<attackpoints>Parameter</attackpoints>
1456
<parameterlocations>Query|Post|Cookie</parameterlocations>
1457
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1458
<displayname>PHP Code Execution</displayname>
1459
</attackmodulepolicy>
1460
<attackmodulepolicy>
1461
<enabled>1</enabled>
1462
<moduleid>FF01402DB70848D88ACB0736B6E4BCF5</moduleid>
1463
<modulepriority>High</modulepriority>
1464
<severity>Low</severity>
1465
<maxvulnlimit>4</maxvulnlimit>
1466
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1467
<maxvariancelimit>4</maxvariancelimit>
1468
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1469
<enforceencoding>0</enforceencoding>
1470
<applypolicyseverity>0</applypolicyseverity>
1471
<attackpoints>Web Resource</attackpoints>
1472
<parameterlocations></parameterlocations>
1473
<requestoriginations>HTML</requestoriginations>
1474
<displayname>Privacy Policy Check</displayname>
1475
</attackmodulepolicy>
1476
<attackmodulepolicy>
1477
<enabled>1</enabled>
1478
<moduleid>AFF041E38E444889B271CDE1B24378EA</moduleid>
1479
<modulepriority>Low</modulepriority>
1480
<severity>Informational</severity>
1481
<maxvulnlimit>250</maxvulnlimit>
1482
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1483
<maxvariancelimit>10</maxvariancelimit>
1484
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1485
<enforceencoding>0</enforceencoding>
1486
<applypolicyseverity>0</applypolicyseverity>
1487
<attackpoints>Response Analysis</attackpoints>
1488
<parameterlocations></parameterlocations>
1489
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1490
<displayname>Privacy Disclosure</displayname>
1491
</attackmodulepolicy>
1492
<attackmodulepolicy>
1493
<enabled>1</enabled>
1494
<moduleid>433C43A54C714F08B822B7932D410A78</moduleid>
1495
<modulepriority>Medium</modulepriority>
1496
<severity>Low</severity>
1497
<maxvulnlimit>10</maxvulnlimit>
1498
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1499
<maxvariancelimit>4</maxvariancelimit>
1500
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1501
<enforceencoding>0</enforceencoding>
1502
<applypolicyseverity>0</applypolicyseverity>
1503
<attackpoints>Web Resource|Response Analysis</attackpoints>
1504
<parameterlocations></parameterlocations>
1505
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1506
<displayname>Privilege Escalation</displayname>
1507
</attackmodulepolicy>
1508
<attackmodulepolicy>
1509
<enabled>1</enabled>
1510
<moduleid>ED2E98EFF9A14BF7ACA06A7B28FF97BE</moduleid>
1511
<modulepriority>Low</modulepriority>
1512
<severity>Informational</severity>
1513
<maxvulnlimit>200</maxvulnlimit>
1514
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1515
<maxvariancelimit>4</maxvariancelimit>
1516
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1517
<enforceencoding>0</enforceencoding>
1518
<applypolicyseverity>0</applypolicyseverity>
1519
<attackpoints>Response Analysis</attackpoints>
1520
<parameterlocations></parameterlocations>
1521
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1522
<displayname>Profanity</displayname>
1523
</attackmodulepolicy>
1524
<attackmodulepolicy>
1525
<enabled>1</enabled>
1526
<moduleid>0AE25E41D6F44F29900104EF86B04191</moduleid>
1527
<modulepriority>Low</modulepriority>
1528
<severity>Safe</severity>
1529
<maxvulnlimit>500</maxvulnlimit>
1530
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1531
<maxvariancelimit>4</maxvariancelimit>
1532
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1533
<enforceencoding>0</enforceencoding>
1534
<applypolicyseverity>0</applypolicyseverity>
1535
<attackpoints>Parameter</attackpoints>
1536
<parameterlocations>Directory|File|Path|Query|Post|Cookie</parameterlocations>
1537
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
1538
<displayname>Reflection</displayname>
1539
</attackmodulepolicy>
1540
<attackmodulepolicy>
1541
<enabled>1</enabled>
1542
<moduleid>8CB2F93CE7F243B98D3C83A9A3E6EA4B</moduleid>
1543
<modulepriority>Medium</modulepriority>
1544
<severity>Medium</severity>
1545
<maxvulnlimit>1000</maxvulnlimit>
1546
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1547
<maxvariancelimit>4</maxvariancelimit>
1548
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1549
<enforceencoding>0</enforceencoding>
1550
<applypolicyseverity>0</applypolicyseverity>
1551
<attackpoints>Directory|File|Parameter</attackpoints>
1552
<parameterlocations>Query|Post|Cookie</parameterlocations>
1553
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1554
<displayname>File Inclusion</displayname>
1555
</attackmodulepolicy>
1556
<attackmodulepolicy>
1557
<enabled>1</enabled>
1558
<moduleid>63430695B68941DF99BF242F5AE1674B</moduleid>
1559
<modulepriority>Low</modulepriority>
1560
<severity>Informational</severity>
1561
<maxvulnlimit>50</maxvulnlimit>
1562
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1563
<maxvariancelimit>2</maxvariancelimit>
1564
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1565
<enforceencoding>0</enforceencoding>
1566
<applypolicyseverity>0</applypolicyseverity>
1567
<attackpoints>Web Resource</attackpoints>
1568
<parameterlocations></parameterlocations>
1569
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1570
<displayname>HTTP Verb Tampering</displayname>
1571
</attackmodulepolicy>
1572
<attackmodulepolicy>
1573
<enabled>1</enabled>
1574
<moduleid>D8741C7560B8431A9AE74E9B4FEB4F45</moduleid>
1575
<modulepriority>Low</modulepriority>
1576
<severity>Low</severity>
1577
<maxvulnlimit>200</maxvulnlimit>
1578
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1579
<maxvariancelimit>10</maxvariancelimit>
1580
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1581
<enforceencoding>0</enforceencoding>
1582
<applypolicyseverity>0</applypolicyseverity>
1583
<attackpoints>Web Site|Directory|File</attackpoints>
1584
<parameterlocations></parameterlocations>
1585
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1586
<displayname>Predictable Resource Location</displayname>
1587
</attackmodulepolicy>
1588
<attackmodulepolicy>
1589
<enabled>1</enabled>
1590
<moduleid>13623AA162FA4488852116B7EC0DE49E</moduleid>
1591
<modulepriority>Medium</modulepriority>
1592
<severity>Medium</severity>
1593
<maxvulnlimit>250</maxvulnlimit>
1594
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1595
<maxvariancelimit>4</maxvariancelimit>
1596
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1597
<enforceencoding>0</enforceencoding>
1598
<applypolicyseverity>0</applypolicyseverity>
1599
<attackpoints>Parameter</attackpoints>
1600
<parameterlocations>Query</parameterlocations>
1601
<requestoriginations>HTML|Form</requestoriginations>
1602
<displayname>Reverse Clickjacking</displayname>
1603
</attackmodulepolicy>
1604
<attackmodulepolicy>
1605
<enabled>1</enabled>
1606
<moduleid>A418163442A54BB9BB0F1E591881A835</moduleid>
1607
<modulepriority>High</modulepriority>
1608
<severity>Low</severity>
1609
<maxvulnlimit>25</maxvulnlimit>
1610
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1611
<maxvariancelimit>1</maxvariancelimit>
1612
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1613
<enforceencoding>0</enforceencoding>
1614
<applypolicyseverity>0</applypolicyseverity>
1615
<attackpoints>Web Site</attackpoints>
1616
<parameterlocations></parameterlocations>
1617
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1618
<displayname>Reverse Proxy</displayname>
1619
</attackmodulepolicy>
1620
<attackmodulepolicy>
1621
<enabled>1</enabled>
1622
<moduleid>2C7D393BABA44517B0A37DC8ADCF9630</moduleid>
1623
<modulepriority>Low</modulepriority>
1624
<severity>Low</severity>
1625
<maxvulnlimit>200</maxvulnlimit>
1626
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1627
<maxvariancelimit>4</maxvariancelimit>
1628
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1629
<enforceencoding>0</enforceencoding>
1630
<applypolicyseverity>0</applypolicyseverity>
1631
<attackpoints>Response Analysis</attackpoints>
1632
<parameterlocations></parameterlocations>
1633
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
1634
<displayname>Information Disclosure in scripts</displayname>
1635
</attackmodulepolicy>
1636
<attackmodulepolicy>
1637
<enabled>1</enabled>
1638
<moduleid>07BD211A580944E591F78B40FF3F3489</moduleid>
1639
<modulepriority>Low</modulepriority>
1640
<severity>Informational</severity>
1641
<maxvulnlimit>250</maxvulnlimit>
1642
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1643
<maxvariancelimit>3</maxvariancelimit>
1644
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1645
<enforceencoding>0</enforceencoding>
1646
<applypolicyseverity>0</applypolicyseverity>
1647
<attackpoints>Response Analysis</attackpoints>
1648
<parameterlocations></parameterlocations>
1649
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1650
<displayname>Secure and non-secure content mix</displayname>
1651
</attackmodulepolicy>
1652
<attackmodulepolicy>
1653
<enabled>1</enabled>
1654
<moduleid>1CBEA71A88844A11A4CD6ABAA2FD7F62</moduleid>
1655
<modulepriority>Low</modulepriority>
1656
<severity>Low</severity>
1657
<maxvulnlimit>100</maxvulnlimit>
1658
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1659
<maxvariancelimit>4</maxvariancelimit>
1660
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1661
<enforceencoding>0</enforceencoding>
1662
<applypolicyseverity>0</applypolicyseverity>
1663
<attackpoints>Response Analysis</attackpoints>
1664
<parameterlocations></parameterlocations>
1665
<requestoriginations>HTML|Form|Silverlight</requestoriginations>
1666
<displayname>Sensitive data over an insecure channel</displayname>
1667
</attackmodulepolicy>
1668
<attackmodulepolicy>
1669
<enabled>1</enabled>
1670
<moduleid>34A0F038EFA248B594E7F17447F4CF2E</moduleid>
1671
<modulepriority>High</modulepriority>
1672
<severity>Informational</severity>
1673
<maxvulnlimit>10</maxvulnlimit>
1674
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1675
<maxvariancelimit>1</maxvariancelimit>
1676
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1677
<enforceencoding>0</enforceencoding>
1678
<applypolicyseverity>0</applypolicyseverity>
1679
<attackpoints>Web Site|Response Analysis</attackpoints>
1680
<parameterlocations></parameterlocations>
1681
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1682
<displayname>Server Configuration</displayname>
1683
</attackmodulepolicy>
1684
<attackmodulepolicy>
1685
<enabled>1</enabled>
1686
<moduleid>DC8E0D09314B44D39915AAF8439B4F53</moduleid>
1687
<modulepriority>Medium</modulepriority>
1688
<severity>Medium</severity>
1689
<maxvulnlimit>150</maxvulnlimit>
1690
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1691
<maxvariancelimit>4</maxvariancelimit>
1692
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1693
<enforceencoding>0</enforceencoding>
1694
<applypolicyseverity>0</applypolicyseverity>
1695
<attackpoints>Parameter</attackpoints>
1696
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations>
1697
<requestoriginations>HTML|Form|AJAX</requestoriginations>
1698
<displayname>Server Side Include (SSI) Injection</displayname>
1699
</attackmodulepolicy>
1700
<attackmodulepolicy>
1701
<enabled>1</enabled>
1702
<moduleid>0F5408AB9FF94320AA58FCFE80EDEF59</moduleid>
1703
<modulepriority>High</modulepriority>
1704
<severity>High</severity>
1705
<maxvulnlimit>200</maxvulnlimit>
1706
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1707
<maxvariancelimit>4</maxvariancelimit>
1708
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1709
<enforceencoding>0</enforceencoding>
1710
<applypolicyseverity>0</applypolicyseverity>
1711
<attackpoints>Parameter</attackpoints>
1712
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
1713
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1714
<displayname>Server Side Template Injection</displayname>
1715
</attackmodulepolicy>
1716
<attackmodulepolicy>
1717
<enabled>1</enabled>
1718
<moduleid>DB1340E1857540219DF84A6A9DC0494C</moduleid>
1719
<modulepriority>High</modulepriority>
1720
<severity>Medium</severity>
1721
<maxvulnlimit>25</maxvulnlimit>
1722
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1723
<maxvariancelimit>2</maxvariancelimit>
1724
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1725
<enforceencoding>0</enforceencoding>
1726
<applypolicyseverity>0</applypolicyseverity>
1727
<attackpoints>Web Resource</attackpoints>
1728
<parameterlocations></parameterlocations>
1729
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1730
<displayname>Session Fixation</displayname>
1731
</attackmodulepolicy>
1732
<attackmodulepolicy>
1733
<enabled>1</enabled>
1734
<moduleid>6B1B2812012D41249BDEE83FFAEB523D</moduleid>
1735
<modulepriority>Low</modulepriority>
1736
<severity>Low</severity>
1737
<maxvulnlimit>10</maxvulnlimit>
1738
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1739
<maxvariancelimit>1</maxvariancelimit>
1740
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1741
<enforceencoding>0</enforceencoding>
1742
<applypolicyseverity>0</applypolicyseverity>
1743
<attackpoints>Parameter</attackpoints>
1744
<parameterlocations>Directory|Path|Query</parameterlocations>
1745
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations>
1746
<displayname>HTTP Query Session Check</displayname>
1747
</attackmodulepolicy>
1748
<attackmodulepolicy>
1749
<enabled>1</enabled>
1750
<moduleid>F729A70998064A1F99A8BEA8512D31AE</moduleid>
1751
<modulepriority>Medium</modulepriority>
1752
<severity>Low</severity>
1753
<maxvulnlimit>10</maxvulnlimit>
1754
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1755
<maxvariancelimit>4</maxvariancelimit>
1756
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1757
<enforceencoding>0</enforceencoding>
1758
<applypolicyseverity>0</applypolicyseverity>
1759
<attackpoints>Web Resource</attackpoints>
1760
<parameterlocations></parameterlocations>
1761
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1762
<displayname>Session Strength</displayname>
1763
</attackmodulepolicy>
1764
<attackmodulepolicy>
1765
<enabled>1</enabled>
1766
<moduleid>0DB2C1311DA74B80A153A8733C74D6CC</moduleid>
1767
<modulepriority>Medium</modulepriority>
1768
<severity>Low</severity>
1769
<maxvulnlimit>50</maxvulnlimit>
1770
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1771
<maxvariancelimit>4</maxvariancelimit>
1772
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1773
<enforceencoding>0</enforceencoding>
1774
<applypolicyseverity>0</applypolicyseverity>
1775
<attackpoints>Response Analysis</attackpoints>
1776
<parameterlocations></parameterlocations>
1777
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1778
<displayname>Session Upgrade</displayname>
1779
</attackmodulepolicy>
1780
<attackmodulepolicy>
1781
<enabled>1</enabled>
1782
<moduleid>7A7B3239AB8146839A8AEF170807ED1E</moduleid>
1783
<modulepriority>Low</modulepriority>
1784
<severity>Medium</severity>
1785
<maxvulnlimit>100</maxvulnlimit>
1786
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1787
<maxvariancelimit>4</maxvariancelimit>
1788
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1789
<enforceencoding>0</enforceencoding>
1790
<applypolicyseverity>0</applypolicyseverity>
1791
<attackpoints>File</attackpoints>
1792
<parameterlocations></parameterlocations>
1793
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1794
<displayname>Source Code Disclosure</displayname>
1795
</attackmodulepolicy>
1796
<attackmodulepolicy>
1797
<enabled>1</enabled>
1798
<moduleid>59646365E0E44520BE4297C3ABAA7E75</moduleid>
1799
<modulepriority>High</modulepriority>
1800
<severity>Low</severity>
1801
<maxvulnlimit>250</maxvulnlimit>
1802
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1803
<maxvariancelimit>4</maxvariancelimit>
1804
<passiveanalysisonattacks>1</passiveanalysisonattacks>
1805
<enforceencoding>0</enforceencoding>
1806
<applypolicyseverity>0</applypolicyseverity>
1807
<attackpoints>Response Analysis</attackpoints>
1808
<parameterlocations></parameterlocations>
1809
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1810
<displayname>SQL Information Leakage</displayname>
1811
</attackmodulepolicy>
1812
<attackmodulepolicy>
1813
<enabled>1</enabled>
1814
<moduleid>B6F559D374B5451EB424A1C1FB264FA6</moduleid>
1815
<modulepriority>High</modulepriority>
1816
<severity>High</severity>
1817
<maxvulnlimit>500</maxvulnlimit>
1818
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1819
<maxvariancelimit>4</maxvariancelimit>
1820
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1821
<enforceencoding>0</enforceencoding>
1822
<applypolicyseverity>0</applypolicyseverity>
1823
<attackpoints>Parameter</attackpoints>
1824
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
1825
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1826
<displayname>SQL Injection</displayname>
1827
</attackmodulepolicy>
1828
<attackmodulepolicy>
1829
<enabled>1</enabled>
1830
<moduleid>0496353D92704F2E942BFE1B575D9B7C</moduleid>
1831
<modulepriority>High</modulepriority>
1832
<severity>High</severity>
1833
<maxvulnlimit>25</maxvulnlimit>
1834
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1835
<maxvariancelimit>4</maxvariancelimit>
1836
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1837
<enforceencoding>0</enforceencoding>
1838
<applypolicyseverity>0</applypolicyseverity>
1839
<attackpoints>Parameter</attackpoints>
1840
<parameterlocations>Path|Query|Post</parameterlocations>
1841
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1842
<displayname>SQL Injection Auth Bypass</displayname>
1843
</attackmodulepolicy>
1844
<attackmodulepolicy>
1845
<enabled>1</enabled>
1846
<moduleid>CEB40EE490564D60B4F9B3CE79C009B5</moduleid>
1847
<modulepriority>Medium</modulepriority>
1848
<severity>Medium</severity>
1849
<maxvulnlimit>100</maxvulnlimit>
1850
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1851
<maxvariancelimit>4</maxvariancelimit>
1852
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1853
<enforceencoding>0</enforceencoding>
1854
<applypolicyseverity>0</applypolicyseverity>
1855
<attackpoints>Response Analysis</attackpoints>
1856
<parameterlocations></parameterlocations>
1857
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1858
<displayname>SQL Parameter Check</displayname>
1859
</attackmodulepolicy>
1860
<attackmodulepolicy>
1861
<enabled>1</enabled>
1862
<moduleid>C5805272001249A095A48F2E56240C10</moduleid>
1863
<modulepriority>Medium</modulepriority>
1864
<severity>Informational</severity>
1865
<maxvulnlimit>25</maxvulnlimit>
1866
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1867
<maxvariancelimit>1</maxvariancelimit>
1868
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1869
<enforceencoding>0</enforceencoding>
1870
<applypolicyseverity>0</applypolicyseverity>
1871
<attackpoints>Web Site</attackpoints>
1872
<parameterlocations></parameterlocations>
1873
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1874
<displayname>SSL Strength</displayname>
1875
</attackmodulepolicy>
1876
<attackmodulepolicy>
1877
<enabled>1</enabled>
1878
<moduleid>5D9A66E5961B4644AAF5EC655E18EE66</moduleid>
1879
<modulepriority>Medium</modulepriority>
1880
<severity>Informational</severity>
1881
<maxvulnlimit>50</maxvulnlimit>
1882
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1883
<maxvariancelimit>20</maxvariancelimit>
1884
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1885
<enforceencoding>0</enforceencoding>
1886
<applypolicyseverity>0</applypolicyseverity>
1887
<attackpoints>Web Site</attackpoints>
1888
<parameterlocations></parameterlocations>
1889
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1890
<displayname>Subdomain discovery</displayname>
1891
</attackmodulepolicy>
1892
<attackmodulepolicy>
1893
<enabled>1</enabled>
1894
<moduleid>9A22444AC7C642ABBC598CBCA4738C3B</moduleid>
1895
<modulepriority>High</modulepriority>
1896
<severity>Medium</severity>
1897
<maxvulnlimit>40</maxvulnlimit>
1898
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1899
<maxvariancelimit>4</maxvariancelimit>
1900
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1901
<enforceencoding>0</enforceencoding>
1902
<applypolicyseverity>0</applypolicyseverity>
1903
<attackpoints>Parameter</attackpoints>
1904
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
1905
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1906
<displayname>Unvalidated Redirect</displayname>
1907
</attackmodulepolicy>
1908
<attackmodulepolicy>
1909
<enabled>1</enabled>
1910
<moduleid>B69E83831D26496BB2CC0C0D70181EC3</moduleid>
1911
<modulepriority>High</modulepriority>
1912
<severity>Low</severity>
1913
<maxvulnlimit>40</maxvulnlimit>
1914
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1915
<maxvariancelimit>4</maxvariancelimit>
1916
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1917
<enforceencoding>0</enforceencoding>
1918
<applypolicyseverity>0</applypolicyseverity>
1919
<attackpoints>Response Analysis</attackpoints>
1920
<parameterlocations></parameterlocations>
1921
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1922
<displayname>URL rewriting</displayname>
1923
</attackmodulepolicy>
1924
<attackmodulepolicy>
1925
<enabled>1</enabled>
1926
<moduleid>4DE84100F31849A7B845FE5F62D2FD7A</moduleid>
1927
<modulepriority>Medium</modulepriority>
1928
<severity>Medium</severity>
1929
<maxvulnlimit>25</maxvulnlimit>
1930
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1931
<maxvariancelimit>2</maxvariancelimit>
1932
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1933
<enforceencoding>0</enforceencoding>
1934
<applypolicyseverity>0</applypolicyseverity>
1935
<attackpoints>Response Analysis</attackpoints>
1936
<parameterlocations></parameterlocations>
1937
<requestoriginations>HTML|Form</requestoriginations>
1938
<displayname>ASP.NET ViewState security</displayname>
1939
</attackmodulepolicy>
1940
<attackmodulepolicy>
1941
<enabled>1</enabled>
1942
<moduleid>0BE4C251F44C4CF1924104ADFD86289C</moduleid>
1943
<modulepriority>Low</modulepriority>
1944
<severity>Informational</severity>
1945
<maxvulnlimit>100</maxvulnlimit>
1946
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1947
<maxvariancelimit>4</maxvariancelimit>
1948
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1949
<enforceencoding>0</enforceencoding>
1950
<applypolicyseverity>0</applypolicyseverity>
1951
<attackpoints>Web Resource</attackpoints>
1952
<parameterlocations></parameterlocations>
1953
<requestoriginations>HTML|Form|Flash|Silverlight</requestoriginations>
1954
<displayname>Web Beacon</displayname>
1955
</attackmodulepolicy>
1956
<attackmodulepolicy>
1957
<enabled>1</enabled>
1958
<moduleid>667629EC1FDC4C6D98B5F4031717BB9B</moduleid>
1959
<modulepriority>Medium</modulepriority>
1960
<severity>Low</severity>
1961
<maxvulnlimit>250</maxvulnlimit>
1962
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1963
<maxvariancelimit>4</maxvariancelimit>
1964
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1965
<enforceencoding>0</enforceencoding>
1966
<applypolicyseverity>0</applypolicyseverity>
1967
<attackpoints>Directory</attackpoints>
1968
<parameterlocations></parameterlocations>
1969
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1970
<displayname>Web DAV Flaws Check</displayname>
1971
</attackmodulepolicy>
1972
<attackmodulepolicy>
1973
<enabled>1</enabled>
1974
<moduleid>74FB936F2BBA499F8D0AF3B7A29B4F9E</moduleid>
1975
<modulepriority>High</modulepriority>
1976
<severity>Low</severity>
1977
<maxvulnlimit>30</maxvulnlimit>
1978
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1979
<maxvariancelimit>4</maxvariancelimit>
1980
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1981
<enforceencoding>0</enforceencoding>
1982
<applypolicyseverity>0</applypolicyseverity>
1983
<attackpoints>Web Site</attackpoints>
1984
<parameterlocations></parameterlocations>
1985
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
1986
<displayname>Cross-site tracing (XST)</displayname>
1987
</attackmodulepolicy>
1988
<attackmodulepolicy>
1989
<enabled>1</enabled>
1990
<moduleid>377030BFE58A4F01A112295D32A0744C</moduleid>
1991
<modulepriority>High</modulepriority>
1992
<severity>Medium</severity>
1993
<maxvulnlimit>250</maxvulnlimit>
1994
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1995
<maxvariancelimit>4</maxvariancelimit>
1996
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1997
<enforceencoding>0</enforceencoding>
1998
<applypolicyseverity>0</applypolicyseverity>
1999
<attackpoints>Parameter</attackpoints>
2000
<parameterlocations>Post</parameterlocations>
2001
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2002
<displayname>Web Service Parameter Fuzzing</displayname>
2003
</attackmodulepolicy>
2004
<attackmodulepolicy>
2005
<enabled>1</enabled>
2006
<moduleid>8399FA8EDF5C41BC9D3CF85DC23DC26B</moduleid>
2007
<modulepriority>Low</modulepriority>
2008
<severity>Informational</severity>
2009
<maxvulnlimit>20</maxvulnlimit>
2010
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2011
<maxvariancelimit>2</maxvariancelimit>
2012
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2013
<enforceencoding>0</enforceencoding>
2014
<applypolicyseverity>0</applypolicyseverity>
2015
<attackpoints>Response Analysis</attackpoints>
2016
<parameterlocations></parameterlocations>
2017
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2018
<displayname>X-Content-Type-Options</displayname>
2019
</attackmodulepolicy>
2020
<attackmodulepolicy>
2021
<enabled>1</enabled>
2022
<moduleid>3E2E60F7D0E04D8596918C2D1F639064</moduleid>
2023
<modulepriority>Low</modulepriority>
2024
<severity>Informational</severity>
2025
<maxvulnlimit>50</maxvulnlimit>
2026
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2027
<maxvariancelimit>2</maxvariancelimit>
2028
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2029
<enforceencoding>0</enforceencoding>
2030
<applypolicyseverity>0</applypolicyseverity>
2031
<attackpoints>Response Analysis</attackpoints>
2032
<parameterlocations></parameterlocations>
2033
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2034
<displayname>X-Frame-Options</displayname>
2035
</attackmodulepolicy>
2036
<attackmodulepolicy>
2037
<enabled>1</enabled>
2038
<moduleid>615D72F401BC447AB4A2139654BC9945</moduleid>
2039
<modulepriority>Low</modulepriority>
2040
<severity>Informational</severity>
2041
<maxvulnlimit>25</maxvulnlimit>
2042
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2043
<maxvariancelimit>2</maxvariancelimit>
2044
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2045
<enforceencoding>0</enforceencoding>
2046
<applypolicyseverity>0</applypolicyseverity>
2047
<attackpoints>Response Analysis</attackpoints>
2048
<parameterlocations></parameterlocations>
2049
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2050
<displayname>X-XSS-Protection</displayname>
2051
</attackmodulepolicy>
2052
<attackmodulepolicy>
2053
<enabled>1</enabled>
2054
<moduleid>ABFA075919804435A25A22A8CAC191DF</moduleid>
2055
<modulepriority>High</modulepriority>
2056
<severity>Medium</severity>
2057
<maxvulnlimit>100</maxvulnlimit>
2058
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2059
<maxvariancelimit>4</maxvariancelimit>
2060
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2061
<enforceencoding>0</enforceencoding>
2062
<applypolicyseverity>0</applypolicyseverity>
2063
<attackpoints>Parameter</attackpoints>
2064
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
2065
<requestoriginations>HTML|Form|AJAX</requestoriginations>
2066
<displayname>XML External Entity Attack</displayname>
2067
</attackmodulepolicy>
2068
<attackmodulepolicy>
2069
<enabled>1</enabled>
2070
<moduleid>BBE9F36A88A944ECB837D5193D356E4C</moduleid>
2071
<modulepriority>Medium</modulepriority>
2072
<severity>High</severity>
2073
<maxvulnlimit>100</maxvulnlimit>
2074
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2075
<maxvariancelimit>4</maxvariancelimit>
2076
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2077
<enforceencoding>0</enforceencoding>
2078
<applypolicyseverity>0</applypolicyseverity>
2079
<attackpoints>Parameter</attackpoints>
2080
<parameterlocations>Path|Query|Post</parameterlocations>
2081
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2082
<displayname>XPath Injection</displayname>
2083
</attackmodulepolicy>
2084
<attackmodulepolicy>
2085
<enabled>1</enabled>
2086
<moduleid>6CEF426D33514825B50741616DB2120B</moduleid>
2087
<modulepriority>Low</modulepriority>
2088
<severity>Informational</severity>
2089
<maxvulnlimit>25</maxvulnlimit>
2090
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2091
<maxvariancelimit>2</maxvariancelimit>
2092
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2093
<enforceencoding>0</enforceencoding>
2094
<applypolicyseverity>0</applypolicyseverity>
2095
<attackpoints>Response Analysis</attackpoints>
2096
<parameterlocations></parameterlocations>
2097
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2098
<displayname>X-Powered-By</displayname>
2099
</attackmodulepolicy>
2100
<attackmodulepolicy>
2101
<enabled>1</enabled>
2102
<moduleid>46A8FE469F6C44BFB9946C021A2BCDC8</moduleid>
2103
<modulepriority>High</modulepriority>
2104
<severity>Medium</severity>
2105
<maxvulnlimit>250</maxvulnlimit>
2106
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2107
<maxvariancelimit>4</maxvariancelimit>
2108
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2109
<enforceencoding>0</enforceencoding>
2110
<applypolicyseverity>0</applypolicyseverity>
2111
<attackpoints>Response Analysis</attackpoints>
2112
<parameterlocations></parameterlocations>
2113
<requestoriginations>HTML|Form|AJAX</requestoriginations>
2114
<displayname>Cross-site scripting (XSS), (DOM based)</displayname>
2115
</attackmodulepolicy>
2116
<attackmodulepolicy>
2117
<enabled>1</enabled>
2118
<moduleid>BD57F92E956A493DA39ADDF215B29D96</moduleid>
2119
<modulepriority>High</modulepriority>
2120
<severity>Medium</severity>
2121
<maxvulnlimit>100</maxvulnlimit>
2122
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2123
<maxvariancelimit>4</maxvariancelimit>
2124
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2125
<enforceencoding>0</enforceencoding>
2126
<applypolicyseverity>0</applypolicyseverity>
2127
<attackpoints>Web Resource</attackpoints>
2128
<parameterlocations></parameterlocations>
2129
<requestoriginations>AJAX</requestoriginations>
2130
<displayname>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</displayname>
2131
</attackmodulepolicy>
2132
<attackmodulepolicy>
2133
<enabled>1</enabled>
2134
<moduleid>62AA6A08FA764E209551B4A4C479F08D</moduleid>
2135
<modulepriority>High</modulepriority>
2136
<severity>High</severity>
2137
<maxvulnlimit>100</maxvulnlimit>
2138
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2139
<maxvariancelimit>4</maxvariancelimit>
2140
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2141
<enforceencoding>0</enforceencoding>
2142
<applypolicyseverity>0</applypolicyseverity>
2143
<attackpoints>Response Analysis</attackpoints>
2144
<parameterlocations></parameterlocations>
2145
<requestoriginations>HTML|Form|AJAX</requestoriginations>
2146
<displayname>Persistent Cross-site scripting (XSS) (passive)</displayname>
2147
</attackmodulepolicy>
2148
<attackmodulepolicy>
2149
<enabled>1</enabled>
2150
<moduleid>050ABD8CF99F4EE4AA18C12F06FA3051</moduleid>
2151
<modulepriority>High</modulepriority>
2152
<severity>High</severity>
2153
<maxvulnlimit>250</maxvulnlimit>
2154
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2155
<maxvariancelimit>5</maxvariancelimit>
2156
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2157
<enforceencoding>0</enforceencoding>
2158
<applypolicyseverity>0</applypolicyseverity>
2159
<attackpoints>Parameter</attackpoints>
2160
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer</parameterlocations>
2161
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2162
<displayname>Persistent Cross-site scripting (XSS), (active)</displayname>
2163
</attackmodulepolicy>
2164
<attackmodulepolicy>
2165
<enabled>1</enabled>
2166
<moduleid>ABEB2E590AA24A39BB6FE7DBD6338277</moduleid>
2167
<modulepriority>High</modulepriority>
2168
<severity>Medium</severity>
2169
<maxvulnlimit>400</maxvulnlimit>
2170
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2171
<maxvariancelimit>5</maxvariancelimit>
2172
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2173
<enforceencoding>0</enforceencoding>
2174
<applypolicyseverity>0</applypolicyseverity>
2175
<attackpoints>Parameter</attackpoints>
2176
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer</parameterlocations>
2177
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
2178
<displayname>Reflected Cross-site scripting (XSS)</displayname>
2179
</attackmodulepolicy>
2180
<attackmodulepolicy>
2181
<enabled>1</enabled>
2182
<moduleid>FFBF4640C8A4475E93E099018951B409</moduleid>
2183
<modulepriority>Medium</modulepriority>
2184
<severity>Medium</severity>
2185
<maxvulnlimit>250</maxvulnlimit>
2186
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2187
<maxvariancelimit>4</maxvariancelimit>
2188
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2189
<enforceencoding>0</enforceencoding>
2190
<applypolicyseverity>0</applypolicyseverity>
2191
<attackpoints>Parameter</attackpoints>
2192
<parameterlocations>File|Query|Post</parameterlocations>
2193
<requestoriginations>HTML|Form|AJAX</requestoriginations>
2194
<displayname>Reflected Cross-site scripting (XSS), (simple)</displayname>
2195
</attackmodulepolicy>
2196
<attackmodulepolicy>
2197
<enabled>1</enabled>
2198
<moduleid>31E0A650FB944E689DF46B7A98F35A5F</moduleid>
2199
<modulepriority>Low</modulepriority>
2200
<severity>Low</severity>
2201
<maxvulnlimit>100</maxvulnlimit>
2202
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2203
<maxvariancelimit>4</maxvariancelimit>
2204
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2205
<enforceencoding>0</enforceencoding>
2206
<applypolicyseverity>0</applypolicyseverity>
2207
<attackpoints>Response Analysis</attackpoints>
2208
<parameterlocations></parameterlocations>
2209
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight</requestoriginations>
2210
<displayname>Subresource Integrity</displayname>
2211
</attackmodulepolicy>
2212
<attackmodulepolicy>
2213
<enabled>0</enabled>
2214
<moduleid>0DB5A1594A064363BA729F5E8E50B04B</moduleid>
2215
<modulepriority>High</modulepriority>
2216
<severity>High</severity>
2217
<maxvulnlimit>500</maxvulnlimit>
2218
<maxperwebsitevulnlimit>200</maxperwebsitevulnlimit>
2219
<maxvariancelimit>4</maxvariancelimit>
2220
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2221
<enforceencoding>0</enforceencoding>
2222
<applypolicyseverity>0</applypolicyseverity>
2223
<attackpoints>Parameter</attackpoints>
2224
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
2225
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2226
<displayname>NoSQLi Injection</displayname>
2227
</attackmodulepolicy>
2228
<attackmodulepolicy>
2229
<enabled>0</enabled>
2230
<moduleid>A00A59F53CEF42AA9320B6CF5E78CA26</moduleid>
2231
<modulepriority>High</modulepriority>
2232
<severity>High</severity>
2233
<maxvulnlimit>250</maxvulnlimit>
2234
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
2235
<maxvariancelimit>4</maxvariancelimit>
2236
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2237
<enforceencoding>0</enforceencoding>
2238
<applypolicyseverity>0</applypolicyseverity>
2239
<attackpoints>Parameter</attackpoints>
2240
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
2241
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2242
<displayname>Blind NoSQLi</displayname>
2243
</attackmodulepolicy>
2244
<attackmodulepolicy>
2245
<enabled>0</enabled>
2246
<moduleid>F74CCB3314134B21A3B5D5D78BECEADB</moduleid>
2247
<modulepriority>High</modulepriority>
2248
<severity>High</severity>
2249
<maxvulnlimit>250</maxvulnlimit>
2250
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2251
<maxvariancelimit>4</maxvariancelimit>
2252
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2253
<enforceencoding>0</enforceencoding>
2254
<applypolicyseverity>0</applypolicyseverity>
2255
<attackpoints>Directory|File|Parameter</attackpoints>
2256
<parameterlocations>Query|Post|Cookie</parameterlocations>
2257
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2258
<displayname>Server Side Request Forgery</displayname>
2259
</attackmodulepolicy>
2260
</attackmodulepolicylist>
2261
</attackpolicyconfig>
2262
<scanconfig>
2263
<enabled>0</enabled>
2264
<notexistingfilepath>/aaaaaaaa.aaa</notexistingfilepath>
2265
<notexistingdirpath>/aaaaaaaa/</notexistingdirpath>
2266
<appendtooriginalvalue>1</appendtooriginalvalue>
2267
<replaceoriginalvalue>0</replaceoriginalvalue>
2268
</scanconfig>
2269
<authconfig>
2270
<type>Selenium</type>
2271
<httpauth>0</httpauth>
2272
<oauth>0</oauth>
2273
<reloginaftersessionloss>1</reloginaftersessionloss>
2274
<logoutdetection>1</logoutdetection>
2275
<userassistance>0</userassistance>
2276
<assumesuccessfullogin>0</assumesuccessfullogin>
2277
<verifynotloggedin>1</verifynotloggedin>
2278
<postponeloginaction>1</postponeloginaction>
2279
<createnonauthenticatedsession>0</createnonauthenticatedsession>
2280
<treatfailedreloginaserror>1</treatfailedreloginaserror>
2281
<restartproxybeforerelogin>0</restartproxybeforerelogin>
2282
<templateloginmacro>0</templateloginmacro>
2283
<blacklistsinglepasswordforms>0</blacklistsinglepasswordforms>
2284
<blacklistmultipasswordforms>1</blacklistmultipasswordforms>
2285
<resetcookies>1</resetcookies>
2286
<accounttype>Restricted</accounttype>
2287
<usernameform></usernameform>
2288
<passwordform></passwordform>
2289
<usernamehttp></usernamehttp>
2290
<passwordhttp></passwordhttp>
2291
<autologonsecurity>Medium</autologonsecurity>
2292
<loginlinkregex>((log|sign)[ -]?(in|on))|auth</loginlinkregex>
2293
<loggedinregex>(sign|log)[ -]?(out|off)</loggedinregex>
2294
<loggedinheaderregex></loggedinheaderregex>
2295
<sessionlossregex>please (re)?login|have been logged out|session has expired</sessionlossregex>
2296
<sessionlossheaderregex>Location: [^\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\b</sessionlossheaderregex>
2297
<logoutlinkregex>(sign|log|time)[ -]?(in|on|out|off)|password</logoutlinkregex>
2298
<logoutpostbodyregex>(sign|log|time)[ -]?(in|on|out|off)</logoutpostbodyregex>
2299
<canarypage></canarypage>
2300
<sessionlossoncanarypageregex></sessionlossoncanarypageregex>
2301
<formsubmissionscript></formsubmissionscript>
2302
<sessioncookieregex>\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\b</sessioncookieregex>
2303
<sessioncookielifespan>32</sessioncookielifespan>
2304
<urlsessiontokenregex></urlsessiontokenregex>
2305
<postsessiontokenregex></postsessiontokenregex>
2306
<responsebodytokenregex></responsebodytokenregex>
2307
<secondresponsebodytokenregex></secondresponsebodytokenregex>
2308
<httpheaderwithtokenreplacement></httpheaderwithtokenreplacement>
2309
<secondhttpheaderwithtokenreplacement></secondhttpheaderwithtokenreplacement>
2310
<logoutdetectionfrequency>60</logoutdetectionfrequency>
2311
<discoverymaxlinks>100</discoverymaxlinks>
2312
<loginmaxlinks>50</loginmaxlinks>
2313
<discoverydepth>10</discoverydepth>
2314
<logindepth>10</logindepth>
2315
<maxmacroreloginattempts>3</maxmacroreloginattempts>
2316
<discoveryprioritization>Login Form Discovery</discoveryprioritization>
2317
<loginprioritization>Login</loginprioritization>
2318
<bootstrapdelay>60000</bootstrapdelay>
2319
<seedlink></seedlink>
2320
<discoverloginform>1</discoverloginform>
2321
<usebrowserformlogin>1</usebrowserformlogin>
2322
<pingfrequency>600</pingfrequency>
2323
<pingurl></pingurl>
2324
<hmacconfig>
2325
<hmacheadergeneratordllfilename></hmacheadergeneratordllfilename>
2326
<hmacusername></hmacusername>
2327
<hmacapikey></hmacapikey>
2328
<hmachashalgorithm>32780</hmachashalgorithm>
2329
</hmacconfig>
2330
<hawkconfig>
2331
<hmacheadergeneratordllfilename></hmacheadergeneratordllfilename>
2332
<hmacusername></hmacusername>
2333
<hmacapikey></hmacapikey>
2334
<hmachashalgorithm>32780</hmachashalgorithm>
2335
<hawkauthkeyid></hawkauthkeyid>
2336
<hawkauthkey></hawkauthkey>
2337
<hawkextappdata></hawkextappdata>
2338
</hawkconfig>
2339
<oauthconfig>
2340
<resourceownerurl></resourceownerurl>
2341
<resourceserverurl></resourceserverurl>
2342
<authorizationserverurl>/authorize</authorizationserverurl>
2343
<clientid></clientid>
2344
<clientscope></clientscope>
2345
<clientstate></clientstate>
2346
<clientsecret></clientsecret>
2347
<redirecturi></redirecturi>
2348
<username></username>
2349
<password></password>
2350
<usernameform></usernameform>
2351
<passwordform></passwordform>
2352
<extensiongrant></extensiongrant>
2353
<authorizationgranttype>Null</authorizationgranttype>
2354
<neverdobasicauth>0</neverdobasicauth>
2355
<jsonpostbodies>0</jsonpostbodies>
2356
<azureresponsemode>NullAzureResponseMode</azureresponsemode>
2357
<azureresourceurl></azureresourceurl>
2358
<azureprompt>NullAzurePrompt</azureprompt>
2359
<azureloginhint></azureloginhint>
2360
<azuredomainhint></azuredomainhint>
2361
</oauthconfig>
2362
<adalconfig>
2363
<resourceid>https://graph.windows.net</resourceid>
2364
<tenant></tenant>
2365
<clientid></clientid>
2366
<authorityurl></authorityurl>
2367
<username></username>
2368
<password></password>
2369
<tokenrefreshperiod>0:10:01</tokenrefreshperiod>
2370
</adalconfig>
2371
<macrofile>
2372
<macrofilename><!--[CDATA[]]--></macrofilename>
2373
<javascriptengine>Default</javascriptengine>
2374
<showinbrowser>0</showinbrowser>
2375
<replayspeed>1</replayspeed>
2376
<asapmode>1</asapmode>
2377
<asapmodemindelay>3000</asapmodemindelay>
2378
<extradelayaftermacro>2000</extradelayaftermacro>
2379
<attackassequence>0</attackassequence>
2380
<sequenceconfig>
2381
<resetsession>1</resetsession>
2382
<autosequenceconfig>1</autosequenceconfig>
2383
<manualsequenceconfig>
2384
</manualsequenceconfig>
2385
</sequenceconfig>
2386
<webdriverconfig>
2387
<chromedriverport>1235</chromedriverport>
2388
<chromedebugport>1234</chromedebugport>
2389
</webdriverconfig>
2390
</macrofile>
2391
<webserviceauthconfig>
2392
<enabled>0</enabled>
2393
<authwsdl></authwsdl>
2394
<authwebmethod></authwebmethod>
2395
<getauthtokenxpath></getauthtokenxpath>
2396
<putauthtokenxpath></putauthtokenxpath>
2397
<extractauthtoken>1</extractauthtoken>
2398
</webserviceauthconfig>
2399
<seleniumfile>
2400
<seleniumfilename><!--[CDATA[C:\Users\tperry\Desktop\scripts\firefox.htm]]--></seleniumfilename>
2401
</seleniumfile>
2402
<trafficfile>
2403
<trafficfilename></trafficfilename>
2404
<trafficfilepassword></trafficfilepassword>
2405
<attackassequence>0</attackassequence>
2406
<beginattackrequest>0</beginattackrequest>
2407
<endattackrequest>-1</endattackrequest>
2408
</trafficfile>
2409
<browserformloginconfig>
2410
<showinbrowser>0</showinbrowser>
2411
<initialnavigateeventduration>10000</initialnavigateeventduration>
2412
<finaldelayeventduration>20000</finaldelayeventduration>
2413
</browserformloginconfig>
2414
</authconfig>
2415
<proxyconfig>
2416
<type>Internet Explorer Settings</type>
2417
<httphost></httphost>
2418
<httpport>0</httpport>
2419
<httpshost></httpshost>
2420
<httpsport>0</httpsport>
2421
<pacfile></pacfile>
2422
<username></username>
2423
<password></password>
2424
</proxyconfig>
2425
<remediationconfig>
2426
<dollarsperhourappdev>250</dollarsperhourappdev>
2427
<dollarsperhourserveradmin>250</dollarsperhourserveradmin>
2428
<dollarsperhourdatabaseadmin>250</dollarsperhourdatabaseadmin>
2429
<setuphoursappdev>8</setuphoursappdev>
2430
<setuphoursserveradmin>2</setuphoursserveradmin>
2431
<setuphoursdatabaseadmin>8</setuphoursdatabaseadmin>
2432
<minhoursperissueappdev>0.75</minhoursperissueappdev>
2433
<maxhoursperissueappdev>1.25</maxhoursperissueappdev>
2434
<minhoursperissueserveradmin>0.25</minhoursperissueserveradmin>
2435
<maxhoursperissueserveradmin>1</maxhoursperissueserveradmin>
2436
<minhoursperissuedatabaseadmin>0.75</minhoursperissuedatabaseadmin>
2437
<maxhoursperissuedatabaseadmin>1.25</maxhoursperissuedatabaseadmin>
2438
</remediationconfig>
2439
<sslcertconfig>
2440
<type>NoCert</type>
2441
<file></file>
2442
<password></password>
2443
<index>-3</index>
2444
<name></name>
2445
<serialnumber></serialnumber>
2446
<issuernamebase64></issuernamebase64>
2447
<pin></pin>
2448
<requestpinatstartup>0</requestpinatstartup>
2449
<setpininterval>180</setpininterval>
2450
</sslcertconfig>
2451
<networksettingsconfig>
2452
<closeconnection>0</closeconnection>
2453
<sendkeepaliveheader>0</sendkeepaliveheader>
2454
<preauthenticatebasicauth>0</preauthenticatebasicauth>
2455
<maxretries>2</maxretries>
2456
<maxresponsesize>7000000</maxresponsesize>
2457
<maxjavasciptresponsesize>12000000</maxjavasciptresponsesize>
2458
<resolvetimeout>60000</resolvetimeout>
2459
<connecttimeout>60000</connecttimeout>
2460
<writetimeout>60000</writetimeout>
2461
<readtimeout>60000</readtimeout>
2462
<assumedisconnectedtimeout>18000000</assumedisconnectedtimeout>
2463
<dripdelaymilliseconds>25</dripdelaymilliseconds>
2464
<maxconsecutivefailures>500</maxconsecutivefailures>
2465
<customnetworklib>0</customnetworklib>
2466
<networkpreferredauthscheme>npasDefault</networkpreferredauthscheme>
2467
<usesecureprotocols>0</usesecureprotocols>
2468
<secureprotocols>SSL3|TLS1</secureprotocols>
2469
<raspscandatasinkhost></raspscandatasinkhost>
2470
<raspscankickoffresthost></raspscankickoffresthost>
2471
<raspscankickoffrestendpoint>advise_rasp_of_scan</raspscankickoffrestendpoint>
2472
<rasptimeout>0:03:00</rasptimeout>
2473
</networksettingsconfig>
2474
<performanceconfig>
2475
<maxconcurrentrequests>16</maxconcurrentrequests>
2476
<maxbandwidthkb>1200</maxbandwidthkb>
2477
<maxbrowserlimit>10</maxbrowserlimit>
2478
<maxbrowserreusecount>10</maxbrowserreusecount>
2479
<maxbrowsermemorysize>209715200</maxbrowsermemorysize>
2480
<maxcpuusage>50</maxcpuusage>
2481
<memoryceiling>2800</memoryceiling>
2482
<antidos>0</antidos>
2483
<monitorperformanceusage>1</monitorperformanceusage>
2484
<dumpuserprocessmemoryusage>0</dumpuserprocessmemoryusage>
2485
<singlethreadedscan>0</singlethreadedscan>
2486
<killstrayieinstances>0</killstrayieinstances>
2487
<killstraychromeinstances>0</killstraychromeinstances>
2488
<minfreediskspace>524288000</minfreediskspace>
2489
<maxmemoryusagepercent>70</maxmemoryusagepercent>
2490
<maxthreadcount>400</maxthreadcount>
2491
<maxbrowserprocesslifetime>240000</maxbrowserprocesslifetime>
2492
<mindatabasecompactinterval>900000</mindatabasecompactinterval>
2493
<databasecompactduringscan>0</databasecompactduringscan>
2494
<databasecompactpostscan>0</databasecompactpostscan>
2495
</performanceconfig>
2496
<systemrecommendationsconfig>
2497
<enabled>1</enabled>
2498
<minlogicalprocessors>2</minlogicalprocessors>
2499
<mintotalphysicalmemoryfor64bit>4187593113</mintotalphysicalmemoryfor64bit>
2500
<minavailablephysicalmemoryfor64bit>2147483648</minavailablephysicalmemoryfor64bit>
2501
<mintotalphysicalmemoryfor32bit>2147483648</mintotalphysicalmemoryfor32bit>
2502
<minavailablephysicalmemoryfor32bit>1073741824</minavailablephysicalmemoryfor32bit>
2503
<minfreediskspace>10737418240</minfreediskspace>
2504
</systemrecommendationsconfig>
2505
<httpheadersconfig>
2506
<httpprotocol>HTTP/1.1</httpprotocol>
2507
<accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</accept>
2508
<acceptcharset></acceptcharset>
2509
<acceptencoding>gzip, deflate</acceptencoding>
2510
<acceptlanguage>en-US</acceptlanguage>
2511
<cookie></cookie>
2512
<useragent>Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36</useragent>
2513
<overwritewithdefaultheaders>0</overwritewithdefaultheaders>
2514
<trafficheaderlist>
2515
<trafficheader>
2516
<value>Authorization</value>
2517
</trafficheader>
2518
<trafficheader>
2519
<value>X-XSRF-TOKEN</value>
2520
</trafficheader>
2521
<trafficheader>
2522
<value>X-CSRF-Token</value>
2523
</trafficheader>
2524
</trafficheaderlist>
2525
</httpheadersconfig>
2526
<manualcrawlingconfig>
2527
</manualcrawlingconfig>
2528
<parametertrainingconfig>
2529
<formpopulation>Smart</formpopulation>
2530
<trainingparameterlist>
2531
<trainingparameter>
2532
<patternname>Username</patternname>
2533
<types>text,textarea</types>
2534
<language>en</language>
2535
<match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</match>
2536
<value>%RANDALPHANUM%</value>
2537
<valuematch></valuematch>
2538
<matchcriteria>Regex</matchcriteria>
2539
</trainingparameter>
2540
<trainingparameter>
2541
<patternname>Password</patternname>
2542
<types>password</types>
2543
<language>en</language>
2544
<match>password|passwd|pw|pwd</match>
2545
<value>%RANDALPHANUM%$</value>
2546
<valuematch></valuematch>
2547
<matchcriteria>Regex</matchcriteria>
2548
</trainingparameter>
2549
<trainingparameter>
2550
<patternname>Social Security Number</patternname>
2551
<types>text,textarea,password</types>
2552
<language>en</language>
2553
<match>SSN|social|security</match>
2554
<value>987-65-4320</value>
2555
<valuematch></valuematch>
2556
<matchcriteria>Regex</matchcriteria>
2557
</trainingparameter>
2558
<trainingparameter>
2559
<patternname>Address</patternname>
2560
<types>text,textarea</types>
2561
<language>en</language>
2562
<match>income</match>
2563
<value>100000</value>
2564
<valuematch></valuematch>
2565
<matchcriteria>Regex</matchcriteria>
2566
</trainingparameter>
2567
<trainingparameter>
2568
<patternname>Address</patternname>
2569
<types>text,textarea</types>
2570
<language>en</language>
2571
<match>address|street</match>
2572
<value>600 Fairy Land Drive</value>
2573
<valuematch></valuematch>
2574
<matchcriteria>Regex</matchcriteria>
2575
</trainingparameter>
2576
<trainingparameter>
2577
<patternname>Apartment number</patternname>
2578
<types>text,textarea</types>
2579
<language>en</language>
2580
<match>address|apartment|house</match>
2581
<value>123</value>
2582
<valuematch></valuematch>
2583
<matchcriteria>Regex</matchcriteria>
2584
</trainingparameter>
2585
<trainingparameter>
2586
<patternname>First name</patternname>
2587
<types>text,textarea</types>
2588
<language>en</language>
2589
<match>name</match>
2590
<value>John</value>
2591
<valuematch></valuematch>
2592
<matchcriteria>Regex</matchcriteria>
2593
</trainingparameter>
2594
<trainingparameter>
2595
<patternname>Last name</patternname>
2596
<types>text,textarea</types>
2597
<language>en</language>
2598
<match>last[:space:]*name|surname</match>
2599
<value>Johnson</value>
2600
<valuematch></valuematch>
2601
<matchcriteria>Regex</matchcriteria>
2602
</trainingparameter>
2603
<trainingparameter>
2604
<patternname>Full name</patternname>
2605
<types>text,textarea</types>
2606
<language>en</language>
2607
<match>(your|full)[:space:]+name|name</match>
2608
<value>John Johnson</value>
2609
<valuematch></valuematch>
2610
<matchcriteria>Regex</matchcriteria>
2611
</trainingparameter>
2612
<trainingparameter>
2613
<patternname>User Signature</patternname>
2614
<types>text,textarea</types>
2615
<language>en</language>
2616
<match>signature</match>
2617
<value>John Johnson</value>
2618
<valuematch></valuematch>
2619
<matchcriteria>Regex</matchcriteria>
2620
</trainingparameter>
2621
<trainingparameter>
2622
<patternname>Middle name</patternname>
2623
<types>text,textarea</types>
2624
<language>en</language>
2625
<match>middle[:space:]+name</match>
2626
<value>L</value>
2627
<valuematch></valuematch>
2628
<matchcriteria>Regex</matchcriteria>
2629
</trainingparameter>
2630
<trainingparameter>
2631
<patternname>City</patternname>
2632
<types>text,textarea</types>
2633
<language>en</language>
2634
<match>city|town</match>
2635
<value>Costa Mesa</value>
2636
<valuematch></valuematch>
2637
<matchcriteria>Regex</matchcriteria>
2638
</trainingparameter>
2639
<trainingparameter>
2640
<patternname>County</patternname>
2641
<types>text,textarea</types>
2642
<language>en</language>
2643
<match>county</match>
2644
<value>Orange</value>
2645
<valuematch></valuematch>
2646
<matchcriteria>Regex</matchcriteria>
2647
</trainingparameter>
2648
<trainingparameter>
2649
<patternname>State</patternname>
2650
<types>text,textarea</types>
2651
<language>en</language>
2652
<match>state</match>
2653
<value>CA</value>
2654
<valuematch></valuematch>
2655
<matchcriteria>Regex</matchcriteria>
2656
</trainingparameter>
2657
<trainingparameter>
2658
<patternname>Zip code</patternname>
2659
<types>text,textarea</types>
2660
<language>en</language>
2661
<match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</match>
2662
<value>92626</value>
2663
<valuematch></valuematch>
2664
<matchcriteria>Regex</matchcriteria>
2665
</trainingparameter>
2666
<trainingparameter>
2667
<patternname>Country</patternname>
2668
<types>text,textarea,select</types>
2669
<language>en</language>
2670
<match>united[:space:]*states|country</match>
2671
<value>US</value>
2672
<valuematch>us</valuematch>
2673
<matchcriteria>Regex</matchcriteria>
2674
</trainingparameter>
2675
<trainingparameter>
2676
<patternname>Phone number</patternname>
2677
<types>text,textarea</types>
2678
<language>en</language>
2679
<match>tele[:space:]*phone|fax|phone</match>
2680
<value>123-456-7890</value>
2681
<valuematch></valuematch>
2682
<matchcriteria>Regex</matchcriteria>
2683
</trainingparameter>
2684
<trainingparameter>
2685
<patternname>Phone area code</patternname>
2686
<types>text,textarea</types>
2687
<language>en</language>
2688
<match>area[:space:]+code</match>
2689
<value>123</value>
2690
<valuematch></valuematch>
2691
<matchcriteria>Regex</matchcriteria>
2692
</trainingparameter>
2693
<trainingparameter>
2694
<patternname>Company name</patternname>
2695
<types>text,textarea</types>
2696
<language>en</language>
2697
<match>company|employer|organization</match>
2698
<value>Example</value>
2699
<valuematch></valuematch>
2700
<matchcriteria>Regex</matchcriteria>
2701
</trainingparameter>
2702
<trainingparameter>
2703
<patternname>Email</patternname>
2704
<types>text,textarea</types>
2705
<language>en</language>
2706
<match>e[-_]?mail([-_]?address)?</match>
2707
<value>a%RANDALPHANUM%@example.com</value>
2708
<valuematch></valuematch>
2709
<matchcriteria>Regex</matchcriteria>
2710
</trainingparameter>
2711
<trainingparameter>
2712
<patternname>Birthday</patternname>
2713
<types>text,textarea</types>
2714
<language>en</language>
2715
<match>birth[:space:]day|birth</match>
2716
<value>12/25/1975</value>
2717
<valuematch></valuematch>
2718
<matchcriteria>Regex</matchcriteria>
2719
</trainingparameter>
2720
<trainingparameter>
2721
<patternname>Day</patternname>
2722
<types>text,textarea,select</types>
2723
<language>en</language>
2724
<match>dd|day</match>
2725
<value>25</value>
2726
<valuematch>25</valuematch>
2727
<matchcriteria>Regex</matchcriteria>
2728
</trainingparameter>
2729
<trainingparameter>
2730
<patternname>Month</patternname>
2731
<types>text,textarea,select</types>
2732
<language>en</language>
2733
<match>mm|month</match>
2734
<value>12</value>
2735
<valuematch>12|dec|d</valuematch>
2736
<matchcriteria>Regex</matchcriteria>
2737
</trainingparameter>
2738
<trainingparameter>
2739
<patternname>FutureYear</patternname>
2740
<types>text,textarea,select</types>
2741
<language>en</language>
2742
<match>2015|2016|2017</match>
2743
<value>2016</value>
2744
<valuematch>2015|2016|2017</valuematch>
2745
<matchcriteria>Regex</matchcriteria>
2746
</trainingparameter>
2747
<trainingparameter>
2748
<patternname>BirthYear</patternname>
2749
<types>text,textarea,select</types>
2750
<language>en</language>
2751
<match>yyyy|year|1975|1970|1960|1950</match>
2752
<value></value>
2753
<valuematch>1975|1970|1960|1950</valuematch>
2754
<matchcriteria>Regex</matchcriteria>
2755
</trainingparameter>
2756
<trainingparameter>
2757
<patternname>Past Date mm/dd/yyyy</patternname>
2758
<types>text,textarea</types>
2759
<language>en</language>
2760
<match>(start|from)[-\s_]*date</match>
2761
<value>02/02/2003</value>
2762
<valuematch></valuematch>
2763
<matchcriteria>Regex</matchcriteria>
2764
</trainingparameter>
2765
<trainingparameter>
2766
<patternname>Future Date mm/dd/yy</patternname>
2767
<types>text,textarea</types>
2768
<language>en</language>
2769
<match>mm/dd/yy</match>
2770
<value>02/02/15</value>
2771
<valuematch></valuematch>
2772
<matchcriteria>Regex</matchcriteria>
2773
</trainingparameter>
2774
<trainingparameter>
2775
<patternname>Future Date mm/dd/yyyy</patternname>
2776
<types>text,textarea</types>
2777
<language>en</language>
2778
<match>mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\s_]*date</match>
2779
<value>02/02/2015</value>
2780
<valuematch></valuematch>
2781
<matchcriteria>Regex</matchcriteria>
2782
</trainingparameter>
2783
<trainingparameter>
2784
<patternname>Old password</patternname>
2785
<types>password</types>
2786
<language>en</language>
2787
<match>old[:space:]+password</match>
2788
<value>%RANDALPHANUM%1'</value>
2789
<valuematch></valuematch>
2790
<matchcriteria>Regex</matchcriteria>
2791
</trainingparameter>
2792
<trainingparameter>
2793
<patternname>Accept terms</patternname>
2794
<types>checkbox,radio</types>
2795
<language>en</language>
2796
<match><!--[CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]--></match>
2797
<value></value>
2798
<valuematch>yes|1|on</valuematch>
2799
<matchcriteria>Regex</matchcriteria>
2800
</trainingparameter>
2801
<trainingparameter>
2802
<patternname>Save login</patternname>
2803
<types>checkbox,radio,select</types>
2804
<language>en</language>
2805
<match>save|remember</match>
2806
<value></value>
2807
<valuematch>yes|1|on</valuematch>
2808
<matchcriteria>Regex</matchcriteria>
2809
</trainingparameter>
2810
<trainingparameter>
2811
<patternname>Remove item</patternname>
2812
<types>checkbox,radio</types>
2813
<language>en</language>
2814
<match>remove|delete</match>
2815
<value></value>
2816
<valuematch></valuematch>
2817
<matchcriteria>Regex</matchcriteria>
2818
</trainingparameter>
2819
<trainingparameter>
2820
<patternname>Search</patternname>
2821
<types>text,textarea</types>
2822
<language>en</language>
2823
<match>keyword|search|query</match>
2824
<value>water</value>
2825
<valuematch></valuematch>
2826
<matchcriteria>Regex</matchcriteria>
2827
</trainingparameter>
2828
<trainingparameter>
2829
<patternname>Quantity</patternname>
2830
<types>text,textarea,select</types>
2831
<language>en</language>
2832
<match>quantity|amount|number|qty|num</match>
2833
<value>3</value>
2834
<valuematch></valuematch>
2835
<matchcriteria>Regex</matchcriteria>
2836
</trainingparameter>
2837
<trainingparameter>
2838
<patternname>Number</patternname>
2839
<types>text,textarea</types>
2840
<language>en</language>
2841
<match>number|count|nmr|cnt|rate|decimal|digit</match>
2842
<value>21</value>
2843
<valuematch></valuematch>
2844
<matchcriteria>Regex</matchcriteria>
2845
</trainingparameter>
2846
<trainingparameter>
2847
<patternname>Account Number</patternname>
2848
<types>text,textarea,select,radio,checkbox</types>
2849
<language>en</language>
2850
<match>account</match>
2851
<value>20</value>
2852
<valuematch></valuematch>
2853
<matchcriteria>Regex</matchcriteria>
2854
</trainingparameter>
2855
<trainingparameter>
2856
<patternname>Shipping method</patternname>
2857
<types>select,radio,checkbox</types>
2858
<language>en</language>
2859
<match>shipping|fedex|standard|ups</match>
2860
<value></value>
2861
<valuematch>fedex|standard|ups</valuematch>
2862
<matchcriteria>Regex</matchcriteria>
2863
</trainingparameter>
2864
<trainingparameter>
2865
<patternname>Gift</patternname>
2866
<types>checkbox</types>
2867
<language>en</language>
2868
<match>gift</match>
2869
<value></value>
2870
<valuematch>yes|1|on</valuematch>
2871
<matchcriteria>Regex</matchcriteria>
2872
</trainingparameter>
2873
<trainingparameter>
2874
<patternname>Credit card number</patternname>
2875
<types>text,textarea,password</types>
2876
<language>en</language>
2877
<match>credit[:space:]*card|card[:space:]*number</match>
2878
<value>5105105105105100</value>
2879
<valuematch></valuematch>
2880
<matchcriteria>Regex</matchcriteria>
2881
</trainingparameter>
2882
<trainingparameter>
2883
<patternname>Credit card type</patternname>
2884
<types>select,checkbox,radio</types>
2885
<language>en</language>
2886
<match>master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex</match>
2887
<value></value>
2888
<valuematch></valuematch>
2889
<matchcriteria>Regex</matchcriteria>
2890
</trainingparameter>
2891
<trainingparameter>
2892
<patternname>Credit card security code</patternname>
2893
<types>text,textarea,password</types>
2894
<language>en</language>
2895
<match>security[:space:]*code|verification[:space:]*number</match>
2896
<value>123</value>
2897
<valuematch></valuematch>
2898
<matchcriteria>Regex</matchcriteria>
2899
</trainingparameter>
2900
<trainingparameter>
2901
<patternname>PIN</patternname>
2902
<types>text,textarea,password</types>
2903
<language>en</language>
2904
<match>PIN</match>
2905
<value>1234</value>
2906
<valuematch></valuematch>
2907
<matchcriteria>Regex</matchcriteria>
2908
</trainingparameter>
2909
<trainingparameter>
2910
<patternname>CAPTCHA</patternname>
2911
<types>text,textarea</types>
2912
<language>en</language>
2913
<match>code[:space:]*shown|captcha</match>
2914
<value>%RANDALPHANUM%</value>
2915
<valuematch></valuematch>
2916
<matchcriteria>Regex</matchcriteria>
2917
</trainingparameter>
2918
<trainingparameter>
2919
<patternname>Size</patternname>
2920
<types>select</types>
2921
<language>en</language>
2922
<match>size|xxl</match>
2923
<value></value>
2924
<valuematch>(\b(m|s|42)\b</valuematch>
2925
<matchcriteria>Regex</matchcriteria>
2926
</trainingparameter>
2927
<trainingparameter>
2928
<patternname>Color</patternname>
2929
<types>select</types>
2930
<language>en</language>
2931
<match>\b(color|red|black)\b</match>
2932
<value>Blue</value>
2933
<valuematch>\b(blue|red|black)\b</valuematch>
2934
<matchcriteria>Regex</matchcriteria>
2935
</trainingparameter>
2936
<trainingparameter>
2937
<patternname>Price</patternname>
2938
<types>text,textare</types>
2939
<language>en</language>
2940
<match>price</match>
2941
<value>20</value>
2942
<valuematch></valuematch>
2943
<matchcriteria>Regex</matchcriteria>
2944
</trainingparameter>
2945
<trainingparameter>
2946
<patternname>Attention</patternname>
2947
<types>text,textare</types>
2948
<language>en</language>
2949
<match>attention</match>
2950
<value>John</value>
2951
<valuematch></valuematch>
2952
<matchcriteria>Regex</matchcriteria>
2953
</trainingparameter>
2954
<trainingparameter>
2955
<patternname>Gender</patternname>
2956
<types>select,radio</types>
2957
<language>en</language>
2958
<match>gender|male|female</match>
2959
<value>male</value>
2960
<valuematch>\b(male|m|f)\b</valuematch>
2961
<matchcriteria>Regex</matchcriteria>
2962
</trainingparameter>
2963
<trainingparameter>
2964
<patternname>Legal age</patternname>
2965
<types>checkbox,radio</types>
2966
<language>en</language>
2967
<match>legal|\d\d[:space:]*years[:space:]*old</match>
2968
<value>yes</value>
2969
<valuematch>\b(on|1|yes)\b</valuematch>
2970
<matchcriteria>Regex</matchcriteria>
2971
</trainingparameter>
2972
<trainingparameter>
2973
<patternname>Coupon code</patternname>
2974
<types>text,textarea</types>
2975
<language>en</language>
2976
<match>promotion|coupon</match>
2977
<value>%RANDALPHANUM%</value>
2978
<valuematch></valuematch>
2979
<matchcriteria>Regex</matchcriteria>
2980
</trainingparameter>
2981
<trainingparameter>
2982
<patternname>Send message</patternname>
2983
<types>text,textarea</types>
2984
<language>en</language>
2985
<match>message|comment|complain|enquiry|review</match>
2986
<value>comment</value>
2987
<valuematch></valuematch>
2988
<matchcriteria>Regex</matchcriteria>
2989
</trainingparameter>
2990
<trainingparameter>
2991
<patternname>Existing user</patternname>
2992
<types>checkbox,radio</types>
2993
<language>en</language>
2994
<match>returning|existing|customer</match>
2995
<value></value>
2996
<valuematch>\b(on|1|yes)\b</valuematch>
2997
<matchcriteria>Regex</matchcriteria>
2998
</trainingparameter>
2999
<trainingparameter>
3000
<patternname>Age</patternname>
3001
<types>text,textarea</types>
3002
<language>en</language>
3003
<match>age|under|over</match>
3004
<value>40</value>
3005
<valuematch></valuematch>
3006
<matchcriteria>Regex</matchcriteria>
3007
</trainingparameter>
3008
<trainingparameter>
3009
<patternname>Passphrase Hint</patternname>
3010
<types>text,textarea</types>
3011
<language>en</language>
3012
<match>What make|pet's name|your father|high school|friend</match>
3013
<value>What make was your first car?</value>
3014
<valuematch></valuematch>
3015
<matchcriteria>Regex</matchcriteria>
3016
</trainingparameter>
3017
<trainingparameter>
3018
<patternname>Passphrase Hint Answer</patternname>
3019
<types>text,textarea</types>
3020
<language>en</language>
3021
<match>Answer</match>
3022
<value>Ford</value>
3023
<valuematch></valuematch>
3024
<matchcriteria>Regex</matchcriteria>
3025
</trainingparameter>
3026
<trainingparameter>
3027
<patternname>Doctor name</patternname>
3028
<types>text,textarea</types>
3029
<language>en</language>
3030
<match>doctor</match>
3031
<value>John Johnson</value>
3032
<valuematch></valuematch>
3033
<matchcriteria>Regex</matchcriteria>
3034
</trainingparameter>
3035
<trainingparameter>
3036
<patternname>Website</patternname>
3037
<types>text,textarea</types>
3038
<language>en</language>
3039
<match>website</match>
3040
<value>www.example.com</value>
3041
<valuematch></valuematch>
3042
<matchcriteria>Regex</matchcriteria>
3043
</trainingparameter>
3044
<trainingparameter>
3045
<patternname>Address</patternname>
3046
<types>text,textarea</types>
3047
<language>de</language>
3048
<match>adresse|strasse</match>
3049
<value>600 Fairy Land Drive</value>
3050
<valuematch></valuematch>
3051
<matchcriteria>Regex</matchcriteria>
3052
</trainingparameter>
3053
<trainingparameter>
3054
<patternname>Apartment number</patternname>
3055
<types>text,textarea</types>
3056
<language>de</language>
3057
<match>adresse|wohnung|haus</match>
3058
<value>123</value>
3059
<valuematch></valuematch>
3060
<matchcriteria>Regex</matchcriteria>
3061
</trainingparameter>
3062
<trainingparameter>
3063
<patternname>First name</patternname>
3064
<types>text,textarea</types>
3065
<language>de</language>
3066
<match>name</match>
3067
<value>John</value>
3068
<valuematch></valuematch>
3069
<matchcriteria>Regex</matchcriteria>
3070
</trainingparameter>
3071
<trainingparameter>
3072
<patternname>Last name</patternname>
3073
<types>text,textarea</types>
3074
<language>de</language>
3075
<match>vorname|name</match>
3076
<value>Johnson</value>
3077
<valuematch></valuematch>
3078
<matchcriteria>Regex</matchcriteria>
3079
</trainingparameter>
3080
<trainingparameter>
3081
<patternname>Full name</patternname>
3082
<types>text,textarea</types>
3083
<language>de</language>
3084
<match>ihren namen|name</match>
3085
<value>John Johnson</value>
3086
<valuematch></valuematch>
3087
<matchcriteria>Regex</matchcriteria>
3088
</trainingparameter>
3089
<trainingparameter>
3090
<patternname>User Signature</patternname>
3091
<types>text,textarea</types>
3092
<language>de</language>
3093
<match>unterschrift</match>
3094
<value>John Johnson</value>
3095
<valuematch></valuematch>
3096
<matchcriteria>Regex</matchcriteria>
3097
</trainingparameter>
3098
<trainingparameter>
3099
<patternname>City</patternname>
3100
<types>text,textarea</types>
3101
<language>de</language>
3102
<match>stadt|stadt</match>
3103
<value>Berlin</value>
3104
<valuematch></valuematch>
3105
<matchcriteria>Regex</matchcriteria>
3106
</trainingparameter>
3107
<trainingparameter>
3108
<patternname>Regierungsbezirke</patternname>
3109
<types>text,textarea</types>
3110
<language>de</language>
3111
<match>regierungsbezirke</match>
3112
<value>Berlin</value>
3113
<valuematch></valuematch>
3114
<matchcriteria>Regex</matchcriteria>
3115
</trainingparameter>
3116
<trainingparameter>
3117
<patternname>Zip code</patternname>
3118
<types>text,textarea</types>
3119
<language>de</language>
3120
<match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</match>
3121
<value>10115</value>
3122
<valuematch></valuematch>
3123
<matchcriteria>Regex</matchcriteria>
3124
</trainingparameter>
3125
<trainingparameter>
3126
<patternname>Country</patternname>
3127
<types>text,textarea</types>
3128
<language>de</language>
3129
<match>\b(deutschland|land)\b</match>
3130
<value>DE</value>
3131
<valuematch>\bDE\b</valuematch>
3132
<matchcriteria>Regex</matchcriteria>
3133
</trainingparameter>
3134
<trainingparameter>
3135
<patternname>Phone number</patternname>
3136
<types>text,textarea</types>
3137
<language>de</language>
3138
<match>telefon|telefon|fax</match>
3139
<value>(1234) 567890</value>
3140
<valuematch></valuematch>
3141
<matchcriteria>Regex</matchcriteria>
3142
</trainingparameter>
3143
<trainingparameter>
3144
<patternname>Phone area code</patternname>
3145
<types>text,textarea</types>
3146
<language>de</language>
3147
<match>vorwahl</match>
3148
<value>123</value>
3149
<valuematch></valuematch>
3150
<matchcriteria>Regex</matchcriteria>
3151
</trainingparameter>
3152
<trainingparameter>
3153
<patternname>Company name</patternname>
3154
<types>text,textarea</types>
3155
<language>de</language>
3156
<match>unternehmen|arbeitgeber|organisation</match>
3157
<value>Example</value>
3158
<valuematch></valuematch>
3159
<matchcriteria>Regex</matchcriteria>
3160
</trainingparameter>
3161
<trainingparameter>
3162
<patternname>Email</patternname>
3163
<types>text,textarea</types>
3164
<language>de</language>
3165
<match>E[-_]Mailadresse|email|E[-_]Mail</match>
3166
<value>a%RANDALPHANUM%@example.com</value>
3167
<valuematch></valuematch>
3168
<matchcriteria>Regex</matchcriteria>
3169
</trainingparameter>
3170
<trainingparameter>
3171
<patternname>Birthday</patternname>
3172
<types>text,textarea</types>
3173
<language>de</language>
3174
<match>geburtstag|geburt</match>
3175
<value>12/25/1975</value>
3176
<valuematch></valuematch>
3177
<matchcriteria>Regex</matchcriteria>
3178
</trainingparameter>
3179
<trainingparameter>
3180
<patternname>Day</patternname>
3181
<types>text,textarea</types>
3182
<language>de</language>
3183
<match>tag</match>
3184
<value>25</value>
3185
<valuematch></valuematch>
3186
<matchcriteria>Regex</matchcriteria>
3187
</trainingparameter>
3188
<trainingparameter>
3189
<patternname>Month</patternname>
3190
<types>text,textarea</types>
3191
<language>de</language>
3192
<match>monat</match>
3193
<value>12</value>
3194
<valuematch></valuematch>
3195
<matchcriteria>Regex</matchcriteria>
3196
</trainingparameter>
3197
<trainingparameter>
3198
<patternname>Year</patternname>
3199
<types>text,textarea</types>
3200
<language>de</language>
3201
<match>Jahr</match>
3202
<value>2007</value>
3203
<valuematch></valuematch>
3204
<matchcriteria>Regex</matchcriteria>
3205
</trainingparameter>
3206
<trainingparameter>
3207
<patternname>BirthYear</patternname>
3208
<types>text,textarea</types>
3209
<language>de</language>
3210
<match>Jahr|1975|1970|1960|1950</match>
3211
<value>1975</value>
3212
<valuematch></valuematch>
3213
<matchcriteria>Regex</matchcriteria>
3214
</trainingparameter>
3215
<trainingparameter>
3216
<patternname>Past Date mm/dd/yy</patternname>
3217
<types>text,textarea</types>
3218
<language>de</language>
3219
<match>Datum|d.m.yyyy|dd.mm.yyyy</match>
3220
<value>02.02.03</value>
3221
<valuematch></valuematch>
3222
<matchcriteria>Regex</matchcriteria>
3223
</trainingparameter>
3224
<trainingparameter>
3225
<patternname>Past Date mm/dd/yyyy</patternname>
3226
<types>text,textarea</types>
3227
<language>de</language>
3228
<match>Datum|mm/dd/yyyy</match>
3229
<value>02/02/2003</value>
3230
<valuematch></valuematch>
3231
<matchcriteria>Regex</matchcriteria>
3232
</trainingparameter>
3233
<trainingparameter>
3234
<patternname>Future Date mm/dd/yy</patternname>
3235
<types>text,textarea</types>
3236
<language>de</language>
3237
<match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==</match>
3238
<value>02/02/11</value>
3239
<valuematch></valuematch>
3240
<matchcriteria>Regex</matchcriteria>
3241
</trainingparameter>
3242
<trainingparameter>
3243
<patternname>Future Date mm/dd/yyyy</patternname>
3244
<types>text,textarea</types>
3245
<language>de</language>
3246
<match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5</match>
3247
<value>02/02/2011</value>
3248
<valuematch></valuematch>
3249
<matchcriteria>Regex</matchcriteria>
3250
</trainingparameter>
3251
<trainingparameter>
3252
<patternname>Username</patternname>
3253
<types>text,textarea</types>
3254
<language>de</language>
3255
<match>Benutzername|Mitgliedsnamen|Benutzer</match>
3256
<value>%RANDALPHANUM%</value>
3257
<valuematch></valuematch>
3258
<matchcriteria>Regex</matchcriteria>
3259
</trainingparameter>
3260
<trainingparameter>
3261
<patternname>Password</patternname>
3262
<types>password</types>
3263
<language>de</language>
3264
<match>password|passwort|passwd</match>
3265
<value>%RANDALPHANUM%1'</value>
3266
<valuematch></valuematch>
3267
<matchcriteria>Regex</matchcriteria>
3268
</trainingparameter>
3269
<trainingparameter>
3270
<patternname>Old password</patternname>
3271
<types>password</types>
3272
<language>de</language>
3273
<match>alte[:space:]passwort</match>
3274
<value>%RANDALPHANUM%1'</value>
3275
<valuematch></valuematch>
3276
<matchcriteria>Regex</matchcriteria>
3277
</trainingparameter>
3278
<trainingparameter>
3279
<patternname>Accept terms</patternname>
3280
<types>checkbox,radio</types>
3281
<language>de</language>
3282
<match>Ich habe gelesen und akzeptiere|Ich habe gelesen und akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</match>
3283
<value></value>
3284
<valuematch></valuematch>
3285
<matchcriteria>Regex</matchcriteria>
3286
</trainingparameter>
3287
<trainingparameter>
3288
<patternname>Remove item</patternname>
3289
<types>checkbox,radio</types>
3290
<language>de</language>
3291
<match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</match>
3292
<value><