Scan Config XML Breakout

Below is a sample of an XML config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.
ScanConfig is the top-level structure in the Scan Configuration File and contains all elements of the config to be submitted. For Example:
Name sets the name for the config
AppVersion identifies which version of AppSpider the config was written for (defaults to the current major version of the Scan Engine)
Log is a binary field to tell the engine to enable or disable logging (defaults to "1")
- 1 - Enables Logging
- 2 - Disables Logging
A full breakout of all XML elements contained in a scan config can be found at Scan Configuration Parameters
Caution

All elements must be submitted for the XML to be considered a "well-formed" request. Failure to include any element will result in the request being dropped
XML File example

xml
1
<ScanConfig>
2
    <Name>webscantest</Name>
3
    <AppVersion>7.0</AppVersion>
4
    <Log>1</Log>
5
    <DetailedLogging>0</DetailedLogging>
6
    <IncludeTraffic>0</IncludeTraffic>
7
    <WindowsErrors>0</WindowsErrors>
8
    <UseSystemDsn>0</UseSystemDsn>
9
    <Recrawl>0</Recrawl>
10
    <PauseOnRecoverableError>1</PauseOnRecoverableError>
11
    <DisplayImminentLicenseExpiryMessage>1</DisplayImminentLicenseExpiryMessage>
12
    <ExecuteCommandLineURL></ExecuteCommandLineURL>
13
    <NotifyScanDoneURL></NotifyScanDoneURL>
14
    <JavaScriptEngine>Chrome</JavaScriptEngine>
15
    <MaxDatabaseSize>1073741824</MaxDatabaseSize>
16
    <MaxTrafficFiles>0</MaxTrafficFiles>
17
    <CrawlConfig>
18
        <MaxDomain>100</MaxDomain>
19
        <MaxCrawlResults>5000</MaxCrawlResults>
20
        <MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
21
        <MaxPerDirCrawlResults>400</MaxPerDirCrawlResults>
22
        <MaxPerLinkCrawlResults>40</MaxPerLinkCrawlResults>
23
        <MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
24
        <MaxPerDirChildNodes>300</MaxPerDirChildNodes>
25
        <MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
26
        <MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
27
        <MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
28
        <MaxPerQueryCrawlResults>100</MaxPerQueryCrawlResults>
29
        <RecursionDepth>2</RecursionDepth>
30
        <MaxDirDepth>15</MaxDirDepth>
31
        <DiscoveryDepth>-1</DiscoveryDepth>
32
        <UrlRepetitionTolerance>15</UrlRepetitionTolerance>
33
        <SequenceRepetitionTolerance>3</SequenceRepetitionTolerance>
34
        <MaxReportedImages>500</MaxReportedImages>
35
        <MaxReportedLinks>2500</MaxReportedLinks>
36
        <MaxReportedComments>500</MaxReportedComments>
37
        <MaxReportedScripts>500</MaxReportedScripts>
38
        <MaxReportedEmails>500</MaxReportedEmails>
39
        <MaxReportedForms>500</MaxReportedForms>
40
        <MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
41
        <MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
42
        <MaxBrowserDOMDepth>2</MaxBrowserDOMDepth>
43
        <MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
44
        <MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
45
        <MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
46
        <MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
47
        <NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
48
        <MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
49
        <MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>
50
        <MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>
51
        <CrawlPrioritization>Smart</CrawlPrioritization>
52
        <FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File
53
            (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
54
        <ServerErrorRegex></ServerErrorRegex>
55
        <InvalidURLRegexAttack>
56
            <![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]>
57
        </InvalidURLRegexAttack>
58
        <InvalidURLRegexCrawl>
59
            <![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]>
60
        </InvalidURLRegexCrawl>
61
        <PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>
62
        <LockCookies>0</LockCookies>
63
        <CaseSensitivity>Case Sensitive</CaseSensitivity>
64
        <UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
65
        <SaveReferences>0</SaveReferences>
66
        <UseBrowser>1</UseBrowser>
67
        <ShowBrowser>0</ShowBrowser>
68
        <StayOnPort>0</StayOnPort>
69
        <RestrictToMacro>0</RestrictToMacro>
70
        <RestrictToManualCrawling>0</RestrictToManualCrawling>
71
        <RestrictToSeedList>0</RestrictToSeedList>
72
        <RestrictToWebService>0</RestrictToWebService>
73
        <RestrictToSelenium>0</RestrictToSelenium>
74
        <RestrictToSwagger>0</RestrictToSwagger>
75
        <RestrictToAgentRoutes>0</RestrictToAgentRoutes>
76
        <ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
77
        <PageEqualThreshhold>0.95</PageEqualThreshhold>
78
        <PageSimilarThreshhold>0.8</PageSimilarThreshhold>
79
        <ExperimentalCrawling>Disabled</ExperimentalCrawling>
80
        <Flash>1</Flash>
81
        <EnableAdvancedParsers>1</EnableAdvancedParsers>
82
        <SearchForUrls>1</SearchForUrls>
83
        <CookieCommaSeparator>1</CookieCommaSeparator>
84
        <MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
85
        <BlacklistContactForms>0</BlacklistContactForms>
86
        <EnableRobotstxtSitemapCrawling>0</EnableRobotstxtSitemapCrawling>
87
        <LogDomContents>0</LogDomContents>
88
        <UseBrowserResponseCaching>1</UseBrowserResponseCaching>
89
        <FrameworksCrawlConfig>
90
            <EnableFrameworksCrawling>1</EnableFrameworksCrawling>
91
            <FrameworkConfigList>
92
                <FrameworkConfig>
93
                    <Name>ReactJS</Name>
94
                    <DefaultConfigVersion>2</DefaultConfigVersion>
95
                    <Enabled>1</Enabled>
96
                    <HEAD>1</HEAD>
97
                    <DetectionRegex>createReactRootIndex</DetectionRegex>
98
                    <HealthcheckString>react</HealthcheckString>
99
                    <FileName>fm.react.min.js</FileName>
100
                    <GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>
101
                    <GetAllEventsDelay>0</GetAllEventsDelay>
102
                    <GetVersionStringScript></GetVersionStringScript>
103
                </FrameworkConfig>
104
                <FrameworkConfig>
105
                    <Name>AngularJS</Name>
106
                    <DefaultConfigVersion>1</DefaultConfigVersion>
107
                    <Enabled>1</Enabled>
108
                    <HEAD>0</HEAD>
109
                    <DetectionRegex>ng-controller</DetectionRegex>
110
                    <HealthcheckString>angular</HealthcheckString>
111
                    <FileName>angular-hook-bundle.min.js</FileName>
112
                    <GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>
113
                    <GetAllEventsDelay>0</GetAllEventsDelay>
114
                    <GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>
115
                </FrameworkConfig>
116
                <FrameworkConfig>
117
                    <Name>KnockoutJS</Name>
118
                    <DefaultConfigVersion>1</DefaultConfigVersion>
119
                    <Enabled>1</Enabled>
120
                    <HEAD>0</HEAD>
121
                    <DetectionRegex>data-bind</DetectionRegex>
122
                    <HealthcheckString>ko</HealthcheckString>
123
                    <FileName>ko-hook-bundle.min.js</FileName>
124
                    <GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>
125
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
126
                    <GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>
127
                </FrameworkConfig>
128
                <FrameworkConfig>
129
                    <Name>AngularLib</Name>
130
                    <DefaultConfigVersion>2</DefaultConfigVersion>
131
                    <Enabled>1</Enabled>
132

133
                    <HEAD>0</HEAD>
134
                    <DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>
135
                    <HealthcheckString></HealthcheckString>
136
                    <FileName>angular-4-hook-bundle.min.js</FileName>
137
                    <GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>
138
                    <GetAllEventsDelay>6000</GetAllEventsDelay>
139
                    <GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>
140
                </FrameworkConfig>
141
                <FrameworkConfig>
142
                    <Name>ReactLib</Name>
143
                    <DefaultConfigVersion>1</DefaultConfigVersion>
144
                    <Enabled>1</Enabled>
145
                    <HEAD>0</HEAD>
146
                    <DetectionRegex>react-text</DetectionRegex>
147
                    <HealthcheckString></HealthcheckString>
148
                    <FileName>react-hook-bundle.min.js</FileName>
149
                    <GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>
150
                    <GetAllEventsDelay>8000</GetAllEventsDelay>
151
                    <GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
152
                </FrameworkConfig>
153
                <FrameworkConfig>
154
                    <Name>ReactTwo</Name>
155
                    <DefaultConfigVersion>1</DefaultConfigVersion>
156
                    <Enabled>1</Enabled>
157
                    <HEAD>0</HEAD>
158
                    <DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>
159
                    <HealthcheckString></HealthcheckString>
160
                    <FileName>react-hook-bundle.min.js</FileName>
161
                    <GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>
162
                    <GetAllEventsDelay>8000</GetAllEventsDelay>
163
                    <GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
164
                </FrameworkConfig>
165
                <FrameworkConfig>
166
                    <Name>OpenUI5</Name>
167
                    <DefaultConfigVersion>1</DefaultConfigVersion>
168
                    <Enabled>1</Enabled>
169
                    <HEAD>0</HEAD>
170
                    <DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>
171
                    <HealthcheckString></HealthcheckString>
172
                    <FileName>sap-open-ui5-hook-bundle.min.js</FileName>
173
                    <GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>
174
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
175
                    <GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>
176
                </FrameworkConfig>
177
                <FrameworkConfig>
178
                    <Name>Vue</Name>
179
                    <DefaultConfigVersion>1</DefaultConfigVersion>
180
                    <Enabled>1</Enabled>
181
                    <HEAD>0</HEAD>
182
                    <DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>
183
                    <HealthcheckString></HealthcheckString>
184
                    <FileName>vue-hook-bundle.min.js</FileName>
185
                    <GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>
186
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
187
                    <GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>
188
                </FrameworkConfig>
189
                <FrameworkConfig>
190
                    <Name>Ember</Name>
191
                    <DefaultConfigVersion>1</DefaultConfigVersion>
192
                    <Enabled>1</Enabled>
193
                    <HEAD>0</HEAD>
194
                    <DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>
195
                    <HealthcheckString></HealthcheckString>
196
                    <FileName>ember-hook-bundle.min.js</FileName>
197
                    <GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>
198
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
199
                    <GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>
200
                </FrameworkConfig>
201
                <FrameworkConfig>
202
                    <Name>Backbone</Name>
203
                    <DefaultConfigVersion>1</DefaultConfigVersion>
204
                    <Enabled>1</Enabled>
205
                    <HEAD>0</HEAD>
206
                    <DetectionRegex>(?-i)Backbone</DetectionRegex>
207
                    <HealthcheckString></HealthcheckString>
208
                    <FileName>backbone-hook-bundle.min.js</FileName>
209
                    <GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>
210
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
211
                    <GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>
212
                </FrameworkConfig>
213
            </FrameworkConfigList>
214
        </FrameworksCrawlConfig>
215
        <SeedUrlList>
216
            <SeedUrl>
217
                <Value>http://www.webscantest.com/</Value>
218
            </SeedUrl>
219
        </SeedUrlList>
220
        <ScopeConstraintList>
221
            <ScopeConstraint>
222
                <URL>http://www.webscantest.com/*</URL>
223
                <Method>All</Method>
224
                <MatchCriteria>Wildcard</MatchCriteria>
225
                <Exclusion>Include</Exclusion>
226
            </ScopeConstraint>
227
            <ScopeConstraint>
228
                <URL>http://*.www.webscantest.com/*</URL>
229
                <Method>All</Method>
230
                <MatchCriteria>Wildcard</MatchCriteria>
231
                <Exclusion>Include</Exclusion>
232
            </ScopeConstraint>
233
        </ScopeConstraintList>
234
        <BlackListExtensionList>
235
            <BlackListExtension>
236
                <Value>css</Value>
237
            </BlackListExtension>
238
            <BlackListExtension>
239
                <Value>axd</Value>
240
            </BlackListExtension>
241
        </BlackListExtensionList>
242
        <GrayListExtensionList>
243
            <GrayListExtension>
244
                <Value>pdf</Value>
245
            </GrayListExtension>
246
            <GrayListExtension>
247
                <Value>doc</Value>
248
            </GrayListExtension>
249
            <GrayListExtension>
250
                <Value>jpg</Value>
251
            </GrayListExtension>
252
            <GrayListExtension>
253
                <Value>jpeg</Value>
254
            </GrayListExtension>
255
            <GrayListExtension>
256
                <Value>gif</Value>
257
            </GrayListExtension>
258
            <GrayListExtension>
259
                <Value>png</Value>
260
            </GrayListExtension>
261
            <GrayListExtension>
262
                <Value>bmp</Value>
263
            </GrayListExtension>
264
            <GrayListExtension>
265
                <Value>ico</Value>
266
            </GrayListExtension>
267
            <GrayListExtension>
268
                <Value>js</Value>
269
            </GrayListExtension>
270
            <GrayListExtension>
271
                <Value>tiff</Value>
272
            </GrayListExtension>
273
            <GrayListExtension>
274
                <Value>eot</Value>
275
            </GrayListExtension>
276
            <GrayListExtension>
277
                <Value>ttf</Value>
278
            </GrayListExtension>
279
            <GrayListExtension>
280
                <Value>mid</Value>
281
            </GrayListExtension>
282
            <GrayListExtension>
283
                <Value>midi</Value>
284
            </GrayListExtension>
285
            <GrayListExtension>
286
                <Value>mp3</Value>
287
            </GrayListExtension>
288
            <GrayListExtension>
289
                <Value>mpeg</Value>
290
            </GrayListExtension>
291
            <GrayListExtension>
292
                <Value>wav</Value>
293
            </GrayListExtension>
294
            <GrayListExtension>
295
                <Value>avi</Value>
296
            </GrayListExtension>
297
            <GrayListExtension>
298
                <Value>woff</Value>
299
            </GrayListExtension>
300
            <GrayListExtension>
301
                <Value>svg</Value>
302
            </GrayListExtension>
303
        </GrayListExtensionList>
304
        <BinaryExtensionList>
305
            <BinaryExtension>
306
                <Value>fla</Value>
307
            </BinaryExtension>
308
            <BinaryExtension>
309
                <Value>swf</Value>
310
            </BinaryExtension>
311
            <BinaryExtension>
312
                <Value>pdf</Value>
313
            </BinaryExtension>
314
            <BinaryExtension>
315
                <Value>doc</Value>
316
            </BinaryExtension>
317
            <BinaryExtension>
318
                <Value>jpg</Value>
319
            </BinaryExtension>
320
            <BinaryExtension>
321
                <Value>jpeg</Value>
322
            </BinaryExtension>
323
            <BinaryExtension>
324
                <Value>gif</Value>
325
            </BinaryExtension>
326
            <BinaryExtension>
327
                <Value>png</Value>
328
            </BinaryExtension>
329
            <BinaryExtension>
330
                <Value>bmp</Value>
331
            </BinaryExtension>
332
            <BinaryExtension>
333
                <Value>ico</Value>
334
            </BinaryExtension>
335
            <BinaryExtension>
336
                <Value>dll</Value>
337
            </BinaryExtension>
338
            <BinaryExtension>
339
                <Value>exe</Value>
340
            </BinaryExtension>
341
            <BinaryExtension>
342
                <Value>eot</Value>
343
            </BinaryExtension>
344
            <BinaryExtension>
345
                <Value>ttf</Value>
346
            </BinaryExtension>
347
            <BinaryExtension>
348
                <Value>mp3</Value>
349
            </BinaryExtension>
350
            <BinaryExtension>
351
                <Value>mp4</Value>
352
            </BinaryExtension>
353
            <BinaryExtension>
354
                <Value>wav</Value>
355
            </BinaryExtension>
356
            <BinaryExtension>
357
                <Value>woff</Value>
358
            </BinaryExtension>
359
            <BinaryExtension>
360
                <Value>svg</Value>
361
            </BinaryExtension>
362
        </BinaryExtensionList>
363
        <TextExtensionList>
364
            <TextExtension>
365
                <Value>txt</Value>
366
            </TextExtension>
367
            <TextExtension>
368
                <Value>js</Value>
369
            </TextExtension>
370
            <TextExtension>
371
                <Value>css</Value>
372
            </TextExtension>
373
            <TextExtension>
374
                <Value>json</Value>
375
            </TextExtension>
376
        </TextExtensionList>
377
        <BinaryContentTypeList>
378
            <BinaryContentType>
379
                <Value>audio/*</Value>
380
            </BinaryContentType>
381
            <BinaryContentType>
382
                <Value>image/*</Value>
383
            </BinaryContentType>
384
            <BinaryContentType>
385
                <Value>video/*</Value>
386
            </BinaryContentType>
387
            <BinaryContentType>
388
                <Value>application/pdf</Value>
389
            </BinaryContentType>
390
            <BinaryContentType>
391
                <Value>application/zip</Value>
392
            </BinaryContentType>
393
            <BinaryContentType>
394
                <Value>application/x-rar-compressed</Value>
395
            </BinaryContentType>
396
            <BinaryContentType>
397
                <Value>application/x-dvi</Value>
398
            </BinaryContentType>
399
            <BinaryContentType>
400
                <Value>application/x-shockwave-flash</Value>
401
            </BinaryContentType>
402
            <BinaryContentType>
403
                <Value>application/msword</Value>
404
            </BinaryContentType>
405
            <BinaryContentType>
406
                <Value>application/ogg</Value>
407
            </BinaryContentType>
408
            <BinaryContentType>
409
                <Value>application/x-tar</Value>
410
            </BinaryContentType>
411
            <BinaryContentType>
412
                <Value>application/octet-stream</Value>
413
            </BinaryContentType>
414
        </BinaryContentTypeList>
415
        <HTMLContentTypeList>
416
            <HTMLContentType>
417
                <Value>text/html</Value>
418
            </HTMLContentType>
419
            <HTMLContentType>
420
                <Value>html/*</Value>
421
            </HTMLContentType>
422
            <HTMLContentType>
423
                <Value>application/xhtml+xml</Value>
424
            </HTMLContentType>
425
        </HTMLContentTypeList>
426
        <TextContentTypeList>
427
            <TextContentType>
428
                <Value>text/plain</Value>
429
            </TextContentType>
430
            <TextContentType>
431
                <Value>text/csv</Value>
432
            </TextContentType>
433
            <TextContentType>
434
                <Value>text/css</Value>
435
            </TextContentType>
436
            <TextContentType>
437
                <Value>text/javascript</Value>
438
            </TextContentType>
439
            <TextContentType>
440
                <Value>application/javascript</Value>
441
            </TextContentType>
442
            <TextContentType>
443
                <Value>application/x-javascript</Value>
444
            </TextContentType>
445
            <TextContentType>
446
                <Value>application/json</Value>
447
            </TextContentType>
448
            <TextContentType>
449
                <Value>application/x-httpd-php-source</Value>
450
            </TextContentType>
451
        </TextContentTypeList>
452
        <XMLContentTypeList>
453
            <XMLContentType>
454
                <Value>application/xml-dtd</Value>
455
            </XMLContentType>
456
            <XMLContentType>
457
                <Value>text/xml</Value>
458
            </XMLContentType>
459
            <XMLContentType>
460
                <Value>application/soap+xml</Value>
461
            </XMLContentType>
462
            <XMLContentType>
463
                <Value>application/xml</Value>
464
            </XMLContentType>
465
        </XMLContentTypeList>
466
        <BrowserDownloadWhitelistList>
467
            <BrowserDownloadWhitelist>
468
                <Value>*.css</Value>
469
            </BrowserDownloadWhitelist>
470
            <BrowserDownloadWhitelist>
471
                <Value>*.js</Value>
472
            </BrowserDownloadWhitelist>
473
            <BrowserDownloadWhitelist>
474
                <Value>*.xml</Value>
475
            </BrowserDownloadWhitelist>
476
            <BrowserDownloadWhitelist>
477
                <Value>*.dtd</Value>
478
            </BrowserDownloadWhitelist>
479
            <BrowserDownloadWhitelist>
480
                <Value>*.axd</Value>
481
            </BrowserDownloadWhitelist>
482
            <BrowserDownloadWhitelist>
483
                <Value>*.json</Value>
484
            </BrowserDownloadWhitelist>
485
            <BrowserDownloadWhitelist>
486
                <Value>*/js/*</Value>
487
            </BrowserDownloadWhitelist>
488
            <BrowserDownloadWhitelist>
489
                <Value>*/css/*</Value>
490
            </BrowserDownloadWhitelist>
491
        </BrowserDownloadWhitelistList>
492
        <BrowserDoNotDownloadExtensionList>
493
            <BrowserDoNotDownloadExtension>
494
                <Value>pdf</Value>
495
            </BrowserDoNotDownloadExtension>
496
            <BrowserDoNotDownloadExtension>
497
                <Value>doc</Value>
498
            </BrowserDoNotDownloadExtension>
499
            <BrowserDoNotDownloadExtension>
500
                <Value>jpg</Value>
501
            </BrowserDoNotDownloadExtension>
502
            <BrowserDoNotDownloadExtension>
503
                <Value>jpeg</Value>
504
            </BrowserDoNotDownloadExtension>
505
            <BrowserDoNotDownloadExtension>
506
                <Value>gif</Value>
507
            </BrowserDoNotDownloadExtension>
508
            <BrowserDoNotDownloadExtension>
509
                <Value>png</Value>
510
            </BrowserDoNotDownloadExtension>
511
            <BrowserDoNotDownloadExtension>
512
                <Value>bmp</Value>
513
            </BrowserDoNotDownloadExtension>
514
            <BrowserDoNotDownloadExtension>
515
                <Value>ico</Value>
516
            </BrowserDoNotDownloadExtension>
517
            <BrowserDoNotDownloadExtension>
518
                <Value>exe</Value>
519
            </BrowserDoNotDownloadExtension>
520
            <BrowserDoNotDownloadExtension>
521
                <Value>swf</Value>
522
            </BrowserDoNotDownloadExtension>
523
            <BrowserDoNotDownloadExtension>
524
                <Value>mp3</Value>
525
            </BrowserDoNotDownloadExtension>
526
            <BrowserDoNotDownloadExtension>
527
                <Value>mp4</Value>
528
            </BrowserDoNotDownloadExtension>
529
            <BrowserDoNotDownloadExtension>
530
                <Value>wav</Value>
531
            </BrowserDoNotDownloadExtension>
532
            <BrowserDoNotDownloadExtension>
533
                <Value>eot</Value>
534
            </BrowserDoNotDownloadExtension>
535
            <BrowserDoNotDownloadExtension>
536
                <Value>ttf</Value>
537
            </BrowserDoNotDownloadExtension>
538
            <BrowserDoNotDownloadExtension>
539
                <Value>woff</Value>
540
            </BrowserDoNotDownloadExtension>
541
            <BrowserDoNotDownloadExtension>
542
                <Value>ico</Value>
543
            </BrowserDoNotDownloadExtension>
544
            <BrowserDoNotDownloadExtension>
545
                <Value>svg</Value>
546
            </BrowserDoNotDownloadExtension>
547
        </BrowserDoNotDownloadExtensionList>
548
        <BrowserDoNotDownloadContentTypeList>
549
            <BrowserDoNotDownloadContentType>
550
                <Value>audio/*</Value>
551
            </BrowserDoNotDownloadContentType>
552
            <BrowserDoNotDownloadContentType>
553
                <Value>image/*</Value>
554
            </BrowserDoNotDownloadContentType>
555
            <BrowserDoNotDownloadContentType>
556
                <Value>video/*</Value>
557
            </BrowserDoNotDownloadContentType>
558
            <BrowserDoNotDownloadContentType>
559
                <Value>application/pdf</Value>
560
            </BrowserDoNotDownloadContentType>
561
            <BrowserDoNotDownloadContentType>
562
                <Value>application/zip</Value>
563
            </BrowserDoNotDownloadContentType>
564
            <BrowserDoNotDownloadContentType>
565
                <Value>application/x-rar-compressed</Value>
566
            </BrowserDoNotDownloadContentType>
567
            <BrowserDoNotDownloadContentType>
568
                <Value>application/x-dvi</Value>
569
            </BrowserDoNotDownloadContentType>
570
            <BrowserDoNotDownloadContentType>
571
                <Value>application/x-shockwave-flash</Value>
572
            </BrowserDoNotDownloadContentType>
573
            <BrowserDoNotDownloadContentType>
574
                <Value>application/msword</Value>
575
            </BrowserDoNotDownloadContentType>
576
            <BrowserDoNotDownloadContentType>
577
                <Value>application/ogg</Value>
578
            </BrowserDoNotDownloadContentType>
579
            <BrowserDoNotDownloadContentType>
580
                <Value>application/x-tar</Value>
581
            </BrowserDoNotDownloadContentType>
582
            <BrowserDoNotDownloadContentType>
583
                <Value>application/octet-stream</Value>
584
            </BrowserDoNotDownloadContentType>
585
        </BrowserDoNotDownloadContentTypeList>
586
    </CrawlConfig>
587
    <AttackerConfig>
588
        <ParametersToAttackBeforeLimitingAttacks>100</ParametersToAttackBeforeLimitingAttacks>
589
        <LinksToAttackBeforeLimitingAttacks>20</LinksToAttackBeforeLimitingAttacks>
590
        <MaxSameNameParameterAttackPoints>10</MaxSameNameParameterAttackPoints>
591
        <MaxSameCookieParameterAttackPoints>5</MaxSameCookieParameterAttackPoints>
592
        <MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
593
        <MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
594
        <MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
595
        <ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
596
        <ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
597
        <MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>
598
        <MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>
599
        <ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>
600
        <OutOfBandHost></OutOfBandHost>
601
        <MaxSeverityForTrafficReduction>Low</MaxSeverityForTrafficReduction>
602
        <MinResponseSizeForTrafficReduction>204800</MinResponseSizeForTrafficReduction>
603
        <DefaultDoNotAttackParamList>
604
            <DefaultDoNotAttackParam>
605
                <ParameterName>
606
                    ^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$
607
                </ParameterName>
608
                <MatchCriteria>Regex</MatchCriteria>
609
            </DefaultDoNotAttackParam>
610
        </DefaultDoNotAttackParamList>
611
    </AttackerConfig>
612
    <AttackPolicyConfig>
613
        <Policy>All Modules</Policy>
614
        <AttackPrioritization>Smart</AttackPrioritization>
615
        <AttackDepth>Smart</AttackDepth>
616
        <EnableAdvancedAttacks>0</EnableAdvancedAttacks>
617
        <FalsePositiveRegex></FalsePositiveRegex>
618
        <FalsePositiveFindingRegex></FalsePositiveFindingRegex>
619
        <RootCauseIdExcludeList></RootCauseIdExcludeList>
620
        <AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
621
        <EnforceEncoding>0</EnforceEncoding>
622
        <AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
623
        <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
624
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
625
        <AttackModulePolicyList>
626
            <AttackModulePolicy>
627
                <Enabled>1</Enabled>
628
                <ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>
629
                <ModulePriority>High</ModulePriority>
630
                <Severity>Informational</Severity>
631
                <MaxVulnLimit>10</MaxVulnLimit>
632
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
633
                <MaxVarianceLimit>2</MaxVarianceLimit>
634
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
635
                <EnforceEncoding>0</EnforceEncoding>
636
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
637
                <AttackPoints>Web Site</AttackPoints>
638
                <ParameterLocations></ParameterLocations>
639
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
640
                <DisplayName>Anonymous Access</DisplayName>
641
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
642
            </AttackModulePolicy>
643
            <AttackModulePolicy>
644
                <Enabled>1</Enabled>
645
                <ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
646
                <ModulePriority>High</ModulePriority>
647
                <Severity>High</Severity>
648
                <MaxVulnLimit>100</MaxVulnLimit>
649
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
650
                <MaxVarianceLimit>3</MaxVarianceLimit>
651
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
652
                <EnforceEncoding>0</EnforceEncoding>
653
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
654
                <AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
655
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
656
                </ParameterLocations>
657
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
658
                <DisplayName>Apache Struts 2 Framework Checks</DisplayName>
659
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
660
            </AttackModulePolicy>
661
            <AttackModulePolicy>
662
                <Enabled>1</Enabled>
663
                <ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
664
                <ModulePriority>High</ModulePriority>
665
                <Severity>Informational</Severity>
666
                <MaxVulnLimit>100</MaxVulnLimit>
667
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
668
                <MaxVarianceLimit>3</MaxVarianceLimit>
669
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
670
                <EnforceEncoding>0</EnforceEncoding>
671
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
672
                <AttackPoints>Response Analysis</AttackPoints>
673
                <ParameterLocations></ParameterLocations>
674
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
675
                <DisplayName>Apache Struts Detection</DisplayName>
676
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
677
            </AttackModulePolicy>
678
            <AttackModulePolicy>
679
                <Enabled>1</Enabled>
680
                <ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
681
                <ModulePriority>High</ModulePriority>
682
                <Severity>High</Severity>
683
                <MaxVulnLimit>100</MaxVulnLimit>
684
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
685
                <MaxVarianceLimit>4</MaxVarianceLimit>
686
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
687
                <EnforceEncoding>0</EnforceEncoding>
688
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
689
                <AttackPoints>Parameter</AttackPoints>
690
                <ParameterLocations>Post</ParameterLocations>
691
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
692
                <DisplayName>Arbitrary File Upload</DisplayName>
693
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
694
            </AttackModulePolicy>
695
            <AttackModulePolicy>
696
                <Enabled>1</Enabled>
697
                <ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
698
                <ModulePriority>Medium</ModulePriority>
699
                <Severity>Low</Severity>
700
                <MaxVulnLimit>25</MaxVulnLimit>
701
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
702
                <MaxVarianceLimit>2</MaxVarianceLimit>
703
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
704
                <EnforceEncoding>0</EnforceEncoding>
705
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
706
                <AttackPoints>Directory</AttackPoints>
707
                <ParameterLocations></ParameterLocations>
708
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
709
                <DisplayName>ASP.NET Misconfiguration</DisplayName>
710
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
711
            </AttackModulePolicy>
712
            <AttackModulePolicy>
713
                <Enabled>1</Enabled>
714
                <ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>
715
                <ModulePriority>Medium</ModulePriority>
716
                <Severity>High</Severity>
717
                <MaxVulnLimit>25</MaxVulnLimit>
718
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
719
                <MaxVarianceLimit>4</MaxVarianceLimit>
720
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
721
                <EnforceEncoding>0</EnforceEncoding>
722
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
723
                <AttackPoints>Parameter</AttackPoints>
724
                <ParameterLocations>Post|Cookie</ParameterLocations>
725
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
726
                <DisplayName>ASP.NET Serialization</DisplayName>
727
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
728
            </AttackModulePolicy>
729
            <AttackModulePolicy>
730
                <Enabled>1</Enabled>
731
                <ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
732
                <ModulePriority>Medium</ModulePriority>
733
                <Severity>Low</Severity>
734
                <MaxVulnLimit>200</MaxVulnLimit>
735
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
736
                <MaxVarianceLimit>2</MaxVarianceLimit>
737
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
738
                <EnforceEncoding>0</EnforceEncoding>
739
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
740
                <AttackPoints>Response Analysis</AttackPoints>
741
                <ParameterLocations></ParameterLocations>
742
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
743
                <DisplayName>Autocomplete attribute</DisplayName>
744
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
745
            </AttackModulePolicy>
746
            <AttackModulePolicy>
747
                <Enabled>1</Enabled>
748
                <ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>
749
                <ModulePriority>High</ModulePriority>
750
                <Severity>High</Severity>
751
                <MaxVulnLimit>75</MaxVulnLimit>
752
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
753
                <MaxVarianceLimit>4</MaxVarianceLimit>
754
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
755
                <EnforceEncoding>0</EnforceEncoding>
756
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
757
                <AttackPoints>Parameter</AttackPoints>
758
                <ParameterLocations>Query|Post</ParameterLocations>
759
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
760
                <DisplayName>Blind LDAP Injection</DisplayName>
761
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
762
            </AttackModulePolicy>
763
            <AttackModulePolicy>
764
                <Enabled>1</Enabled>
765
                <ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
766
                <ModulePriority>Medium</ModulePriority>
767
                <Severity>Informational</Severity>
768
                <MaxVulnLimit>100</MaxVulnLimit>
769
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
770
                <MaxVarianceLimit>1</MaxVarianceLimit>
771
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
772
                <EnforceEncoding>0</EnforceEncoding>
773
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
774
                <AttackPoints>Response Analysis</AttackPoints>
775
                <ParameterLocations></ParameterLocations>
776
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
777
                <DisplayName>Browser Cache directive (web application performance)</DisplayName>
778
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
779
            </AttackModulePolicy>
780
            <AttackModulePolicy>
781
                <Enabled>1</Enabled>
782
                <ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
783
                <ModulePriority>Medium</ModulePriority>
784
                <Severity>Low</Severity>
785
                <MaxVulnLimit>150</MaxVulnLimit>
786
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
787
                <MaxVarianceLimit>4</MaxVarianceLimit>
788
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
789
                <EnforceEncoding>0</EnforceEncoding>
790
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
791
                <AttackPoints>Response Analysis</AttackPoints>
792
                <ParameterLocations></ParameterLocations>
793
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
794
                <DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>
795
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
796
            </AttackModulePolicy>
797
            <AttackModulePolicy>
798
                <Enabled>1</Enabled>
799
                <ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
800
                <ModulePriority>High</ModulePriority>
801
                <Severity>High</Severity>
802
                <MaxVulnLimit>5</MaxVulnLimit>
803
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
804
                <MaxVarianceLimit>2</MaxVarianceLimit>
805
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
806
                <EnforceEncoding>0</EnforceEncoding>
807
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
808
                <AttackPoints>Web Resource</AttackPoints>
809
                <ParameterLocations></ParameterLocations>
810
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
811
                <DisplayName>Brute Force (HTTP Auth)</DisplayName>
812
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
813
            </AttackModulePolicy>
814
            <AttackModulePolicy>
815
                <Enabled>1</Enabled>
816
                <ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
817
                <ModulePriority>High</ModulePriority>
818
                <Severity>High</Severity>
819
                <MaxVulnLimit>5</MaxVulnLimit>
820
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
821
                <MaxVarianceLimit>2</MaxVarianceLimit>
822
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
823
                <EnforceEncoding>0</EnforceEncoding>
824
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
825
                <AttackPoints>Parameter</AttackPoints>
826
                <ParameterLocations>Query|Post</ParameterLocations>
827
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
828
                <DisplayName>Brute Force (Form Auth)</DisplayName>
829
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
830
            </AttackModulePolicy>
831
            <AttackModulePolicy>
832
                <Enabled>1</Enabled>
833
                <ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
834
                <ModulePriority>High</ModulePriority>
835
                <Severity>High</Severity>
836
                <MaxVulnLimit>250</MaxVulnLimit>
837
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
838
                <MaxVarianceLimit>4</MaxVarianceLimit>
839
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
840
                <EnforceEncoding>0</EnforceEncoding>
841
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
842
                <AttackPoints>Parameter</AttackPoints>
843
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
844
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
845
                <DisplayName>Blind SQL</DisplayName>
846
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
847
            </AttackModulePolicy>
848
            <AttackModulePolicy>
849
                <Enabled>1</Enabled>
850
                <ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
851
                <ModulePriority>Low</ModulePriority>
852
                <Severity>Low</Severity>
853
                <MaxVulnLimit>100</MaxVulnLimit>
854
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
855
                <MaxVarianceLimit>4</MaxVarianceLimit>
856
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
857
                <EnforceEncoding>0</EnforceEncoding>
858
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
859
                <AttackPoints>Directory</AttackPoints>
860
                <ParameterLocations></ParameterLocations>
861
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
862
                <DisplayName>Clients Cross-Domain Policy Files</DisplayName>
863
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
864
            </AttackModulePolicy>
865
            <AttackModulePolicy>
866
                <Enabled>1</Enabled>
867
                <ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
868
                <ModulePriority>Low</ModulePriority>
869
                <Severity>Informational</Severity>
870
                <MaxVulnLimit>100</MaxVulnLimit>
871
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
872
                <MaxVarianceLimit>4</MaxVarianceLimit>
873
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
874
                <EnforceEncoding>0</EnforceEncoding>
875
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
876
                <AttackPoints>Response Analysis</AttackPoints>
877
                <ParameterLocations></ParameterLocations>
878
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
879
                <DisplayName>Information Disclosure in comments</DisplayName>
880
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
881
            </AttackModulePolicy>
882
            <AttackModulePolicy>
883
                <Enabled>1</Enabled>
884
                <ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
885
                <ModulePriority>Medium</ModulePriority>
886
                <Severity>Low</Severity>
887
                <MaxVulnLimit>50</MaxVulnLimit>
888
                <MaxPerWebSiteVulnLimit>20</MaxPerWebSiteVulnLimit>
889
                <MaxVarianceLimit>10</MaxVarianceLimit>
890
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
891
                <EnforceEncoding>0</EnforceEncoding>
892
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
893
                <AttackPoints>Response Analysis</AttackPoints>
894
                <ParameterLocations></ParameterLocations>
895
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
896
                <DisplayName>Cookie attributes</DisplayName>
897
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
898
            </AttackModulePolicy>
899
            <AttackModulePolicy>
900
                <Enabled>1</Enabled>
901
                <ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
902
                <ModulePriority>Low</ModulePriority>
903
                <Severity>Low</Severity>
904
                <MaxVulnLimit>100</MaxVulnLimit>
905
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
906
                <MaxVarianceLimit>5</MaxVarianceLimit>
907
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
908
                <EnforceEncoding>0</EnforceEncoding>
909
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
910
                <AttackPoints>Web Resource|Response Analysis</AttackPoints>
911
                <ParameterLocations></ParameterLocations>
912
                <RequestOriginations>AJAX</RequestOriginations>
913
                <DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>
914
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
915
            </AttackModulePolicy>
916
            <AttackModulePolicy>
917
                <Enabled>1</Enabled>
918
                <ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
919
                <ModulePriority>Low</ModulePriority>
920
                <Severity>Medium</Severity>
921
                <MaxVulnLimit>25</MaxVulnLimit>
922
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
923
                <MaxVarianceLimit>2</MaxVarianceLimit>
924
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
925
                <EnforceEncoding>0</EnforceEncoding>
926
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
927
                <AttackPoints>Response Analysis</AttackPoints>
928
                <ParameterLocations></ParameterLocations>
929
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
930
                <DisplayName>Credentials over an insecure channel</DisplayName>
931
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
932
            </AttackModulePolicy>
933
            <AttackModulePolicy>
934
                <Enabled>1</Enabled>
935
                <ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>
936
                <ModulePriority>Medium</ModulePriority>
937
                <Severity>Informational</Severity>
938
                <MaxVulnLimit>100</MaxVulnLimit>
939
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
940
                <MaxVarianceLimit>4</MaxVarianceLimit>
941
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
942
                <EnforceEncoding>0</EnforceEncoding>
943
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
944
                <AttackPoints>Response Analysis</AttackPoints>
945
                <ParameterLocations></ParameterLocations>
946
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
947
                <DisplayName>Content Security Policy Header</DisplayName>
948
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
949
            </AttackModulePolicy>
950
            <AttackModulePolicy>
951
                <Enabled>1</Enabled>
952
                <ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
953
                <ModulePriority>Low</ModulePriority>
954
                <Severity>Low</Severity>
955
                <MaxVulnLimit>250</MaxVulnLimit>
956
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
957
                <MaxVarianceLimit>2</MaxVarianceLimit>
958
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
959
                <EnforceEncoding>0</EnforceEncoding>
960
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
961
                <AttackPoints>Web Resource</AttackPoints>
962
                <ParameterLocations></ParameterLocations>
963
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
964
                <DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>
965
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
966
            </AttackModulePolicy>
967
            <AttackModulePolicy>
968
                <Enabled>0</Enabled>
969
                <ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
970
                <ModulePriority>Medium</ModulePriority>
971
                <Severity>Informational</Severity>
972
                <MaxVulnLimit>20</MaxVulnLimit>
973
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
974
                <MaxVarianceLimit>1</MaxVarianceLimit>
975
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
976
                <EnforceEncoding>0</EnforceEncoding>
977
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
978
                <AttackPoints>Directory</AttackPoints>
979
                <ParameterLocations></ParameterLocations>
980
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
981
                <DisplayName>Custom Directory Module</DisplayName>
982
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
983
            </AttackModulePolicy>
984
            <AttackModulePolicy>
985
                <Enabled>0</Enabled>
986
                <ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
987
                <ModulePriority>Medium</ModulePriority>
988
                <Severity>Informational</Severity>
989
                <MaxVulnLimit>20</MaxVulnLimit>
990
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
991
                <MaxVarianceLimit>1</MaxVarianceLimit>
992
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
993
                <EnforceEncoding>0</EnforceEncoding>
994
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
995
                <AttackPoints>Parameter</AttackPoints>
996
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
997
                </ParameterLocations>
998
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
999
                <DisplayName>Custom Parameter Module</DisplayName>
1000
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1001
            </AttackModulePolicy>
1002
            <AttackModulePolicy>
1003
                <Enabled>0</Enabled>
1004
                <ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
1005
                <ModulePriority>Medium</ModulePriority>
1006
                <Severity>Informational</Severity>
1007
                <MaxVulnLimit>20</MaxVulnLimit>
1008
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1009
                <MaxVarianceLimit>1</MaxVarianceLimit>
1010
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1011
                <EnforceEncoding>0</EnforceEncoding>
1012
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1013
                <AttackPoints>Response Analysis</AttackPoints>
1014
                <ParameterLocations></ParameterLocations>
1015
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1016
                <DisplayName>Custom Passive Module</DisplayName>
1017
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1018
            </AttackModulePolicy>
1019
            <AttackModulePolicy>
1020
                <Enabled>1</Enabled>
1021
                <ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
1022
                <ModulePriority>Medium</ModulePriority>
1023
                <Severity>Low</Severity>
1024
                <MaxVulnLimit>250</MaxVulnLimit>
1025
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1026
                <MaxVarianceLimit>1</MaxVarianceLimit>
1027
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1028
                <EnforceEncoding>0</EnforceEncoding>
1029
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1030
                <AttackPoints>Directory</AttackPoints>
1031
                <ParameterLocations></ParameterLocations>
1032
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1033
                <DisplayName>Directory Indexing</DisplayName>
1034
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1035
            </AttackModulePolicy>
1036
            <AttackModulePolicy>
1037
                <Enabled>1</Enabled>
1038
                <ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
1039
                <ModulePriority>Low</ModulePriority>
1040
                <Severity>Informational</Severity>
1041
                <MaxVulnLimit>150</MaxVulnLimit>
1042
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1043
                <MaxVarianceLimit>4</MaxVarianceLimit>
1044
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1045
                <EnforceEncoding>0</EnforceEncoding>
1046
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1047
                <AttackPoints>Response Analysis</AttackPoints>
1048
                <ParameterLocations></ParameterLocations>
1049
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1050
                <DisplayName>Email Disclosure</DisplayName>
1051
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1052
            </AttackModulePolicy>
1053
            <AttackModulePolicy>
1054
                <Enabled>1</Enabled>
1055
                <ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
1056
                <ModulePriority>High</ModulePriority>
1057
                <Severity>High</Severity>
1058
                <MaxVulnLimit>100</MaxVulnLimit>
1059
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1060
                <MaxVarianceLimit>4</MaxVarianceLimit>
1061
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1062
                <EnforceEncoding>0</EnforceEncoding>
1063
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1064
                <AttackPoints>Parameter</AttackPoints>
1065
                <ParameterLocations>Path|Query|Post</ParameterLocations>
1066
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1067
                <DisplayName>Expression Language Injection</DisplayName>
1068
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1069
            </AttackModulePolicy>
1070
            <AttackModulePolicy>
1071
                <Enabled>1</Enabled>
1072
                <ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
1073
                <ModulePriority>Low</ModulePriority>
1074
                <Severity>Low</Severity>
1075
                <MaxVulnLimit>100</MaxVulnLimit>
1076
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1077
                <MaxVarianceLimit>2</MaxVarianceLimit>
1078
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1079
                <EnforceEncoding>0</EnforceEncoding>
1080
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1081
                <AttackPoints>Parameter</AttackPoints>
1082
                <ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
1083
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1084
                <DisplayName>Forced Browsing</DisplayName>
1085
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1086
            </AttackModulePolicy>
1087
            <AttackModulePolicy>
1088
                <Enabled>1</Enabled>
1089
                <ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
1090
                <ModulePriority>Medium</ModulePriority>
1091
                <Severity>Low</Severity>
1092
                <MaxVulnLimit>200</MaxVulnLimit>
1093
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1094
                <MaxVarianceLimit>2</MaxVarianceLimit>
1095
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1096
                <EnforceEncoding>0</EnforceEncoding>
1097
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1098
                <AttackPoints>Response Analysis</AttackPoints>
1099
                <ParameterLocations></ParameterLocations>
1100
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1101
                <DisplayName>Sensitive Data Exposure</DisplayName>
1102
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1103
            </AttackModulePolicy>
1104
            <AttackModulePolicy>
1105
                <Enabled>1</Enabled>
1106
                <ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
1107
                <ModulePriority>High</ModulePriority>
1108
                <Severity>Low</Severity>
1109
                <MaxVulnLimit>5</MaxVulnLimit>
1110
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1111
                <MaxVarianceLimit>4</MaxVarianceLimit>
1112
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1113
                <EnforceEncoding>0</EnforceEncoding>
1114
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1115
                <AttackPoints>Web Resource</AttackPoints>
1116
                <ParameterLocations></ParameterLocations>
1117
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1118
                <DisplayName>Form Session Strength</DisplayName>
1119
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1120
            </AttackModulePolicy>
1121
            <AttackModulePolicy>
1122
                <Enabled>1</Enabled>
1123
                <ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
1124
                <ModulePriority>High</ModulePriority>
1125
                <Severity>High</Severity>
1126
                <MaxVulnLimit>25</MaxVulnLimit>
1127
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1128
                <MaxVarianceLimit>50</MaxVarianceLimit>
1129
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1130
                <EnforceEncoding>0</EnforceEncoding>
1131
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1132
                <AttackPoints>Web Site</AttackPoints>
1133
                <ParameterLocations></ParameterLocations>
1134
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1135
                <DisplayName>FrontPage Checks</DisplayName>
1136
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1137
            </AttackModulePolicy>
1138
            <AttackModulePolicy>
1139
                <Enabled>1</Enabled>
1140
                <ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
1141
                <ModulePriority>High</ModulePriority>
1142
                <Severity>High</Severity>
1143
                <MaxVulnLimit>25</MaxVulnLimit>
1144
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1145
                <MaxVarianceLimit>1</MaxVarianceLimit>
1146
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1147
                <EnforceEncoding>0</EnforceEncoding>
1148
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1149
                <AttackPoints>Web Site</AttackPoints>
1150
                <ParameterLocations></ParameterLocations>
1151
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1152
                <DisplayName>Heartbleed Check</DisplayName>
1153
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1154
            </AttackModulePolicy>
1155
            <AttackModulePolicy>
1156
                <Enabled>1</Enabled>
1157
                <ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
1158
                <ModulePriority>Low</ModulePriority>
1159
                <Severity>Informational</Severity>
1160
                <MaxVulnLimit>20</MaxVulnLimit>
1161
                <MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1162
                <MaxVarianceLimit>1</MaxVarianceLimit>
1163
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1164
                <EnforceEncoding>0</EnforceEncoding>
1165
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1166
                <AttackPoints>Response Analysis</AttackPoints>
1167
                <ParameterLocations></ParameterLocations>
1168
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1169
                <DisplayName>HTTP Strict Transport Security</DisplayName>
1170
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1171
            </AttackModulePolicy>
1172
            <AttackModulePolicy>
1173
                <Enabled>1</Enabled>
1174
                <ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
1175
                <ModulePriority>Low</ModulePriority>
1176
                <Severity>Low</Severity>
1177
                <MaxVulnLimit>20</MaxVulnLimit>
1178
                <MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
1179
                <MaxVarianceLimit>4</MaxVarianceLimit>
1180
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1181
                <EnforceEncoding>0</EnforceEncoding>
1182
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1183
                <AttackPoints>Response Analysis</AttackPoints>
1184
                <ParameterLocations></ParameterLocations>
1185
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1186
                <DisplayName>HTTP Authentication over insecure channel</DisplayName>
1187
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1188
            </AttackModulePolicy>
1189
            <AttackModulePolicy>
1190
                <Enabled>1</Enabled>
1191
                <ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
1192
                <ModulePriority>Low</ModulePriority>
1193
                <Severity>Low</Severity>
1194
                <MaxVulnLimit>200</MaxVulnLimit>
1195
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1196
                <MaxVarianceLimit>1</MaxVarianceLimit>
1197
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1198
                <EnforceEncoding>0</EnforceEncoding>
1199
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1200
                <AttackPoints>Web Resource</AttackPoints>
1201
                <ParameterLocations></ParameterLocations>
1202
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1203
                <DisplayName>HTTPS Downgrade</DisplayName>
1204
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1205
            </AttackModulePolicy>
1206
            <AttackModulePolicy>
1207
                <Enabled>1</Enabled>
1208
                <ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
1209
                <ModulePriority>Medium</ModulePriority>
1210
                <Severity>Informational</Severity>
1211
                <MaxVulnLimit>200</MaxVulnLimit>
1212
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1213
                <MaxVarianceLimit>4</MaxVarianceLimit>
1214
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1215
                <EnforceEncoding>0</EnforceEncoding>
1216
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1217
                <AttackPoints>Response Analysis</AttackPoints>
1218
                <ParameterLocations></ParameterLocations>
1219
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1220
                <DisplayName>HTTP Headers</DisplayName>
1221
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1222
            </AttackModulePolicy>
1223
            <AttackModulePolicy>
1224
                <Enabled>1</Enabled>
1225
                <ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
1226
                <ModulePriority>High</ModulePriority>
1227
                <Severity>High</Severity>
1228
                <MaxVulnLimit>200</MaxVulnLimit>
1229
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1230
                <MaxVarianceLimit>4</MaxVarianceLimit>
1231
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1232
                <EnforceEncoding>0</EnforceEncoding>
1233
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1234
                <AttackPoints>Parameter</AttackPoints>
1235
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1236
                </ParameterLocations>
1237
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1238
                <DisplayName>HTTP Response Splitting</DisplayName>
1239
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1240
            </AttackModulePolicy>
1241
            <AttackModulePolicy>
1242
                <Enabled>1</Enabled>
1243
                <ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>
1244
                <ModulePriority>Low</ModulePriority>
1245
                <Severity>Low</Severity>
1246
                <MaxVulnLimit>200</MaxVulnLimit>
1247
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1248
                <MaxVarianceLimit>1</MaxVarianceLimit>
1249
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1250
                <EnforceEncoding>0</EnforceEncoding>
1251
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1252
                <AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>
1253
                <ParameterLocations></ParameterLocations>
1254
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1255
                <DisplayName>HTTPS Everywhere</DisplayName>
1256
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1257
            </AttackModulePolicy>
1258
            <AttackModulePolicy>
1259
                <Enabled>1</Enabled>
1260
                <ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>
1261
                <ModulePriority>Low</ModulePriority>
1262
                <Severity>Informational</Severity>
1263
                <MaxVulnLimit>20</MaxVulnLimit>
1264
                <MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1265
                <MaxVarianceLimit>1</MaxVarianceLimit>
1266
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1267
                <EnforceEncoding>0</EnforceEncoding>
1268
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1269
                <AttackPoints>Web Resource</AttackPoints>
1270
                <ParameterLocations></ParameterLocations>
1271
                <RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1272
                <DisplayName>HTTP User-Agent Check</DisplayName>
1273
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1274
            </AttackModulePolicy>
1275
            <AttackModulePolicy>
1276
                <Enabled>1</Enabled>
1277
                <ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
1278
                <ModulePriority>Low</ModulePriority>
1279
                <Severity>Informational</Severity>
1280
                <MaxVulnLimit>500</MaxVulnLimit>
1281
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1282
                <MaxVarianceLimit>4</MaxVarianceLimit>
1283
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1284
                <EnforceEncoding>0</EnforceEncoding>
1285
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1286
                <AttackPoints>Response Analysis</AttackPoints>
1287
                <ParameterLocations></ParameterLocations>
1288
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1289
                <DisplayName>Information Disclosure in response</DisplayName>
1290
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1291
            </AttackModulePolicy>
1292
            <AttackModulePolicy>
1293
                <Enabled>1</Enabled>
1294
                <ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
1295
                <ModulePriority>High</ModulePriority>
1296
                <Severity>Low</Severity>
1297
                <MaxVulnLimit>500</MaxVulnLimit>
1298
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1299
                <MaxVarianceLimit>4</MaxVarianceLimit>
1300
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1301
                <EnforceEncoding>0</EnforceEncoding>
1302
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1303
                <AttackPoints>Response Analysis</AttackPoints>
1304
                <ParameterLocations></ParameterLocations>
1305
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1306
                <DisplayName>Information Leakage in responses</DisplayName>
1307
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1308
            </AttackModulePolicy>
1309
            <AttackModulePolicy>
1310
                <Enabled>1</Enabled>
1311
                <ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
1312
                <ModulePriority>Low</ModulePriority>
1313
                <Severity>Low</Severity>
1314
                <MaxVulnLimit>100</MaxVulnLimit>
1315
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1316
                <MaxVarianceLimit>4</MaxVarianceLimit>
1317
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1318
                <EnforceEncoding>0</EnforceEncoding>
1319
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1320
                <AttackPoints>Web Resource</AttackPoints>
1321
                <ParameterLocations></ParameterLocations>
1322
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1323
                <DisplayName>Java Grinder</DisplayName>
1324
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1325
            </AttackModulePolicy>
1326
            <AttackModulePolicy>
1327
                <Enabled>1</Enabled>
1328
                <ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>
1329
                <ModulePriority>Low</ModulePriority>
1330
                <Severity>Informational</Severity>
1331
                <MaxVulnLimit>100</MaxVulnLimit>
1332
                <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1333
                <MaxVarianceLimit>4</MaxVarianceLimit>
1334
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1335
                <EnforceEncoding>0</EnforceEncoding>
1336
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1337
                <AttackPoints>Response Analysis</AttackPoints>
1338
                <ParameterLocations></ParameterLocations>
1339
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1340
                <DisplayName>JavaScript Memory Leaks</DisplayName>
1341
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1342
            </AttackModulePolicy>
1343
            <AttackModulePolicy>
1344
                <Enabled>1</Enabled>
1345
                <ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
1346
                <ModulePriority>High</ModulePriority>
1347
                <Severity>High</Severity>
1348
                <MaxVulnLimit>100</MaxVulnLimit>
1349
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
1350
                <MaxVarianceLimit>4</MaxVarianceLimit>
1351
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1352
                <EnforceEncoding>0</EnforceEncoding>
1353
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1354
                <AttackPoints>Parameter</AttackPoints>
1355
                <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1356
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1357
                <DisplayName>LDAP Injection</DisplayName>
1358
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1359
            </AttackModulePolicy>
1360
            <AttackModulePolicy>
1361
                <Enabled>1</Enabled>
1362
                <ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
1363
                <ModulePriority>High</ModulePriority>
1364
                <Severity>Informational</Severity>
1365
                <MaxVulnLimit>250</MaxVulnLimit>
1366
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1367
                <MaxVarianceLimit>4</MaxVarianceLimit>
1368
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1369
                <EnforceEncoding>0</EnforceEncoding>
1370
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1371
                <AttackPoints>Response Analysis</AttackPoints>
1372
                <ParameterLocations></ParameterLocations>
1373
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1374
                <DisplayName>Local Storage Usage</DisplayName>
1375
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1376
            </AttackModulePolicy>
1377
            <AttackModulePolicy>
1378
                <Enabled>1</Enabled>
1379
                <ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
1380
                <ModulePriority>Medium</ModulePriority>
1381
                <Severity>Low</Severity>
1382
                <MaxVulnLimit>100</MaxVulnLimit>
1383
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1384
                <MaxVarianceLimit>4</MaxVarianceLimit>
1385
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1386
                <EnforceEncoding>0</EnforceEncoding>
1387
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1388
                <AttackPoints>Parameter|Response Analysis</AttackPoints>
1389
                <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1390
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1391
                <DisplayName>Business logic abuse attacks</DisplayName>
1392
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1393
            </AttackModulePolicy>
1394
            <AttackModulePolicy>
1395
                <Enabled>1</Enabled>
1396
                <ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
1397
                <ModulePriority>High</ModulePriority>
1398
                <Severity>High</Severity>
1399
                <MaxVulnLimit>10</MaxVulnLimit>
1400
                <MaxPerWebSiteVulnLimit>1</MaxPerWebSiteVulnLimit>
1401
                <MaxVarianceLimit>1</MaxVarianceLimit>
1402
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1403
                <EnforceEncoding>0</EnforceEncoding>
1404
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1405
                <AttackPoints>Parameter</AttackPoints>
1406
                <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1407
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1408
                <DisplayName>Nginx NULL code</DisplayName>
1409
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1410
            </AttackModulePolicy>
1411
            <AttackModulePolicy>
1412
                <Enabled>1</Enabled>
1413
                <ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>
1414
                <ModulePriority>High</ModulePriority>
1415
                <Severity>High</Severity>
1416
                <MaxVulnLimit>500</MaxVulnLimit>
1417
                <MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1418
                <MaxVarianceLimit>4</MaxVarianceLimit>
1419
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1420
                <EnforceEncoding>0</EnforceEncoding>
1421
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1422
                <AttackPoints>Parameter</AttackPoints>
1423
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1424
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1425
                <DisplayName>NoSQLi Injection</DisplayName>
1426
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1427
            </AttackModulePolicy>
1428
            <AttackModulePolicy>
1429
                <Enabled>1</Enabled>
1430
                <ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>
1431
                <ModulePriority>High</ModulePriority>
1432
                <Severity>High</Severity>
1433
                <MaxVulnLimit>250</MaxVulnLimit>
1434
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1435
                <MaxVarianceLimit>4</MaxVarianceLimit>
1436
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1437
                <EnforceEncoding>0</EnforceEncoding>
1438
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1439
                <AttackPoints>Parameter</AttackPoints>
1440
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1441
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1442
                <DisplayName>Blind NoSQLi</DisplayName>
1443
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1444
            </AttackModulePolicy>
1445
            <AttackModulePolicy>
1446
                <Enabled>1</Enabled>
1447
                <ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
1448
                <ModulePriority>Medium</ModulePriority>
1449
                <Severity>High</Severity>
1450
                <MaxVulnLimit>200</MaxVulnLimit>
1451
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1452
                <MaxVarianceLimit>4</MaxVarianceLimit>
1453
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1454
                <EnforceEncoding>0</EnforceEncoding>
1455
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1456
                <AttackPoints>Parameter</AttackPoints>
1457
                <ParameterLocations>File|Path|Query|Post</ParameterLocations>
1458
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1459
                <DisplayName>OS Commanding</DisplayName>
1460
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1461
            </AttackModulePolicy>
1462
            <AttackModulePolicy>
1463
                <Enabled>1</Enabled>
1464
                <ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
1465
                <ModulePriority>High</ModulePriority>
1466
                <Severity>High</Severity>
1467
                <MaxVulnLimit>250</MaxVulnLimit>
1468
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1469
                <MaxVarianceLimit>5</MaxVarianceLimit>
1470
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1471
                <EnforceEncoding>0</EnforceEncoding>
1472
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1473
                <AttackPoints>Parameter</AttackPoints>
1474
                <ParameterLocations>Query|Post</ParameterLocations>
1475
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1476
                <DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>
1477
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1478
            </AttackModulePolicy>
1479
            <AttackModulePolicy>
1480
                <Enabled>1</Enabled>
1481
                <ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
1482
                <ModulePriority>High</ModulePriority>
1483
                <Severity>Medium</Severity>
1484
                <MaxVulnLimit>250</MaxVulnLimit>
1485
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1486
                <MaxVarianceLimit>5</MaxVarianceLimit>
1487
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1488
                <EnforceEncoding>0</EnforceEncoding>
1489
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1490
                <AttackPoints>Parameter</AttackPoints>
1491
                <ParameterLocations>Query|Post</ParameterLocations>
1492
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1493
                <DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>
1494
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1495
            </AttackModulePolicy>
1496
            <AttackModulePolicy>
1497
                <Enabled>1</Enabled>
1498
                <ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
1499
                <ModulePriority>High</ModulePriority>
1500
                <Severity>Medium</Severity>
1501
                <MaxVulnLimit>500</MaxVulnLimit>
1502
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1503
                <MaxVarianceLimit>4</MaxVarianceLimit>
1504
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1505
                <EnforceEncoding>0</EnforceEncoding>
1506
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1507
                <AttackPoints>Parameter</AttackPoints>
1508
                <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1509
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1510
                <DisplayName>Parameter Fuzzing</DisplayName>
1511
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1512
            </AttackModulePolicy>
1513
            <AttackModulePolicy>
1514
                <Enabled>1</Enabled>
1515
                <ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
1516
                <ModulePriority>High</ModulePriority>
1517
                <Severity>Low</Severity>
1518
                <MaxVulnLimit>10</MaxVulnLimit>
1519
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1520
                <MaxVarianceLimit>2</MaxVarianceLimit>
1521
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1522
                <EnforceEncoding>0</EnforceEncoding>
1523
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1524
                <AttackPoints>Response Analysis</AttackPoints>
1525
                <ParameterLocations></ParameterLocations>
1526
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1527
                <DisplayName>Credentials stored in clear text in a cookie.</DisplayName>
1528
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1529
            </AttackModulePolicy>
1530
            <AttackModulePolicy>
1531
                <Enabled>1</Enabled>
1532
                <ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
1533
                <ModulePriority>Medium</ModulePriority>
1534
                <Severity>Informational</Severity>
1535
                <MaxVulnLimit>200</MaxVulnLimit>
1536
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1537
                <MaxVarianceLimit>10</MaxVarianceLimit>
1538
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1539
                <EnforceEncoding>0</EnforceEncoding>
1540
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1541
                <AttackPoints>Response Analysis</AttackPoints>
1542
                <ParameterLocations></ParameterLocations>
1543
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1544
                <DisplayName>Collecting Sensitive Personal Information</DisplayName>
1545
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1546
            </AttackModulePolicy>
1547
            <AttackModulePolicy>
1548
                <Enabled>1</Enabled>
1549
                <ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
1550
                <ModulePriority>High</ModulePriority>
1551
                <Severity>Medium</Severity>
1552
                <MaxVulnLimit>100</MaxVulnLimit>
1553
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1554
                <MaxVarianceLimit>4</MaxVarianceLimit>
1555
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1556
                <EnforceEncoding>0</EnforceEncoding>
1557
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1558
                <AttackPoints>Parameter</AttackPoints>
1559
                <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1560
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1561
                <DisplayName>PHP Code Execution</DisplayName>
1562
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1563
            </AttackModulePolicy>
1564
            <AttackModulePolicy>
1565
                <Enabled>1</Enabled>
1566
                <ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>
1567
                <ModulePriority>High</ModulePriority>
1568
                <Severity>Low</Severity>
1569
                <MaxVulnLimit>4</MaxVulnLimit>
1570
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1571
                <MaxVarianceLimit>4</MaxVarianceLimit>
1572
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1573
                <EnforceEncoding>0</EnforceEncoding>
1574
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1575
                <AttackPoints>Web Resource</AttackPoints>
1576
                <ParameterLocations></ParameterLocations>
1577
                <RequestOriginations>HTML</RequestOriginations>
1578
                <DisplayName>Privacy Policy Check</DisplayName>
1579
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1580
            </AttackModulePolicy>
1581
            <AttackModulePolicy>
1582
                <Enabled>1</Enabled>
1583
                <ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
1584
                <ModulePriority>Low</ModulePriority>
1585
                <Severity>Informational</Severity>
1586
                <MaxVulnLimit>250</MaxVulnLimit>
1587
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1588
                <MaxVarianceLimit>10</MaxVarianceLimit>
1589
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1590
                <EnforceEncoding>0</EnforceEncoding>
1591
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1592
                <AttackPoints>Response Analysis</AttackPoints>
1593
                <ParameterLocations></ParameterLocations>
1594
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1595
                <DisplayName>Privacy Disclosure</DisplayName>
1596
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1597
            </AttackModulePolicy>
1598
            <AttackModulePolicy>
1599
                <Enabled>1</Enabled>
1600
                <ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
1601
                <ModulePriority>Medium</ModulePriority>
1602
                <Severity>Low</Severity>
1603
                <MaxVulnLimit>10</MaxVulnLimit>
1604
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1605
                <MaxVarianceLimit>4</MaxVarianceLimit>
1606
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1607
                <EnforceEncoding>0</EnforceEncoding>
1608
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1609
                <AttackPoints>Web Resource|Response Analysis</AttackPoints>
1610
                <ParameterLocations></ParameterLocations>
1611
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1612
                <DisplayName>Privilege Escalation</DisplayName>
1613
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1614
            </AttackModulePolicy>
1615
            <AttackModulePolicy>
1616
                <Enabled>1</Enabled>
1617
                <ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
1618
                <ModulePriority>Low</ModulePriority>
1619
                <Severity>Informational</Severity>
1620
                <MaxVulnLimit>200</MaxVulnLimit>
1621
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1622
                <MaxVarianceLimit>4</MaxVarianceLimit>
1623
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1624
                <EnforceEncoding>0</EnforceEncoding>
1625
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1626
                <AttackPoints>Response Analysis</AttackPoints>
1627
                <ParameterLocations></ParameterLocations>
1628
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1629
                <DisplayName>Profanity</DisplayName>
1630
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1631
            </AttackModulePolicy>
1632
            <AttackModulePolicy>
1633
                <Enabled>1</Enabled>
1634
                <ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
1635
                <ModulePriority>Low</ModulePriority>
1636
                <Severity>Informational</Severity>
1637
                <MaxVulnLimit>500</MaxVulnLimit>
1638
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1639
                <MaxVarianceLimit>4</MaxVarianceLimit>
1640
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1641
                <EnforceEncoding>0</EnforceEncoding>
1642
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1643
                <AttackPoints>Parameter</AttackPoints>
1644
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
1645
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1646
                <DisplayName>Reflection</DisplayName>
1647
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1648
            </AttackModulePolicy>
1649
            <AttackModulePolicy>
1650
                <Enabled>1</Enabled>
1651
                <ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
1652
                <ModulePriority>Medium</ModulePriority>
1653
                <Severity>Medium</Severity>
1654
                <MaxVulnLimit>1000</MaxVulnLimit>
1655
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1656
                <MaxVarianceLimit>4</MaxVarianceLimit>
1657
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1658
                <EnforceEncoding>0</EnforceEncoding>
1659
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1660
                <AttackPoints>Directory|File|Parameter</AttackPoints>
1661
                <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1662
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1663
                <DisplayName>File Inclusion</DisplayName>
1664
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1665
            </AttackModulePolicy>
1666
            <AttackModulePolicy>
1667
                <Enabled>1</Enabled>
1668
                <ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
1669
                <ModulePriority>Low</ModulePriority>
1670
                <Severity>Informational</Severity>
1671
                <MaxVulnLimit>50</MaxVulnLimit>
1672
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1673
                <MaxVarianceLimit>2</MaxVarianceLimit>
1674
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1675
                <EnforceEncoding>0</EnforceEncoding>
1676
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1677
                <AttackPoints>Web Resource</AttackPoints>
1678
                <ParameterLocations></ParameterLocations>
1679
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1680
                <DisplayName>HTTP Verb Tampering</DisplayName>
1681
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1682
            </AttackModulePolicy>
1683
            <AttackModulePolicy>
1684
                <Enabled>1</Enabled>
1685
                <ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
1686
                <ModulePriority>Low</ModulePriority>
1687
                <Severity>Low</Severity>
1688
                <MaxVulnLimit>200</MaxVulnLimit>
1689
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1690
                <MaxVarianceLimit>10</MaxVarianceLimit>
1691
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1692
                <EnforceEncoding>0</EnforceEncoding>
1693
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1694
                <AttackPoints>Web Site|Directory|File</AttackPoints>
1695
                <ParameterLocations></ParameterLocations>
1696
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1697
                <DisplayName>Predictable Resource Location</DisplayName>
1698
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1699
            </AttackModulePolicy>
1700
            <AttackModulePolicy>
1701
                <Enabled>1</Enabled>
1702
                <ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
1703
                <ModulePriority>Medium</ModulePriority>
1704
                <Severity>Medium</Severity>
1705
                <MaxVulnLimit>250</MaxVulnLimit>
1706
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1707
                <MaxVarianceLimit>4</MaxVarianceLimit>
1708
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1709
                <EnforceEncoding>0</EnforceEncoding>
1710
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1711
                <AttackPoints>Parameter</AttackPoints>
1712
                <ParameterLocations>Query</ParameterLocations>
1713
                <RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
1714
                <DisplayName>Reverse Clickjacking</DisplayName>
1715
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1716
            </AttackModulePolicy>
1717
            <AttackModulePolicy>
1718
                <Enabled>1</Enabled>
1719
                <ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
1720
                <ModulePriority>High</ModulePriority>
1721
                <Severity>Low</Severity>
1722
                <MaxVulnLimit>25</MaxVulnLimit>
1723
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1724
                <MaxVarianceLimit>1</MaxVarianceLimit>
1725
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1726
                <EnforceEncoding>0</EnforceEncoding>
1727
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1728
                <AttackPoints>Web Site</AttackPoints>
1729
                <ParameterLocations></ParameterLocations>
1730
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1731
                <DisplayName>Reverse Proxy</DisplayName>
1732
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1733
            </AttackModulePolicy>
1734
            <AttackModulePolicy>
1735
                <Enabled>1</Enabled>
1736
                <ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
1737
                <ModulePriority>Low</ModulePriority>
1738
                <Severity>Low</Severity>
1739
                <MaxVulnLimit>200</MaxVulnLimit>
1740
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1741
                <MaxVarianceLimit>4</MaxVarianceLimit>
1742
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1743
                <EnforceEncoding>0</EnforceEncoding>
1744
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1745
                <AttackPoints>Response Analysis</AttackPoints>
1746
                <ParameterLocations></ParameterLocations>
1747
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1748
                <DisplayName>Information Disclosure in scripts</DisplayName>
1749
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1750
            </AttackModulePolicy>
1751
            <AttackModulePolicy>
1752
                <Enabled>1</Enabled>
1753
                <ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
1754
                <ModulePriority>Low</ModulePriority>
1755
                <Severity>Informational</Severity>
1756
                <MaxVulnLimit>250</MaxVulnLimit>
1757
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1758
                <MaxVarianceLimit>3</MaxVarianceLimit>
1759
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1760
                <EnforceEncoding>0</EnforceEncoding>
1761
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1762
                <AttackPoints>Response Analysis</AttackPoints>
1763
                <ParameterLocations></ParameterLocations>
1764
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1765
                <DisplayName>Secure and non-secure content mix</DisplayName>
1766
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1767
            </AttackModulePolicy>
1768
            <AttackModulePolicy>
1769
                <Enabled>1</Enabled>
1770
                <ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
1771
                <ModulePriority>Low</ModulePriority>
1772
                <Severity>Low</Severity>
1773
                <MaxVulnLimit>100</MaxVulnLimit>
1774
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1775
                <MaxVarianceLimit>4</MaxVarianceLimit>
1776
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1777
                <EnforceEncoding>0</EnforceEncoding>
1778
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1779
                <AttackPoints>Response Analysis</AttackPoints>
1780
                <ParameterLocations></ParameterLocations>
1781
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1782
                <DisplayName>Sensitive data over an insecure channel</DisplayName>
1783
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1784
            </AttackModulePolicy>
1785
            <AttackModulePolicy>
1786
                <Enabled>1</Enabled>
1787
                <ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
1788
                <ModulePriority>High</ModulePriority>
1789
                <Severity>Informational</Severity>
1790
                <MaxVulnLimit>10</MaxVulnLimit>
1791
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1792
                <MaxVarianceLimit>1</MaxVarianceLimit>
1793
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1794
                <EnforceEncoding>0</EnforceEncoding>
1795
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1796
                <AttackPoints>Web Site|Response Analysis</AttackPoints>
1797
                <ParameterLocations></ParameterLocations>
1798
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1799
                <DisplayName>Server Configuration</DisplayName>
1800
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1801
            </AttackModulePolicy>
1802
            <AttackModulePolicy>
1803
                <Enabled>1</Enabled>
1804
                <ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
1805
                <ModulePriority>Medium</ModulePriority>
1806
                <Severity>Medium</Severity>
1807
                <MaxVulnLimit>150</MaxVulnLimit>
1808
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1809
                <MaxVarianceLimit>4</MaxVarianceLimit>
1810
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1811
                <EnforceEncoding>0</EnforceEncoding>
1812
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1813
                <AttackPoints>Parameter</AttackPoints>
1814
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1815
                </ParameterLocations>
1816
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1817
                <DisplayName>Server Side Include (SSI) Injection</DisplayName>
1818
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1819
            </AttackModulePolicy>
1820
            <AttackModulePolicy>
1821
                <Enabled>1</Enabled>
1822
                <ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>
1823
                <ModulePriority>High</ModulePriority>
1824
                <Severity>High</Severity>
1825
                <MaxVulnLimit>250</MaxVulnLimit>
1826
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1827
                <MaxVarianceLimit>4</MaxVarianceLimit>
1828
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1829
                <EnforceEncoding>0</EnforceEncoding>
1830
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1831
                <AttackPoints>Directory|File|Parameter</AttackPoints>
1832
                <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1833
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1834
                <DisplayName>Server Side Request Forgery</DisplayName>
1835
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1836
            </AttackModulePolicy>
1837
            <AttackModulePolicy>
1838
                <Enabled>1</Enabled>
1839
                <ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>
1840
                <ModulePriority>High</ModulePriority>
1841
                <Severity>High</Severity>
1842
                <MaxVulnLimit>200</MaxVulnLimit>
1843
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1844
                <MaxVarianceLimit>4</MaxVarianceLimit>
1845
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1846
                <EnforceEncoding>0</EnforceEncoding>
1847
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1848
                <AttackPoints>Parameter</AttackPoints>
1849
                <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1850
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1851
                <DisplayName>Server Side Template Injection</DisplayName>
1852
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1853
            </AttackModulePolicy>
1854
            <AttackModulePolicy>
1855
                <Enabled>1</Enabled>
1856
                <ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
1857
                <ModulePriority>High</ModulePriority>
1858
                <Severity>Medium</Severity>
1859
                <MaxVulnLimit>25</MaxVulnLimit>
1860
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1861
                <MaxVarianceLimit>2</MaxVarianceLimit>
1862
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1863
                <EnforceEncoding>0</EnforceEncoding>
1864
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1865
                <AttackPoints>Web Resource</AttackPoints>
1866
                <ParameterLocations></ParameterLocations>
1867
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1868
                <DisplayName>Session Fixation</DisplayName>
1869
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1870
            </AttackModulePolicy>
1871
            <AttackModulePolicy>
1872
                <Enabled>1</Enabled>
1873
                <ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>
1874
                <ModulePriority>Low</ModulePriority>
1875
                <Severity>Low</Severity>
1876
                <MaxVulnLimit>10</MaxVulnLimit>
1877
                <MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1878
                <MaxVarianceLimit>1</MaxVarianceLimit>
1879
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1880
                <EnforceEncoding>0</EnforceEncoding>
1881
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1882
                <AttackPoints>Parameter</AttackPoints>
1883
                <ParameterLocations>Directory|Path|Query</ParameterLocations>
1884
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1885
                <DisplayName>HTTP Query Session Check</DisplayName>
1886
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1887
            </AttackModulePolicy>
1888
            <AttackModulePolicy>
1889
                <Enabled>1</Enabled>
1890
                <ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
1891
                <ModulePriority>Medium</ModulePriority>
1892
                <Severity>Low</Severity>
1893
                <MaxVulnLimit>10</MaxVulnLimit>
1894
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1895
                <MaxVarianceLimit>4</MaxVarianceLimit>
1896
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1897
                <EnforceEncoding>0</EnforceEncoding>
1898
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1899
                <AttackPoints>Web Resource</AttackPoints>
1900
                <ParameterLocations></ParameterLocations>
1901
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1902
                <DisplayName>Session Strength</DisplayName>
1903
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1904
            </AttackModulePolicy>
1905
            <AttackModulePolicy>
1906
                <Enabled>1</Enabled>
1907
                <ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>
1908
                <ModulePriority>Medium</ModulePriority>
1909
                <Severity>Low</Severity>
1910
                <MaxVulnLimit>50</MaxVulnLimit>
1911
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1912
                <MaxVarianceLimit>4</MaxVarianceLimit>
1913
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1914
                <EnforceEncoding>0</EnforceEncoding>
1915
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1916
                <AttackPoints>Response Analysis</AttackPoints>
1917
                <ParameterLocations></ParameterLocations>
1918
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1919
                <DisplayName>Session Upgrade</DisplayName>
1920
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1921
            </AttackModulePolicy>
1922
            <AttackModulePolicy>
1923
                <Enabled>1</Enabled>
1924
                <ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
1925
                <ModulePriority>Low</ModulePriority>
1926
                <Severity>Medium</Severity>
1927
                <MaxVulnLimit>100</MaxVulnLimit>
1928
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1929
                <MaxVarianceLimit>4</MaxVarianceLimit>
1930
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1931
                <EnforceEncoding>0</EnforceEncoding>
1932
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1933
                <AttackPoints>File</AttackPoints>
1934
                <ParameterLocations></ParameterLocations>
1935
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1936
                <DisplayName>Source Code Disclosure</DisplayName>
1937
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1938
            </AttackModulePolicy>
1939
            <AttackModulePolicy>
1940
                <Enabled>1</Enabled>
1941
                <ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
1942
                <ModulePriority>High</ModulePriority>
1943
                <Severity>Low</Severity>
1944
                <MaxVulnLimit>250</MaxVulnLimit>
1945
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1946
                <MaxVarianceLimit>4</MaxVarianceLimit>
1947
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1948
                <EnforceEncoding>0</EnforceEncoding>
1949
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1950
                <AttackPoints>Response Analysis</AttackPoints>
1951
                <ParameterLocations></ParameterLocations>
1952
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1953
                <DisplayName>SQL Information Leakage</DisplayName>
1954
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1955
            </AttackModulePolicy>
1956
            <AttackModulePolicy>
1957
                <Enabled>1</Enabled>
1958
                <ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
1959
                <ModulePriority>High</ModulePriority>
1960
                <Severity>High</Severity>
1961
                <MaxVulnLimit>500</MaxVulnLimit>
1962
                <MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1963
                <MaxVarianceLimit>4</MaxVarianceLimit>
1964
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1965
                <EnforceEncoding>0</EnforceEncoding>
1966
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1967
                <AttackPoints>Parameter</AttackPoints>
1968
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1969
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1970
                <DisplayName>SQL Injection</DisplayName>
1971
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1972
            </AttackModulePolicy>
1973
            <AttackModulePolicy>
1974
                <Enabled>1</Enabled>
1975
                <ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
1976
                <ModulePriority>High</ModulePriority>
1977
                <Severity>High</Severity>
1978
                <MaxVulnLimit>25</MaxVulnLimit>
1979
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1980
                <MaxVarianceLimit>4</MaxVarianceLimit>
1981
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1982
                <EnforceEncoding>0</EnforceEncoding>
1983
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1984
                <AttackPoints>Parameter</AttackPoints>
1985
                <ParameterLocations>Path|Query|Post</ParameterLocations>
1986
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1987
                <DisplayName>SQL Injection Auth Bypass</DisplayName>
1988
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1989
            </AttackModulePolicy>
1990
            <AttackModulePolicy>
1991
                <Enabled>1</Enabled>
1992
                <ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
1993
                <ModulePriority>Medium</ModulePriority>
1994
                <Severity>Medium</Severity>
1995
                <MaxVulnLimit>100</MaxVulnLimit>
1996
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1997
                <MaxVarianceLimit>4</MaxVarianceLimit>
1998
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1999
                <EnforceEncoding>0</EnforceEncoding>
2000
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2001
                <AttackPoints>Response Analysis</AttackPoints>
2002
                <ParameterLocations></ParameterLocations>
2003
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2004
                <DisplayName>SQL Parameter Check</DisplayName>
2005
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2006
            </AttackModulePolicy>
2007
            <AttackModulePolicy>
2008
                <Enabled>1</Enabled>
2009
                <ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
2010
                <ModulePriority>Medium</ModulePriority>
2011
                <Severity>Informational</Severity>
2012
                <MaxVulnLimit>25</MaxVulnLimit>
2013
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2014
                <MaxVarianceLimit>100</MaxVarianceLimit>
2015
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2016
                <EnforceEncoding>0</EnforceEncoding>
2017
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2018
                <AttackPoints>Web Site</AttackPoints>
2019
                <ParameterLocations></ParameterLocations>
2020
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2021
                <DisplayName>SSL Strength</DisplayName>
2022
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2023
            </AttackModulePolicy>
2024
            <AttackModulePolicy>
2025
                <Enabled>1</Enabled>
2026
                <ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
2027
                <ModulePriority>Medium</ModulePriority>
2028
                <Severity>Informational</Severity>
2029
                <MaxVulnLimit>50</MaxVulnLimit>
2030
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2031
                <MaxVarianceLimit>20</MaxVarianceLimit>
2032
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2033
                <EnforceEncoding>0</EnforceEncoding>
2034
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2035
                <AttackPoints>Web Site</AttackPoints>
2036
                <ParameterLocations></ParameterLocations>
2037
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2038
                <DisplayName>Subdomain discovery</DisplayName>
2039
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2040
            </AttackModulePolicy>
2041
            <AttackModulePolicy>
2042
                <Enabled>1</Enabled>
2043
                <ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>
2044
                <ModulePriority>Low</ModulePriority>
2045
                <Severity>Low</Severity>
2046
                <MaxVulnLimit>100</MaxVulnLimit>
2047
                <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2048
                <MaxVarianceLimit>4</MaxVarianceLimit>
2049
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2050
                <EnforceEncoding>0</EnforceEncoding>
2051
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2052
                <AttackPoints>Response Analysis</AttackPoints>
2053
                <ParameterLocations></ParameterLocations>
2054
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
2055
                <DisplayName>Subresource Integrity</DisplayName>
2056
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2057
            </AttackModulePolicy>
2058
            <AttackModulePolicy>
2059
                <Enabled>1</Enabled>
2060
                <ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
2061
                <ModulePriority>High</ModulePriority>
2062
                <Severity>Medium</Severity>
2063
                <MaxVulnLimit>40</MaxVulnLimit>
2064
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2065
                <MaxVarianceLimit>4</MaxVarianceLimit>
2066
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2067
                <EnforceEncoding>0</EnforceEncoding>
2068
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2069
                <AttackPoints>Parameter</AttackPoints>
2070
                <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2071
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2072
                <DisplayName>Unvalidated Redirect</DisplayName>
2073
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2074
            </AttackModulePolicy>
2075
            <AttackModulePolicy>
2076
                <Enabled>1</Enabled>
2077
                <ModuleId>B69E83831D26496BB2CC0C0D70181EC3</ModuleId>
2078
                <ModulePriority>High</ModulePriority>
2079
                <Severity>Low</Severity>
2080
                <MaxVulnLimit>40</MaxVulnLimit>
2081
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2082
                <MaxVarianceLimit>4</MaxVarianceLimit>
2083
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2084
                <EnforceEncoding>0</EnforceEncoding>
2085
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2086
                <AttackPoints>Response Analysis</AttackPoints>
2087
                <ParameterLocations></ParameterLocations>
2088
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2089
                <DisplayName>URL rewriting</DisplayName>
2090
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2091
            </AttackModulePolicy>
2092
            <AttackModulePolicy>
2093
                <Enabled>1</Enabled>
2094
                <ModuleId>4DE84100F31849A7B845FE5F62D2FD7A</ModuleId>
2095
                <ModulePriority>Medium</ModulePriority>
2096
                <Severity>Medium</Severity>
2097
                <MaxVulnLimit>25</MaxVulnLimit>
2098
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2099
                <MaxVarianceLimit>2</MaxVarianceLimit>
2100
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2101
                <EnforceEncoding>0</EnforceEncoding>
2102
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2103
                <AttackPoints>Response Analysis</AttackPoints>
2104
                <ParameterLocations></ParameterLocations>
2105
                <RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
2106
                <DisplayName>ASP.NET ViewState security</DisplayName>
2107
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2108
            </AttackModulePolicy>
2109
            <AttackModulePolicy>
2110
                <Enabled>1</Enabled>
2111
                <ModuleId>0BE4C251F44C4CF1924104ADFD86289C</ModuleId>
2112
                <ModulePriority>Low</ModulePriority>
2113
                <Severity>Informational</Severity>
2114
                <MaxVulnLimit>100</MaxVulnLimit>
2115
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
2116
                <MaxVarianceLimit>4</MaxVarianceLimit>
2117
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2118
                <EnforceEncoding>0</EnforceEncoding>
2119
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2120
                <AttackPoints>Web Resource</AttackPoints>
2121
                <ParameterLocations></ParameterLocations>
2122
                <RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
2123
                <DisplayName>Web Beacon</DisplayName>
2124
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2125
            </AttackModulePolicy>
2126
            <AttackModulePolicy>
2127
                <Enabled>1</Enabled>
2128
                <ModuleId>667629EC1FDC4C6D98B5F4031717BB9B</ModuleId>
2129
                <ModulePriority>Medium</ModulePriority>
2130
                <Severity>Low</Severity>
2131
                <MaxVulnLimit>250</MaxVulnLimit>
2132
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2133
                <MaxVarianceLimit>4</MaxVarianceLimit>
2134
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2135
                <EnforceEncoding>0</EnforceEncoding>
2136
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2137
                <AttackPoints>Directory</AttackPoints>
2138
                <ParameterLocations></ParameterLocations>
2139
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2140
                <DisplayName>Web DAV Flaws Check</DisplayName>
2141
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2142
            </AttackModulePolicy>
2143
            <AttackModulePolicy>
2144
                <Enabled>1</Enabled>
2145
                <ModuleId>74FB936F2BBA499F8D0AF3B7A29B4F9E</ModuleId>
2146
                <ModulePriority>High</ModulePriority>
2147
                <Severity>Low</Severity>
2148
                <MaxVulnLimit>30</MaxVulnLimit>
2149
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2150
                <MaxVarianceLimit>4</MaxVarianceLimit>
2151
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2152
                <EnforceEncoding>0</EnforceEncoding>
2153
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2154
                <AttackPoints>Web Site</AttackPoints>
2155
                <ParameterLocations></ParameterLocations>
2156
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2157
                <DisplayName>Cross-site tracing (XST)</DisplayName>
2158
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2159
            </AttackModulePolicy>
2160
            <AttackModulePolicy>
2161
                <Enabled>1</Enabled>
2162
                <ModuleId>377030BFE58A4F01A112295D32A0744C</ModuleId>
2163
                <ModulePriority>High</ModulePriority>
2164
                <Severity>Medium</Severity>
2165
                <MaxVulnLimit>250</MaxVulnLimit>
2166
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
2167
                <MaxVarianceLimit>4</MaxVarianceLimit>
2168
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2169
                <EnforceEncoding>0</EnforceEncoding>
2170
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2171
                <AttackPoints>Parameter</AttackPoints>
2172
                <ParameterLocations>Post</ParameterLocations>
2173
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2174
                <DisplayName>Web Service Parameter Fuzzing</DisplayName>
2175
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2176
            </AttackModulePolicy>
2177
            <AttackModulePolicy>
2178
                <Enabled>1</Enabled>
2179
                <ModuleId>8399FA8EDF5C41BC9D3CF85DC23DC26B</ModuleId>
2180
                <ModulePriority>Low</ModulePriority>
2181
                <Severity>Informational</Severity>
2182
                <MaxVulnLimit>20</MaxVulnLimit>
2183
                <MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
2184
                <MaxVarianceLimit>2</MaxVarianceLimit>
2185
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2186
                <EnforceEncoding>0</EnforceEncoding>
2187
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2188
                <AttackPoints>Response Analysis</AttackPoints>
2189
                <ParameterLocations></ParameterLocations>
2190
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2191
                <DisplayName>X-Content-Type-Options</DisplayName>
2192
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2193
            </AttackModulePolicy>
2194
            <AttackModulePolicy>
2195
                <Enabled>1</Enabled>
2196
                <ModuleId>3E2E60F7D0E04D8596918C2D1F639064</ModuleId>
2197
                <ModulePriority>Low</ModulePriority>
2198
                <Severity>Informational</Severity>
2199
                <MaxVulnLimit>50</MaxVulnLimit>
2200
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2201
                <MaxVarianceLimit>2</MaxVarianceLimit>
2202
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2203
                <EnforceEncoding>0</EnforceEncoding>
2204
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2205
                <AttackPoints>Response Analysis</AttackPoints>
2206
                <ParameterLocations></ParameterLocations>
2207
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2208
                <DisplayName>X-Frame-Options</DisplayName>
2209
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2210
            </AttackModulePolicy>
2211
            <AttackModulePolicy>
2212
                <Enabled>1</Enabled>
2213
                <ModuleId>615D72F401BC447AB4A2139654BC9945</ModuleId>
2214
                <ModulePriority>Low</ModulePriority>
2215
                <Severity>Informational</Severity>
2216
                <MaxVulnLimit>25</MaxVulnLimit>
2217
                <MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
2218
                <MaxVarianceLimit>2</MaxVarianceLimit>
2219
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2220
                <EnforceEncoding>0</EnforceEncoding>
2221
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2222
                <AttackPoints>Response Analysis</AttackPoints>
2223
                <ParameterLocations></ParameterLocations>
2224
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2225
                <DisplayName>X-XSS-Protection</DisplayName>
2226
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2227
            </AttackModulePolicy>
2228
            <AttackModulePolicy>
2229
                <Enabled>1</Enabled>
2230
                <ModuleId>ABFA075919804435A25A22A8CAC191DF</ModuleId>
2231
                <ModulePriority>High</ModulePriority>
2232
                <Severity>Medium</Severity>
2233
                <MaxVulnLimit>100</MaxVulnLimit>
2234
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2235
                <MaxVarianceLimit>4</MaxVarianceLimit>
2236
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2237
                <EnforceEncoding>0</EnforceEncoding>
2238
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2239
                <AttackPoints>Parameter</AttackPoints>
2240
                <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2241
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2242
                <DisplayName>XML External Entity Attack</DisplayName>
2243
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2244
            </AttackModulePolicy>
2245
            <AttackModulePolicy>
2246
                <Enabled>1</Enabled>
2247
                <ModuleId>BBE9F36A88A944ECB837D5193D356E4C</ModuleId>
2248
                <ModulePriority>Medium</ModulePriority>
2249
                <Severity>High</Severity>
2250
                <MaxVulnLimit>100</MaxVulnLimit>
2251
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2252
                <MaxVarianceLimit>4</MaxVarianceLimit>
2253
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2254
                <EnforceEncoding>0</EnforceEncoding>
2255
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2256
                <AttackPoints>Parameter</AttackPoints>
2257
                <ParameterLocations>Path|Query|Post</ParameterLocations>
2258
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2259
                <DisplayName>XPath Injection</DisplayName>
2260
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2261
            </AttackModulePolicy>
2262
            <AttackModulePolicy>
2263
                <Enabled>1</Enabled>
2264
                <ModuleId>6CEF426D33514825B50741616DB2120B</ModuleId>
2265
                <ModulePriority>Low</ModulePriority>
2266
                <Severity>Informational</Severity>
2267
                <MaxVulnLimit>25</MaxVulnLimit>
2268
                <MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
2269
                <MaxVarianceLimit>2</MaxVarianceLimit>
2270
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2271
                <EnforceEncoding>0</EnforceEncoding>
2272
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2273
                <AttackPoints>Response Analysis</AttackPoints>
2274
                <ParameterLocations></ParameterLocations>
2275
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2276
                <DisplayName>X-Powered-By</DisplayName>
2277
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2278
            </AttackModulePolicy>
2279
            <AttackModulePolicy>
2280
                <Enabled>1</Enabled>
2281
                <ModuleId>46A8FE469F6C44BFB9946C021A2BCDC8</ModuleId>
2282
                <ModulePriority>High</ModulePriority>
2283
                <Severity>Medium</Severity>
2284
                <MaxVulnLimit>250</MaxVulnLimit>
2285
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2286
                <MaxVarianceLimit>4</MaxVarianceLimit>
2287
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2288
                <EnforceEncoding>0</EnforceEncoding>
2289
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2290
                <AttackPoints>Response Analysis</AttackPoints>
2291
                <ParameterLocations></ParameterLocations>
2292
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2293
                <DisplayName>Cross-site scripting (XSS), (DOM based)</DisplayName>
2294
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2295
            </AttackModulePolicy>
2296
            <AttackModulePolicy>
2297
                <Enabled>1</Enabled>
2298
                <ModuleId>BD57F92E956A493DA39ADDF215B29D96</ModuleId>
2299
                <ModulePriority>High</ModulePriority>
2300
                <Severity>Medium</Severity>
2301
                <MaxVulnLimit>100</MaxVulnLimit>
2302
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2303
                <MaxVarianceLimit>4</MaxVarianceLimit>
2304
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2305
                <EnforceEncoding>0</EnforceEncoding>
2306
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2307
                <AttackPoints>Web Resource</AttackPoints>
2308
                <ParameterLocations></ParameterLocations>
2309
                <RequestOriginations>AJAX</RequestOriginations>
2310
                <DisplayName>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</DisplayName>
2311
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2312
            </AttackModulePolicy>
2313
            <AttackModulePolicy>
2314
                <Enabled>1</Enabled>
2315
                <ModuleId>62AA6A08FA764E209551B4A4C479F08D</ModuleId>
2316
                <ModulePriority>High</ModulePriority>
2317
                <Severity>High</Severity>
2318
                <MaxVulnLimit>100</MaxVulnLimit>
2319
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2320
                <MaxVarianceLimit>4</MaxVarianceLimit>
2321
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2322
                <EnforceEncoding>0</EnforceEncoding>
2323
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2324
                <AttackPoints>Response Analysis</AttackPoints>
2325
                <ParameterLocations></ParameterLocations>
2326
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2327
                <DisplayName>Persistent Cross-site scripting (XSS) (passive)</DisplayName>
2328
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2329
            </AttackModulePolicy>
2330
            <AttackModulePolicy>
2331
                <Enabled>1</Enabled>
2332
                <ModuleId>050ABD8CF99F4EE4AA18C12F06FA3051</ModuleId>
2333
                <ModulePriority>High</ModulePriority>
2334
                <Severity>High</Severity>
2335
                <MaxVulnLimit>250</MaxVulnLimit>
2336
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2337
                <MaxVarianceLimit>5</MaxVarianceLimit>
2338
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2339
                <EnforceEncoding>0</EnforceEncoding>
2340
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2341
                <AttackPoints>Parameter</AttackPoints>
2342
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2343
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2344
                <DisplayName>Persistent Cross-site scripting (XSS), (active)</DisplayName>
2345
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2346
            </AttackModulePolicy>
2347
            <AttackModulePolicy>
2348
                <Enabled>1</Enabled>
2349
                <ModuleId>ABEB2E590AA24A39BB6FE7DBD6338277</ModuleId>
2350
                <ModulePriority>High</ModulePriority>
2351
                <Severity>Medium</Severity>
2352
                <MaxVulnLimit>400</MaxVulnLimit>
2353
                <MaxPerWebSiteVulnLimit>150</MaxPerWebSiteVulnLimit>
2354
                <MaxVarianceLimit>5</MaxVarianceLimit>
2355
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2356
                <EnforceEncoding>0</EnforceEncoding>
2357
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2358
                <AttackPoints>Parameter</AttackPoints>
2359
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2360
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2361
                <DisplayName>Reflected Cross-site scripting (XSS)</DisplayName>
2362
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2363
            </AttackModulePolicy>
2364
            <AttackModulePolicy>
2365
                <Enabled>1</Enabled>
2366
                <ModuleId>FFBF4640C8A4475E93E099018951B409</ModuleId>
2367
                <ModulePriority>Medium</ModulePriority>
2368
                <Severity>Medium</Severity>
2369
                <MaxVulnLimit>250</MaxVulnLimit>
2370
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
2371
                <MaxVarianceLimit>4</MaxVarianceLimit>
2372
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2373
                <EnforceEncoding>0</EnforceEncoding>
2374
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2375
                <AttackPoints>Parameter</AttackPoints>
2376
                <ParameterLocations>File|Query|Post</ParameterLocations>
2377
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2378
                <DisplayName>Reflected Cross-site scripting (XSS), (simple)</DisplayName>
2379
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2380
            </AttackModulePolicy>
2381
        </AttackModulePolicyList>
2382
    </AttackPolicyConfig>
2383
    <AnalyzerConfig>
2384
        <Enabled>0</Enabled>
2385
        <NotExistingFilePath>/aaaaaaaa.aaa</NotExistingFilePath>
2386
        <NotExistingDirPath>/aaaaaaaa/</NotExistingDirPath>
2387
        <AppendToOriginalValue>1</AppendToOriginalValue>
2388
        <ReplaceOriginalValue>0</ReplaceOriginalValue>
2389
    </AnalyzerConfig>
2390
    <AuthConfig>
2391
        <Type>Form</Type>
2392
        <HttpAuth>0</HttpAuth>
2393
        <OAuth>0</OAuth>
2394
        <ReloginAfterSessionLoss>1</ReloginAfterSessionLoss>
2395
        <LogoutDetection>1</LogoutDetection>
2396
        <UserAssistance>0</UserAssistance>
2397
        <AssumeSuccessfulLogin>0</AssumeSuccessfulLogin>
2398
        <VerifyNotLoggedin>1</VerifyNotLoggedin>
2399
        <PostponeLoginAction>1</PostponeLoginAction>
2400
        <CreateNonAuthenticatedSession>0</CreateNonAuthenticatedSession>
2401
        <TreatFailedReloginAsError>1</TreatFailedReloginAsError>
2402
        <RestartProxyBeforeRelogin>0</RestartProxyBeforeRelogin>
2403
        <TemplateLoginMacro>0</TemplateLoginMacro>
2404
        <BlacklistSinglePasswordForms>0</BlacklistSinglePasswordForms>
2405
        <BlacklistMultiPasswordForms>1</BlacklistMultiPasswordForms>
2406
        <ResetCookies>1</ResetCookies>
2407
        <AccountType>Restricted</AccountType>
2408
        <UsernameForm>admin</UsernameForm>
2409
        <PasswordForm>
2410
            FF7CF70CAE791A3B49FF16F4F97F566C661AFFA277EAA8DFFBF53AFFCC7554E4D013706DFFEC81A95B2CAEF2E9FF6F76CA0FA1B24DEF00FEFDEEFF200F320F0407445FCCD1
2411
        </PasswordForm>
2412
        <UsernameHttp></UsernameHttp>
2413
        <PasswordHttp></PasswordHttp>
2414
        <AutoLogonSecurity>Medium</AutoLogonSecurity>
2415
        <LoginLinkRegex>((log|sign)[ -]?(in|on))|auth</LoginLinkRegex>
2416
        <LoggedInRegex>(sign|log)[ -]?(out|off)</LoggedInRegex>
2417
        <LoggedInHeaderRegex></LoggedInHeaderRegex>
2418
        <SessionLossRegex>please (re)?login|have been logged out|session has expired</SessionLossRegex>
2419
        <SessionLossHeaderRegex>Location: [^\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\b</SessionLossHeaderRegex>
2420
        <LogoutLinkRegex>(sign|log|time)[ -]?(in|on|out|off)|password</LogoutLinkRegex>
2421
        <LogoutPostBodyRegex>(sign|log|time)[ -]?(in|on|out|off)</LogoutPostBodyRegex>
2422
        <CanaryPage></CanaryPage>
2423
		<SessionLossOnCanaryPageHeaderRegex></SessionLossOnCanaryPageHeaderRegex>
2424
		<SessionLossOnCanaryPageRegex></SessionLossOnCanaryPageRegex>
2425
        <FormSubmissionScript></FormSubmissionScript>
2426
        <SessionCookieRegex>\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\b
2427
        </SessionCookieRegex>
2428
        <SessionCookieLifespan>32</SessionCookieLifespan>
2429
        <URLSessionTokenRegex></URLSessionTokenRegex>
2430
        <PostSessionTokenRegex></PostSessionTokenRegex>
2431
        <ResponseBodyTokenRegex></ResponseBodyTokenRegex>
2432
        <SecondResponseBodyTokenRegex></SecondResponseBodyTokenRegex>
2433
        <HTTPHeaderWithTokenReplacement></HTTPHeaderWithTokenReplacement>
2434
        <SecondHTTPHeaderWithTokenReplacement></SecondHTTPHeaderWithTokenReplacement>
2435
        <LogoutDetectionFrequency>60</LogoutDetectionFrequency>
2436
        <DiscoveryMaxLinks>100</DiscoveryMaxLinks>
2437
        <LoginMaxLinks>50</LoginMaxLinks>
2438
        <DiscoveryDepth>10</DiscoveryDepth>
2439
        <LoginDepth>10</LoginDepth>
2440
        <MaxMacroReloginAttempts>3</MaxMacroReloginAttempts>
2441
        <DiscoveryPrioritization>Login Form Discovery</DiscoveryPrioritization>
2442
        <LoginPrioritization>Login</LoginPrioritization>
2443
        <BootstrapDelay>60000</BootstrapDelay>
2444
        <RemoteBootstrapTimeoutMinutes>60</RemoteBootstrapTimeoutMinutes>
2445
        <SeedLink></SeedLink>
2446
        <DiscoverLoginForm>1</DiscoverLoginForm>
2447
        <UseBrowserFormLogin>1</UseBrowserFormLogin>
2448
        <PingFrequency>600</PingFrequency>
2449
        <PingURL></PingURL>
2450
        <HmacConfig>
2451
            <HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2452
            <HMACUsername></HMACUsername>
2453
            <HMACApiKey></HMACApiKey>
2454
            <HMACHashAlgorithm>32780</HMACHashAlgorithm>
2455
        </HmacConfig>
2456
        <HawkConfig>
2457
            <HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2458
            <HMACUsername></HMACUsername>
2459
            <HMACApiKey></HMACApiKey>
2460
            <HMACHashAlgorithm>32780</HMACHashAlgorithm>
2461
            <HAWKAuthKeyId></HAWKAuthKeyId>
2462
            <HAWKAuthKey></HAWKAuthKey>
2463
            <HAWKExtAppData></HAWKExtAppData>
2464
        </HawkConfig>
2465
        <OauthConfig>
2466
            <ResourceOwnerURL></ResourceOwnerURL>
2467
            <ResourceServerURL></ResourceServerURL>
2468
            <AuthorizationServerURL>/authorize</AuthorizationServerURL>
2469
            <ClientId></ClientId>
2470
            <ClientScope></ClientScope>
2471
            <ClientState></ClientState>
2472
            <ClientSecret></ClientSecret>
2473
            <RedirectURI></RedirectURI>
2474
            <Username></Username>
2475
            <Password></Password>
2476
            <UsernameForm></UsernameForm>
2477
            <PasswordForm></PasswordForm>
2478
            <ExtensionGrant></ExtensionGrant>
2479
            <AuthorizationGrantType>Null</AuthorizationGrantType>
2480
            <NeverDoBasicAuth>0</NeverDoBasicAuth>
2481
            <JsonPostBodies>0</JsonPostBodies>
2482
            <AzureResponseMode>NullAzureResponseMode</AzureResponseMode>
2483
            <AzureResourceUrl></AzureResourceUrl>
2484
            <AzurePrompt>NullAzurePrompt</AzurePrompt>
2485
            <AzureLoginHint></AzureLoginHint>
2486
            <AzureDomainHint></AzureDomainHint>
2487
        </OauthConfig>
2488
        <ADALConfig>
2489
            <ResourceId>https://graph.windows.net</ResourceId>
2490
            <Tenant></Tenant>
2491
            <ClientId></ClientId>
2492
            <AuthorityURL></AuthorityURL>
2493
            <Username></Username>
2494
            <Password></Password>
2495
            <TokenRefreshPeriod>0:10:00</TokenRefreshPeriod>
2496
        </ADALConfig>
2497
        <MacroFile>
2498
            <MacroFileName>
2499
                <![CDATA[]]>
2500
            </MacroFileName>
2501
            <JavaScriptEngine>Default</JavaScriptEngine>
2502
            <ShowInBrowser>0</ShowInBrowser>
2503
            <ReplaySpeed>1</ReplaySpeed>
2504
            <ASAPMode>1</ASAPMode>
2505
            <ASAPModeMinDelay>3000</ASAPModeMinDelay>
2506
            <ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro>
2507
            <AttackAsSequence>0</AttackAsSequence>
2508
            <SequenceConfig>
2509
                <ResetSession>1</ResetSession>
2510
                <AutoSequenceConfig>1</AutoSequenceConfig>
2511
                <ManualSequenceConfig>
2512
                </ManualSequenceConfig>
2513
            </SequenceConfig>
2514
            <WebDriverConfig>
2515
                <ChromeDriverPort>1235</ChromeDriverPort>
2516
                <ChromeDebugPort>1234</ChromeDebugPort>
2517
            </WebDriverConfig>
2518
        </MacroFile>
2519
        <WebServiceAuthConfig>
2520
            <Enabled>0</Enabled>
2521
            <AuthWSDL></AuthWSDL>
2522
            <AuthWebMethod></AuthWebMethod>
2523
            <GetAuthTokenXPath></GetAuthTokenXPath>
2524
            <PutAuthTokenXPath></PutAuthTokenXPath>
2525
            <ExtractAuthToken>1</ExtractAuthToken>
2526
        </WebServiceAuthConfig>
2527
        <SeleniumFile>
2528
            <SeleniumFileName>
2529
                <![CDATA[]]>
2530
            </SeleniumFileName>
2531
        </SeleniumFile>
2532
        <TrafficFile>
2533
            <TrafficFileName></TrafficFileName>
2534
            <TrafficFilePassword></TrafficFilePassword>
2535
            <AttackAsSequence>0</AttackAsSequence>
2536
            <BeginAttackRequest>0</BeginAttackRequest>
2537
            <EndAttackRequest>-1</EndAttackRequest>
2538
        </TrafficFile>
2539
        <BrowserFormLoginConfig>
2540
            <ShowInBrowser>0</ShowInBrowser>
2541
            <InitialNavigateEventDuration>10000</InitialNavigateEventDuration>
2542
            <FinalDelayEventDuration>20000</FinalDelayEventDuration>
2543
        </BrowserFormLoginConfig>
2544
    </AuthConfig>
2545
    <ProxyConfig>
2546
        <Type>Internet Explorer Settings</Type>
2547
        <HttpHost></HttpHost>
2548
        <HttpPort>0</HttpPort>
2549
        <HttpsHost></HttpsHost>
2550
        <HttpsPort>0</HttpsPort>
2551
        <PACFile></PACFile>
2552
        <Username></Username>
2553
        <Password></Password>
2554
    </ProxyConfig>
2555
    <RemediationConfig>
2556
        <DollarsPerHourAppDev>250</DollarsPerHourAppDev>
2557
        <DollarsPerHourServerAdmin>250</DollarsPerHourServerAdmin>
2558
        <DollarsPerHourDatabaseAdmin>250</DollarsPerHourDatabaseAdmin>
2559
        <SetupHoursAppDev>8</SetupHoursAppDev>
2560
        <SetupHoursServerAdmin>2</SetupHoursServerAdmin>
2561
        <SetupHoursDatabaseAdmin>8</SetupHoursDatabaseAdmin>
2562
        <MinHoursPerIssueAppDev>0.75</MinHoursPerIssueAppDev>
2563
        <MaxHoursPerIssueAppDev>1.25</MaxHoursPerIssueAppDev>
2564
        <MinHoursPerIssueServerAdmin>0.25</MinHoursPerIssueServerAdmin>
2565
        <MaxHoursPerIssueServerAdmin>1</MaxHoursPerIssueServerAdmin>
2566
        <MinHoursPerIssueDatabaseAdmin>0.75</MinHoursPerIssueDatabaseAdmin>
2567
        <MaxHoursPerIssueDatabaseAdmin>1.25</MaxHoursPerIssueDatabaseAdmin>
2568
    </RemediationConfig>
2569
    <SSLCertConfig>
2570
        <Type>NoCert</Type>
2571
        <File></File>
2572
        <Password></Password>
2573
        <Index>-3</Index>
2574
        <Name></Name>
2575
        <SerialNumber></SerialNumber>
2576
        <IssuerNameBase64></IssuerNameBase64>
2577
        <Pin></Pin>
2578
        <RequestPinAtStartup>0</RequestPinAtStartup>
2579
        <SetPinInterval>180</SetPinInterval>
2580
    </SSLCertConfig>
2581
    <NetworkSettingsConfig>
2582
        <CloseConnection>0</CloseConnection>
2583
        <SendKeepAliveHeader>0</SendKeepAliveHeader>
2584
        <PreAuthenticateBasicAuth>0</PreAuthenticateBasicAuth>
2585
        <MaxRetries>2</MaxRetries>
2586
        <MaxResponseSize>7000000</MaxResponseSize>
2587
        <MaxJavasciptResponseSize>12000000</MaxJavasciptResponseSize>
2588
        <ResolveTimeout>60000</ResolveTimeout>
2589
        <ConnectTimeout>60000</ConnectTimeout>
2590
        <WriteTimeout>60000</WriteTimeout>
2591
        <ReadTimeout>60000</ReadTimeout>
2592
        <AssumeDisconnectedTimeout>18000000</AssumeDisconnectedTimeout>
2593
        <DripDelayMilliSeconds>25</DripDelayMilliSeconds>
2594
        <MaxConsecutiveFailures>500</MaxConsecutiveFailures>
2595
        <CustomNetworkLib>0</CustomNetworkLib>
2596
        <NetworkPreferredAuthScheme>npasDefault</NetworkPreferredAuthScheme>
2597
        <UseSecureProtocols>0</UseSecureProtocols>
2598
        <SecureProtocols>SSL3|TLS1</SecureProtocols>
2599
        <RASPScanDataSinkHost></RASPScanDataSinkHost>
2600
        <RASPScanKickoffRESTHost></RASPScanKickoffRESTHost>
2601
        <RASPScanKickoffRESTEndpoint>advise_rasp_of_scan</RASPScanKickoffRESTEndpoint>
2602
        <RASPTimeout>0:03:00</RASPTimeout>
2603
    </NetworkSettingsConfig>
2604
    <PerformanceConfig>
2605
        <MaxConcurrentRequests>16</MaxConcurrentRequests>
2606
        <MaxBandwidthKB>1200</MaxBandwidthKB>
2607
        <MaxBrowserReuseCount>10</MaxBrowserReuseCount>
2608
        <MaxBrowserMemorySize>209715200</MaxBrowserMemorySize>
2609
        <MaxCPUUsage>50</MaxCPUUsage>
2610
        <MemoryCeiling>2800</MemoryCeiling>
2611
        <MemoryCeiling64Bit>5600</MemoryCeiling64Bit>
2612
        <AntiDoS>0</AntiDoS>
2613
        <MonitorPerformanceUsage>1</MonitorPerformanceUsage>
2614
        <DumpUserProcessMemoryUsage>0</DumpUserProcessMemoryUsage>
2615
        <SingleThreadedScan>0</SingleThreadedScan>
2616
        <KillStrayIEInstances>0</KillStrayIEInstances>
2617
        <KillStrayChromeInstances>0</KillStrayChromeInstances>
2618
        <MinFreeDiskSpace>524288000</MinFreeDiskSpace>
2619
        <MaxMemoryUsagePercent>70</MaxMemoryUsagePercent>
2620
        <MaxThreadCount>400</MaxThreadCount>
2621
        <MaxBrowserProcessLifetime>240000</MaxBrowserProcessLifetime>
2622
        <MinDatabaseCompactInterval>900000</MinDatabaseCompactInterval>
2623
        <DatabaseCompactDuringScan>0</DatabaseCompactDuringScan>
2624
        <DatabaseCompactPostScan>0</DatabaseCompactPostScan>
2625
    </PerformanceConfig>
2626
    <SystemRecommendationsConfig>
2627
        <Enabled>1</Enabled>
2628
        <MinLogicalProcessors>2</MinLogicalProcessors>
2629
        <MinTotalPhysicalMemoryFor64Bit>4187593113</MinTotalPhysicalMemoryFor64Bit>
2630
        <MinAvailablePhysicalMemoryFor64Bit>2147483648</MinAvailablePhysicalMemoryFor64Bit>
2631
        <MinTotalPhysicalMemoryFor32Bit>2147483648</MinTotalPhysicalMemoryFor32Bit>
2632
        <MinAvailablePhysicalMemoryFor32Bit>1073741824</MinAvailablePhysicalMemoryFor32Bit>
2633
        <MinFreeDiskSpace>10737418240</MinFreeDiskSpace>
2634
    </SystemRecommendationsConfig>
2635
    <HTTPHeadersConfig>
2636
        <HttpProtocol>HTTP/1.1</HttpProtocol>
2637
        <Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept>
2638
        <AcceptCharset></AcceptCharset>
2639
        <AcceptEncoding>gzip, deflate</AcceptEncoding>
2640
        <AcceptLanguage>en-US</AcceptLanguage>
2641
        <Cookie></Cookie>
2642
        <UserAgent>Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117
2643
            Safari/537.36</UserAgent>
2644
        <OverwriteWithDefaultHeaders>0</OverwriteWithDefaultHeaders>
2645
        <TrafficHeaderList>
2646
            <TrafficHeader>
2647
                <Value>Authorization</Value>
2648
            </TrafficHeader>
2649
            <TrafficHeader>
2650
                <Value>X-XSRF-TOKEN</Value>
2651
            </TrafficHeader>
2652
            <TrafficHeader>
2653
                <Value>X-CSRF-Token</Value>
2654
            </TrafficHeader>
2655
        </TrafficHeaderList>
2656
    </HTTPHeadersConfig>
2657
    <ManualCrawlingConfig>
2658
    </ManualCrawlingConfig>
2659
    <ParameterTrainingConfig>
2660
        <FormPopulation>Smart</FormPopulation>
2661
        <TrainingParameterList>
2662
            <TrainingParameter>
2663
                <PatternName>Username</PatternName>
2664
                <Types>text,textarea</Types>
2665
                <Language>en</Language>
2666
                <Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match>
2667
                <Value>%RANDALPHANUM%</Value>
2668
                <ValueMatch></ValueMatch>
2669
                <MatchCriteria>Regex</MatchCriteria>
2670
            </TrainingParameter>
2671
            <TrainingParameter>
2672
                <PatternName>Password</PatternName>
2673
                <Types>password</Types>
2674
                <Language>en</Language>
2675
                <Match>password|passwd|pw|pwd</Match>
2676
                <Value>%RANDALPHANUM%$</Value>
2677
                <ValueMatch></ValueMatch>
2678
                <MatchCriteria>Regex</MatchCriteria>
2679
            </TrainingParameter>
2680
            <TrainingParameter>
2681
                <PatternName>Social Security Number</PatternName>
2682
                <Types>text,textarea,password</Types>
2683
                <Language>en</Language>
2684
                <Match>SSN|social|security</Match>
2685
                <Value>987-65-4320</Value>
2686
                <ValueMatch></ValueMatch>
2687
                <MatchCriteria>Regex</MatchCriteria>
2688
            </TrainingParameter>
2689
            <TrainingParameter>
2690
                <PatternName>Address</PatternName>
2691
                <Types>text,textarea</Types>
2692
                <Language>en</Language>
2693
                <Match>income</Match>
2694
                <Value>100000</Value>
2695
                <ValueMatch></ValueMatch>
2696
                <MatchCriteria>Regex</MatchCriteria>
2697
            </TrainingParameter>
2698
            <TrainingParameter>
2699
                <PatternName>Address</PatternName>
2700
                <Types>text,textarea</Types>
2701
                <Language>en</Language>
2702
                <Match>address|street</Match>
2703
                <Value>600 Fairy Land Drive</Value>
2704
                <ValueMatch></ValueMatch>
2705
                <MatchCriteria>Regex</MatchCriteria>
2706
            </TrainingParameter>
2707
            <TrainingParameter>
2708
                <PatternName>Apartment number</PatternName>
2709
                <Types>text,textarea</Types>
2710
                <Language>en</Language>
2711
                <Match>address|apartment|house</Match>
2712
                <Value>123</Value>
2713
                <ValueMatch></ValueMatch>
2714
                <MatchCriteria>Regex</MatchCriteria>
2715
            </TrainingParameter>
2716
            <TrainingParameter>
2717
                <PatternName>First name</PatternName>
2718
                <Types>text,textarea</Types>
2719
                <Language>en</Language>
2720
                <Match>name</Match>
2721
                <Value>John</Value>
2722
                <ValueMatch></ValueMatch>
2723
                <MatchCriteria>Regex</MatchCriteria>
2724
            </TrainingParameter>
2725
            <TrainingParameter>
2726
                <PatternName>Last name</PatternName>
2727
                <Types>text,textarea</Types>
2728
                <Language>en</Language>
2729
                <Match>last[:space:]*name|surname</Match>
2730
                <Value>Johnson</Value>
2731
                <ValueMatch></ValueMatch>
2732
                <MatchCriteria>Regex</MatchCriteria>
2733
            </TrainingParameter>
2734
            <TrainingParameter>
2735
                <PatternName>Full name</PatternName>
2736
                <Types>text,textarea</Types>
2737
                <Language>en</Language>
2738
                <Match>(your|full)[:space:]+name|name</Match>
2739
                <Value>John Johnson</Value>
2740
                <ValueMatch></ValueMatch>
2741
                <MatchCriteria>Regex</MatchCriteria>
2742
            </TrainingParameter>
2743
            <TrainingParameter>
2744
                <PatternName>User Signature</PatternName>
2745
                <Types>text,textarea</Types>
2746
                <Language>en</Language>
2747
                <Match>signature</Match>
2748
                <Value>John Johnson</Value>
2749
                <ValueMatch></ValueMatch>
2750
                <MatchCriteria>Regex</MatchCriteria>
2751
            </TrainingParameter>
2752
            <TrainingParameter>
2753
                <PatternName>Middle name</PatternName>
2754
                <Types>text,textarea</Types>
2755
                <Language>en</Language>
2756
                <Match>middle[:space:]+name</Match>
2757
                <Value>L</Value>
2758
                <ValueMatch></ValueMatch>
2759
                <MatchCriteria>Regex</MatchCriteria>
2760
            </TrainingParameter>
2761
            <TrainingParameter>
2762
                <PatternName>City</PatternName>
2763
                <Types>text,textarea</Types>
2764
                <Language>en</Language>
2765
                <Match>city|town</Match>
2766
                <Value>Costa Mesa</Value>
2767
                <ValueMatch></ValueMatch>
2768
                <MatchCriteria>Regex</MatchCriteria>
2769
            </TrainingParameter>
2770
            <TrainingParameter>
2771
                <PatternName>County</PatternName>
2772
                <Types>text,textarea</Types>
2773
                <Language>en</Language>
2774
                <Match>county</Match>
2775
                <Value>Orange</Value>
2776
                <ValueMatch></ValueMatch>
2777
                <MatchCriteria>Regex</MatchCriteria>
2778
            </TrainingParameter>
2779
            <TrainingParameter>
2780
                <PatternName>State</PatternName>
2781
                <Types>text,textarea</Types>
2782
                <Language>en</Language>
2783
                <Match>state</Match>
2784
                <Value>CA</Value>
2785
                <ValueMatch></ValueMatch>
2786
                <MatchCriteria>Regex</MatchCriteria>
2787
            </TrainingParameter>
2788
            <TrainingParameter>
2789
                <PatternName>Zip code</PatternName>
2790
                <Types>text,textarea</Types>
2791
                <Language>en</Language>
2792
                <Match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</Match>
2793
                <Value>92626</Value>
2794
                <ValueMatch></ValueMatch>
2795
                <MatchCriteria>Regex</MatchCriteria>
2796
            </TrainingParameter>
2797
            <TrainingParameter>
2798
                <PatternName>Country</PatternName>
2799
                <Types>text,textarea,select</Types>
2800
                <Language>en</Language>
2801
                <Match>united[:space:]*states|country</Match>
2802
                <Value>US</Value>
2803
                <ValueMatch>us</ValueMatch>
2804
                <MatchCriteria>Regex</MatchCriteria>
2805
            </TrainingParameter>
2806
            <TrainingParameter>
2807
                <PatternName>Phone number</PatternName>
2808
                <Types>text,textarea</Types>
2809
                <Language>en</Language>
2810
                <Match>tele[:space:]*phone|fax|phone</Match>
2811
                <Value>123-456-7890</Value>
2812
                <ValueMatch></ValueMatch>
2813
                <MatchCriteria>Regex</MatchCriteria>
2814
            </TrainingParameter>
2815
            <TrainingParameter>
2816
                <PatternName>Phone area code</PatternName>
2817
                <Types>text,textarea</Types>
2818
                <Language>en</Language>
2819
                <Match>area[:space:]+code</Match>
2820
                <Value>123</Value>
2821
                <ValueMatch></ValueMatch>
2822
                <MatchCriteria>Regex</MatchCriteria>
2823
            </TrainingParameter>
2824
            <TrainingParameter>
2825
                <PatternName>Company name</PatternName>
2826
                <Types>text,textarea</Types>
2827
                <Language>en</Language>
2828
                <Match>company|employer|organization</Match>
2829
                <Value>Example</Value>
2830
                <ValueMatch></ValueMatch>
2831
                <MatchCriteria>Regex</MatchCriteria>
2832
            </TrainingParameter>
2833
            <TrainingParameter>
2834
                <PatternName>Email</PatternName>
2835
                <Types>text,textarea</Types>
2836
                <Language>en</Language>
2837
                <Match>e[-_]?mail([-_]?address)?</Match>
2838
                <Value>a%RANDALPHANUM%@example.com</Value>
2839
                <ValueMatch></ValueMatch>
2840
                <MatchCriteria>Regex</MatchCriteria>
2841
            </TrainingParameter>
2842
            <TrainingParameter>
2843
                <PatternName>Birthday</PatternName>
2844
                <Types>text,textarea</Types>
2845
                <Language>en</Language>
2846
                <Match>birth[:space:]day|birth</Match>
2847
                <Value>12/25/1975</Value>
2848
                <ValueMatch></ValueMatch>
2849
                <MatchCriteria>Regex</MatchCriteria>
2850
            </TrainingParameter>
2851
            <TrainingParameter>
2852
                <PatternName>Day</PatternName>
2853
                <Types>text,textarea,select</Types>
2854
                <Language>en</Language>
2855
                <Match>dd|day</Match>
2856
                <Value>25</Value>
2857
                <ValueMatch>25</ValueMatch>
2858
                <MatchCriteria>Regex</MatchCriteria>
2859
            </TrainingParameter>
2860
            <TrainingParameter>
2861
                <PatternName>Month</PatternName>
2862
                <Types>text,textarea,select</Types>
2863
                <Language>en</Language>
2864
                <Match>mm|month</Match>
2865
                <Value>12</Value>
2866
                <ValueMatch>12|dec|d</ValueMatch>
2867
                <MatchCriteria>Regex</MatchCriteria>
2868
            </TrainingParameter>
2869
            <TrainingParameter>
2870
                <PatternName>FutureYear</PatternName>
2871
                <Types>text,textarea,select</Types>
2872
                <Language>en</Language>
2873
                <Match>2015|2016|2017</Match>
2874
                <Value>2016</Value>
2875
                <ValueMatch>2015|2016|2017</ValueMatch>
2876
                <MatchCriteria>Regex</MatchCriteria>
2877
            </TrainingParameter>
2878
            <TrainingParameter>
2879
                <PatternName>BirthYear</PatternName>
2880
                <Types>text,textarea,select</Types>
2881
                <Language>en</Language>
2882
                <Match>yyyy|year|1975|1970|1960|1950</Match>
2883
                <Value></Value>
2884
                <ValueMatch>1975|1970|1960|1950</ValueMatch>
2885
                <MatchCriteria>Regex</MatchCriteria>
2886
            </TrainingParameter>
2887
            <TrainingParameter>
2888
                <PatternName>Past Date mm/dd/yyyy</PatternName>
2889
                <Types>text,textarea</Types>
2890
                <Language>en</Language>
2891
                <Match>(start|from)[-\s_]*date</Match>
2892
                <Value>02/02/2003</Value>
2893
                <ValueMatch></ValueMatch>
2894
                <MatchCriteria>Regex</MatchCriteria>
2895
            </TrainingParameter>
2896
            <TrainingParameter>
2897
                <PatternName>Future Date mm/dd/yy</PatternName>
2898
                <Types>text,textarea</Types>
2899
                <Language>en</Language>
2900
                <Match>mm/dd/yy</Match>
2901
                <Value>02/02/15</Value>
2902
                <ValueMatch></ValueMatch>
2903
                <MatchCriteria>Regex</MatchCriteria>
2904
            </TrainingParameter>
2905
            <TrainingParameter>
2906
                <PatternName>Future Date mm/dd/yyyy</PatternName>
2907
                <Types>text,textarea</Types>
2908
                <Language>en</Language>
2909
                <Match>
2910
                    mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\s_]*date
2911
                </Match>
2912
                <Value>02/02/2015</Value>
2913
                <ValueMatch></ValueMatch>
2914
                <MatchCriteria>Regex</MatchCriteria>
2915
            </TrainingParameter>
2916
            <TrainingParameter>
2917
                <PatternName>Old password</PatternName>
2918
                <Types>password</Types>
2919
                <Language>en</Language>
2920
                <Match>old[:space:]+password</Match>
2921
                <Value>%RANDALPHANUM%1'</Value>
2922
                <ValueMatch></ValueMatch>
2923
                <MatchCriteria>Regex</MatchCriteria>
2924
            </TrainingParameter>
2925
            <TrainingParameter>
2926
                <PatternName>Accept terms</PatternName>
2927
                <Types>checkbox,radio</Types>
2928
                <Language>en</Language>
2929
                <Match>
2930
                    <![CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]>
2931
                </Match>
2932
                <Value></Value>
2933
                <ValueMatch>yes|1|on|true</ValueMatch>
2934
                <MatchCriteria>Regex</MatchCriteria>
2935
            </TrainingParameter>
2936
            <TrainingParameter>
2937
                <PatternName>Save login</PatternName>
2938
                <Types>checkbox,radio,select</Types>
2939
                <Language>en</Language>
2940
                <Match>save|remember</Match>
2941
                <Value></Value>
2942
                <ValueMatch>yes|1|on|true</ValueMatch>
2943
                <MatchCriteria>Regex</MatchCriteria>
2944
            </TrainingParameter>
2945
            <TrainingParameter>
2946
                <PatternName>Remove item</PatternName>
2947
                <Types>checkbox,radio</Types>
2948
                <Language>en</Language>
2949
                <Match>remove|delete</Match>
2950
                <Value></Value>
2951
                <ValueMatch></ValueMatch>
2952
                <MatchCriteria>Regex</MatchCriteria>
2953
            </TrainingParameter>
2954
            <TrainingParameter>
2955
                <PatternName>Search</PatternName>
2956
                <Types>text,textarea</Types>
2957
                <Language>en</Language>
2958
                <Match>keyword|search|query</Match>
2959
                <Value>water</Value>
2960
                <ValueMatch></ValueMatch>
2961
                <MatchCriteria>Regex</MatchCriteria>
2962
            </TrainingParameter>
2963
            <TrainingParameter>
2964
                <PatternName>Quantity</PatternName>
2965
                <Types>text,textarea,select</Types>
2966
                <Language>en</Language>
2967
                <Match>quantity|amount|number|qty|num</Match>
2968
                <Value>3</Value>
2969
                <ValueMatch></ValueMatch>
2970
                <MatchCriteria>Regex</MatchCriteria>
2971
            </TrainingParameter>
2972
            <TrainingParameter>
2973
                <PatternName>Number</PatternName>
2974
                <Types>text,textarea</Types>
2975
                <Language>en</Language>
2976
                <Match>number|count|nmr|cnt|rate|decimal|digit</Match>
2977
                <Value>21</Value>
2978
                <ValueMatch></ValueMatch>
2979
                <MatchCriteria>Regex</MatchCriteria>
2980
            </TrainingParameter>
2981
            <TrainingParameter>
2982
                <PatternName>Account Number</PatternName>
2983
                <Types>text,textarea,select,radio,checkbox</Types>
2984
                <Language>en</Language>
2985
                <Match>account</Match>
2986
                <Value>20</Value>
2987
                <ValueMatch></ValueMatch>
2988
                <MatchCriteria>Regex</MatchCriteria>
2989
            </TrainingParameter>
2990
            <TrainingParameter>
2991
                <PatternName>Shipping method</PatternName>
2992
                <Types>select,radio,checkbox</Types>
2993
                <Language>en</Language>
2994
                <Match>shipping|fedex|standard|ups</Match>
2995
                <Value></Value>
2996
                <ValueMatch>fedex|standard|ups</ValueMatch>
2997
                <MatchCriteria>Regex</MatchCriteria>
2998
            </TrainingParameter>
2999
            <TrainingParameter>
3000
                <PatternName>Gift</PatternName>
3001
                <Types>checkbox</Types>
3002
                <Language>en</Language>
3003
                <Match>gift</Match>
3004
                <Value></Value>
3005
                <ValueMatch>yes|1|on|true</ValueMatch>
3006
                <MatchCriteria>Regex</MatchCriteria>
3007
            </TrainingParameter>
3008
            <TrainingParameter>
3009
                <PatternName>Credit card number</PatternName>
3010
                <Types>text,textarea,password</Types>
3011
                <Language>en</Language>
3012
                <Match>credit[:space:]*card|card[:space:]*number</Match>
3013
                <Value>5105105105105100</Value>
3014
                <ValueMatch></ValueMatch>
3015
                <MatchCriteria>Regex</MatchCriteria>
3016
            </TrainingParameter>
3017
            <TrainingParameter>
3018
                <PatternName>Credit card type</PatternName>
3019
                <Types>select,checkbox,radio</Types>
3020
                <Language>en</Language>
3021
                <Match>
3022
                    master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex
3023
                </Match>
3024
                <Value></Value>
3025
                <ValueMatch></ValueMatch>
3026
                <MatchCriteria>Regex</MatchCriteria>
3027
            </TrainingParameter>
3028
            <TrainingParameter>
3029
                <PatternName>Credit card security code</PatternName>
3030
                <Types>text,textarea,password</Types>
3031
                <Language>en</Language>
3032
                <Match>security[:space:]*code|verification[:space:]*number</Match>
3033
                <Value>123</Value>
3034
                <ValueMatch></ValueMatch>
3035
                <MatchCriteria>Regex</MatchCriteria>
3036
            </TrainingParameter>
3037
            <TrainingParameter>
3038
                <PatternName>PIN</PatternName>
3039
                <Types>text,textarea,password</Types>
3040
                <Language>en</Language>
3041
                <Match>PIN</Match>
3042
                <Value>1234</Value>
3043
                <ValueMatch></ValueMatch>
3044
                <MatchCriteria>Regex</MatchCriteria>
3045
            </TrainingParameter>
3046
            <TrainingParameter>
3047
                <PatternName>CAPTCHA</PatternName>
3048
                <Types>text,textarea</Types>
3049
                <Language>en</Language>
3050
                <Match>code[:space:]*shown|captcha</Match>
3051
                <Value>%RANDALPHANUM%</Value>
3052
                <ValueMatch></ValueMatch>
3053
                <MatchCriteria>Regex</MatchCriteria>
3054
            </TrainingParameter>
3055
            <TrainingParameter>
3056
                <PatternName>Size</PatternName>
3057
                <Types>select</Types>
3058
                <Language>en</Language>
3059
                <Match>size|xxl</Match>
3060
                <Value></Value>
3061
                <ValueMatch>(\b(m|s|42)\b</ValueMatch>
3062
                <MatchCriteria>Regex</MatchCriteria>
3063
            </TrainingParameter>
3064
            <TrainingParameter>
3065
                <PatternName>Color</PatternName>
3066
                <Types>select</Types>
3067
                <Language>en</Language>
3068
                <Match>\b(color|red|black)\b</Match>
3069
                <Value>Blue</Value>
3070
                <ValueMatch>\b(blue|red|black)\b</ValueMatch>
3071
                <MatchCriteria>Regex</MatchCriteria>
3072
            </TrainingParameter>
3073
            <TrainingParameter>
3074
                <PatternName>Price</PatternName>
3075
                <Types>text,textare</Types>
3076
                <Language>en</Language>
3077
                <Match>price</Match>
3078
                <Value>20</Value>
3079
                <ValueMatch></ValueMatch>
3080
                <MatchCriteria>Regex</MatchCriteria>
3081
            </TrainingParameter>
3082
            <TrainingParameter>
3083
                <PatternName>Attention</PatternName>
3084
                <Types>text,textare</Types>
3085
                <Language>en</Language>
3086
                <Match>attention</Match>
3087
                <Value>John</Value>
3088
                <ValueMatch></ValueMatch>
3089
                <MatchCriteria>Regex</MatchCriteria>
3090
            </TrainingParameter>
3091
            <TrainingParameter>
3092
                <PatternName>Gender</PatternName>
3093
                <Types>select,radio</Types>
3094
                <Language>en</Language>
3095
                <Match>gender|male|female</Match>
3096
                <Value>male</Value>
3097
                <ValueMatch>\b(male|m|f)\b</ValueMatch>
3098
                <MatchCriteria>Regex</MatchCriteria>
3099
            </TrainingParameter>
3100
            <TrainingParameter>
3101
                <PatternName>Legal age</PatternName>
3102
                <Types>checkbox,radio</Types>
3103
                <Language>en</Language>
3104
                <Match>legal|\d\d[:space:]*years[:space:]*old</Match>
3105
                <Value>yes</Value>
3106
                <ValueMatch>\b(on|1|yes|true)\b</ValueMatch>
3107
                <MatchCriteria>Regex</MatchCriteria>
3108
            </TrainingParameter>
3109
            <TrainingParameter>
3110
                <PatternName>Coupon code</PatternName>
3111
                <Types>text,textarea</Types>
3112
                <Language>en</Language>
3113
                <Match>promotion|coupon</Match>
3114
                <Value>%RANDALPHANUM%</Value>
3115
                <ValueMatch></ValueMatch>
3116
                <MatchCriteria>Regex</MatchCriteria>
3117
            </TrainingParameter>
3118
            <TrainingParameter>
3119
                <PatternName>Send message</PatternName>
3120
                <Types>text,textarea</Types>
3121
                <Language>en</Language>
3122
                <Match>message|comment|complain|enquiry|review</Match>
3123
                <Value>comment</Value>
3124
                <ValueMatch></ValueMatch>
3125
                <MatchCriteria>Regex</MatchCriteria>
3126
            </TrainingParameter>
3127
            <TrainingParameter>
3128
                <PatternName>Existing user</PatternName>
3129
                <Types>checkbox,radio</Types>
3130
                <Language>en</Language>
3131
                <Match>returning|existing|customer</Match>
3132
                <Value></Value>
3133
                <ValueMatch>\b(on|1|yes|true)\b</ValueMatch>
3134
                <MatchCriteria>Regex</MatchCriteria>
3135
            </TrainingParameter>
3136
            <TrainingParameter>
3137
                <PatternName>Age</PatternName>
3138
                <Types>text,textarea</Types>
3139
                <Language>en</Language>
3140
                <Match>age|under|over</Match>
3141
                <Value>40</Value>
3142
                <ValueMatch></ValueMatch>
3143
                <MatchCriteria>Regex</MatchCriteria>
3144
            </TrainingParameter>
3145
            <TrainingParameter>
3146
                <PatternName>Passphrase Hint</PatternName>
3147
                <Types>text,textarea</Types>
3148
                <Language>en</Language>
3149
                <Match>What make|pet's name|your father|high school|friend</Match>
3150
                <Value>What make was your first car?</Value>
3151
                <ValueMatch></ValueMatch>
3152
                <MatchCriteria>Regex</MatchCriteria>
3153
            </TrainingParameter>
3154
            <TrainingParameter>
3155
                <PatternName>Passphrase Hint Answer</PatternName>
3156
                <Types>text,textarea</Types>
3157
                <Language>en</Language>
3158
                <Match>Answer</Match>
3159
                <Value>Ford</Value>
3160
                <ValueMatch></ValueMatch>
3161
                <MatchCriteria>Regex</MatchCriteria>
3162
            </TrainingParameter>
3163
            <TrainingParameter>
3164
                <PatternName>Doctor name</PatternName>
3165
                <Types>text,textarea</Types>
3166
                <Language>en</Language>
3167
                <Match>doctor</Match>
3168
                <Value>John Johnson</Value>
3169
                <ValueMatch></ValueMatch>
3170
                <MatchCriteria>Regex</MatchCriteria>
3171
            </TrainingParameter>
3172
            <TrainingParameter>
3173
                <PatternName>Website</PatternName>
3174
                <Types>text,textarea</Types>
3175
                <Language>en</Language>
3176
                <Match>website</Match>
3177
                <Value>www.example.com</Value>
3178
                <ValueMatch></ValueMatch>
3179
                <MatchCriteria>Regex</MatchCriteria>
3180
            </TrainingParameter>
3181
            <TrainingParameter>
3182
                <PatternName>Address</PatternName>
3183
                <Types>text,textarea</Types>
3184
                <Language>de</Language>
3185
                <Match>adresse|strasse</Match>
3186
                <Value>600 Fairy Land Drive</Value>
3187
                <ValueMatch></ValueMatch>
3188
                <MatchCriteria>Regex</MatchCriteria>
3189
            </TrainingParameter>
3190
            <TrainingParameter>
3191
                <PatternName>Apartment number</PatternName>
3192
                <Types>text,textarea</Types>
3193
                <Language>de</Language>
3194
                <Match>adresse|wohnung|haus</Match>
3195
                <Value>123</Value>
3196
                <ValueMatch></ValueMatch>
3197
                <MatchCriteria>Regex</MatchCriteria>
3198
            </TrainingParameter>
3199
            <TrainingParameter>
3200
                <PatternName>First name</PatternName>
3201
                <Types>text,textarea</Types>
3202
                <Language>de</Language>
3203
                <Match>name</Match>
3204
                <Value>John</Value>
3205
                <ValueMatch></ValueMatch>
3206
                <MatchCriteria>Regex</MatchCriteria>
3207
            </TrainingParameter>
3208
            <TrainingParameter>
3209
                <PatternName>Last name</PatternName>
3210
                <Types>text,textarea</Types>
3211
                <Language>de</Language>
3212
                <Match>vorname|name</Match>
3213
                <Value>Johnson</Value>
3214
                <ValueMatch></ValueMatch>
3215
                <MatchCriteria>Regex</MatchCriteria>
3216
            </TrainingParameter>
3217
            <TrainingParameter>
3218
                <PatternName>Full name</PatternName>
3219
                <Types>text,textarea</Types>
3220
                <Language>de</Language>
3221
                <Match>ihren namen|name</Match>
3222
                <Value>John Johnson</Value>
3223
                <ValueMatch></ValueMatch>
3224
                <MatchCriteria>Regex</MatchCriteria>
3225
            </TrainingParameter>
3226
            <TrainingParameter>
3227
                <PatternName>User Signature</PatternName>
3228
                <Types>text,textarea</Types>
3229
                <Language>de</Language>
3230
                <Match>unterschrift</Match>
3231
                <Value>John Johnson</Value>
3232
                <ValueMatch></ValueMatch>
3233
                <MatchCriteria>Regex</MatchCriteria>
3234
            </TrainingParameter>
3235
            <TrainingParameter>
3236
                <PatternName>City</PatternName>
3237
                <Types>text,textarea</Types>
3238
                <Language>de</Language>
3239
                <Match>stadt|stadt</Match>
3240
                <Value>Berlin</Value>
3241
                <ValueMatch></ValueMatch>
3242
                <MatchCriteria>Regex</MatchCriteria>
3243
            </TrainingParameter>
3244
            <TrainingParameter>
3245
                <PatternName>Regierungsbezirke</PatternName>
3246
                <Types>text,textarea</Types>
3247
                <Language>de</Language>
3248
                <Match>regierungsbezirke</Match>
3249
                <Value>Berlin</Value>
3250
                <ValueMatch></ValueMatch>
3251
                <MatchCriteria>Regex</MatchCriteria>
3252
            </TrainingParameter>
3253
            <TrainingParameter>
3254
                <PatternName>Zip code</PatternName>
3255
                <Types>text,textarea</Types>
3256
                <Language>de</Language>
3257
                <Match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</Match>
3258
                <Value>10115</Value>
3259
                <ValueMatch></ValueMatch>
3260
                <MatchCriteria>Regex</MatchCriteria>
3261
            </TrainingParameter>
3262
            <TrainingParameter>
3263
                <PatternName>Country</PatternName>
3264
                <Types>text,textarea</Types>
3265
                <Language>de</Language>
3266
                <Match>\b(deutschland|land)\b</Match>
3267
                <Value>DE</Value>
3268
                <ValueMatch>\bDE\b</ValueMatch>
3269
                <MatchCriteria>Regex</MatchCriteria>
3270
            </TrainingParameter>
3271
            <TrainingParameter>
3272
                <PatternName>Phone number</PatternName>
3273
                <Types>text,textarea</Types>
3274
                <Language>de</Language>
3275
                <Match>telefon|telefon|fax</Match>
3276
                <Value>(1234) 567890</Value>
3277
                <ValueMatch></ValueMatch>
3278
                <MatchCriteria>Regex</MatchCriteria>
3279
            </TrainingParameter>
3280
            <TrainingParameter>
3281
                <PatternName>Phone area code</PatternName>
3282
                <Types>text,textarea</Types>
3283
                <Language>de</Language>
3284
                <Match>vorwahl</Match>
3285
                <Value>123</Value>
3286
                <ValueMatch></ValueMatch>
3287
                <MatchCriteria>Regex</MatchCriteria>
3288
            </TrainingParameter>
3289
            <TrainingParameter>
3290
                <PatternName>Company name</PatternName>
3291
                <Types>text,textarea</Types>
3292
                <Language>de</Language>
3293
                <Match>unternehmen|arbeitgeber|organisation</Match>
3294
                <Value>Example</Value>
3295
                <ValueMatch></ValueMatch>
3296
                <MatchCriteria>Regex</MatchCriteria>
3297
            </TrainingParameter>
3298
            <TrainingParameter>
3299
                <PatternName>Email</PatternName>
3300
                <Types>text,textarea</Types>
3301
                <Language>de</Language>
3302
                <Match>E[-_]Mailadresse|email|E[-_]Mail</Match>
3303
                <Value>a%RANDALPHANUM%@example.com</Value>
3304
                <ValueMatch></ValueMatch>
3305
                <MatchCriteria>Regex</MatchCriteria>
3306
            </TrainingParameter>
3307
            <TrainingParameter>
3308
                <PatternName>Birthday</PatternName>
3309
                <Types>text,textarea</Types>
3310
                <Language>de</Language>
3311
                <Match>geburtstag|geburt</Match>
3312
                <Value>12/25/1975</Value>
3313
                <ValueMatch></ValueMatch>
3314
                <MatchCriteria>Regex</MatchCriteria>
3315
            </TrainingParameter>
3316
            <TrainingParameter>
3317
                <PatternName>Day</PatternName>
3318
                <Types>text,textarea</Types>
3319
                <Language>de</Language>
3320
                <Match>tag</Match>
3321
                <Value>25</Value>
3322
                <ValueMatch></ValueMatch>
3323
                <MatchCriteria>Regex</MatchCriteria>
3324
            </TrainingParameter>
3325
            <TrainingParameter>
3326
                <PatternName>Month</PatternName>
3327
                <Types>text,textarea</Types>
3328
                <Language>de</Language>
3329
                <Match>monat</Match>
3330
                <Value>12</Value>
3331
                <ValueMatch></ValueMatch>
3332
                <MatchCriteria>Regex</MatchCriteria>
3333
            </TrainingParameter>
3334
            <TrainingParameter>
3335
                <PatternName>Year</PatternName>
3336
                <Types>text,textarea</Types>
3337
                <Language>de</Language>
3338
                <Match>Jahr</Match>
3339
                <Value>2007</Value>
3340
                <ValueMatch></ValueMatch>
3341
                <MatchCriteria>Regex</MatchCriteria>
3342
            </TrainingParameter>
3343
            <TrainingParameter>
3344
                <PatternName>BirthYear</PatternName>
3345
                <Types>text,textarea</Types>
3346
                <Language>de</Language>
3347
                <Match>Jahr|1975|1970|1960|1950</Match>
3348
                <Value>1975</Value>
3349
                <ValueMatch></ValueMatch>
3350
                <MatchCriteria>Regex</MatchCriteria>
3351
            </TrainingParameter>
3352
            <TrainingParameter>
3353
                <PatternName>Past Date mm/dd/yy</PatternName>
3354
                <Types>text,textarea</Types>
3355
                <Language>de</Language>
3356
                <Match>Datum|d.m.yyyy|dd.mm.yyyy</Match>
3357
                <Value>02.02.03</Value>
3358
                <ValueMatch></ValueMatch>
3359
                <MatchCriteria>Regex</MatchCriteria>
3360
            </TrainingParameter>
3361
            <TrainingParameter>
3362
                <PatternName>Past Date mm/dd/yyyy</PatternName>
3363
                <Types>text,textarea</Types>
3364
                <Language>de</Language>
3365
                <Match>Datum|mm/dd/yyyy</Match>
3366
                <Value>02/02/2003</Value>
3367
                <ValueMatch></ValueMatch>
3368
                <MatchCriteria>Regex</MatchCriteria>
3369
            </TrainingParameter>
3370
            <TrainingParameter>
3371
                <PatternName>Future Date mm/dd/yy</PatternName>
3372
                <Types>text,textarea</Types>
3373
                <Language>de</Language>
3374
                <Match>
3375
                    MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==
3376
                </Match>
3377
                <Value>02/02/11</Value>
3378
                <ValueMatch></ValueMatch>
3379
                <MatchCriteria>Regex</MatchCriteria>
3380
            </TrainingParameter>
3381
            <TrainingParameter>
3382
                <PatternName>Future Date mm/dd/yyyy</PatternName>
3383
                <Types>text,textarea</Types>
3384
                <Language>de</Language>
3385
                <Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5
3386
                </Match>
3387
                <Value>02/02/2011</Value>
3388
                <ValueMatch></ValueMatch>
3389
                <MatchCriteria>Regex</MatchCriteria>
3390
            </TrainingParameter>
3391
            <TrainingParameter>
3392
                <PatternName>Username</PatternName>
3393
                <Types>text,textarea</Types>
3394
                <Language>de</Language>
3395
                <Match>Benutzername|Mitgliedsnamen|Benutzer</Match>
3396
                <Value>%RANDALPHANUM%</Value>
3397
                <ValueMatch></ValueMatch>
3398
                <MatchCriteria>Regex</MatchCriteria>
3399
            </TrainingParameter>
3400
            <TrainingParameter>
3401
                <PatternName>Password</PatternName>
3402
                <Types>password</Types>
3403
                <Language>de</Language>
3404
                <Match>password|passwort|passwd</Match>
3405
                <Value>%RANDALPHANUM%1'</Value>
3406
                <ValueMatch></ValueMatch>
3407
                <MatchCriteria>Regex</MatchCriteria>
3408
            </TrainingParameter>
3409
            <TrainingParameter>
3410
                <PatternName>Old password</PatternName>
3411
                <Types>password</Types>
3412
                <Language>de</Language>
3413
                <Match>alte[:space:]passwort</Match>
3414
                <Value>%RANDALPHANUM%1'</Value>
3415
                <ValueMatch></ValueMatch>
3416
                <MatchCriteria>Regex</MatchCriteria>
3417
            </TrainingParameter>
3418
            <TrainingParameter>
3419
                <PatternName>Accept terms</PatternName>
3420
                <Types>checkbox,radio</Types>
3421
                <Language>de</Language>
3422
                <Match>Ich habe gelesen und akzeptiere|Ich habe gelesen und
3423
                    akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</Match>
3424
                <Value></Value>
3425
                <ValueMatch>yes|1|on|true</ValueMatch>
3426
                <MatchCriteria>Regex</MatchCriteria>
3427
            </TrainingParameter>
3428
            <TrainingParameter>
3429
                <PatternName>Remove item</PatternName>
3430
                <Types>checkbox,radio</Types>
3431
                <Language>de</Language>
3432
                <Match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</Match>
3433
                <Value></Value>
3434
                <ValueMatch>yes|1|on|true</ValueMatch>
3435
                <MatchCriteria>Regex</MatchCriteria>
3436
            </TrainingParameter>
3437
            <TrainingParameter>
3438
                <PatternName>Search</PatternName>
3439
                <Types>text,textarea</Types>
3440
                <Language>de</Language>
3441
                <Match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</Match>
3442
                <Value>water</Value>
3443
                <ValueMatch></ValueMatch>
3444
                <MatchCriteria>Regex</MatchCriteria>
3445
            </TrainingParameter>
3446
            <TrainingParameter>
3447
                <PatternName>Quantity</PatternName>
3448
                <Types>text,textarea</Types>
3449
                <Language>de</Language>
3450
                <Match>qty|Menge|Betrag|Anzahl</Match>
3451
                <Value>3</Value>
3452
                <ValueMatch></ValueMatch>
3453
                <MatchCriteria>Regex</MatchCriteria>
3454
            </TrainingParameter>
3455
            <TrainingParameter>
3456
                <PatternName>Number</PatternName>
3457
                <Types>text,textarea</Types>
3458
                <Language>de</Language>
3459
                <Match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</Match>
3460
                <Value>21</Value>
3461
                <ValueMatch></ValueMatch>
3462
                <MatchCriteria>Regex</MatchCriteria>
3463
            </TrainingParameter>
3464
            <TrainingParameter>
3465
                <PatternName>Account Number</PatternName>
3466
                <Types>text,textarea</Types>
3467
                <Language>de</Language>
3468
                <Match>Konto</Match>
3469
                <Value>3456</Value>
3470
                <ValueMatch></ValueMatch>
3471
                <MatchCriteria>Regex</MatchCriteria>
3472
            </TrainingParameter>
3473
            <TrainingParameter>
3474
                <PatternName>Shipping method</PatternName>
3475
                <Types>select</Types>
3476
                <Language>de</Language>
3477
                <Match>Versand</Match>
3478
                <Value></Value>
3479
                <ValueMatch></ValueMatch>
3480
                <MatchCriteria>Regex</MatchCriteria>
3481
            </TrainingParameter>
3482
            <TrainingParameter>
3483
                <PatternName>Gift</PatternName>
3484
                <Types>text,textarea</Types>
3485
                <Language>de</Language>
3486
                <Match>Geschenk</Match>
3487
                <Value></Value>
3488
                <ValueMatch></ValueMatch>
3489
                <MatchCriteria>Regex</MatchCriteria>
3490
            </TrainingParameter>
3491
            <TrainingParameter>
3492
                <PatternName>Credit card number</PatternName>
3493
                <Types>text,textarea</Types>
3494
                <Language>de</Language>
3495
                <Match>Kreditkarte|Kredit|Kartennummer</Match>
3496
                <Value>5105105105105100</Value>
3497
                <ValueMatch></ValueMatch>
3498
                <MatchCriteria>Regex</MatchCriteria>
3499
            </TrainingParameter>
3500
            <TrainingParameter>
3501
                <PatternName>Credit card type</PatternName>
3502
                <Types>text,textarea</Types>
3503
                <Language>de</Language>
3504
                <Match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</Match>
3505
                <Value></Value>
3506
                <ValueMatch>Master</ValueMatch>
3507
                <MatchCriteria>Regex</MatchCriteria>
3508
            </TrainingParameter>
3509
            <TrainingParameter>
3510
                <PatternName>Credit card security code</PatternName>
3511
                <Types>text,textarea</Types>
3512
                <Language>de</Language>
3513
                <Match>MJPYBZHSWwshWRRFSGWAGES3JlZGl0fFNpY2hlcmhlaXRzLUNvZGV8UHLDvGZudW1tZXI=</Match>
3514
                <Value>123</Value>
3515
                <ValueMatch></ValueMatch>
3516
                <MatchCriteria>Regex</MatchCriteria>
3517
            </TrainingParameter>
3518
            <TrainingParameter>
3519
                <PatternName>CAPTCHA</PatternName>
3520
                <Types>text,textarea</Types>
3521
                <Language>de</Language>
3522
                <Match>captcha</Match>
3523
                <Value>[%RANDALPHANUM%</Value>
3524
                <ValueMatch></ValueMatch>
3525
                <MatchCriteria>Regex</MatchCriteria>
3526
            </TrainingParameter>
3527
            <TrainingParameter>
3528
                <PatternName>Back button</PatternName>
3529
                <Types>button,image,submit</Types>
3530
                <Language>de</Language>
3531
                <Match>MJPYBZHSWwshWRRFSGWAGEenVyw7xja3xyZXR1cm58c3Rvcm5pZXJlbnx2b3JoZXJpZ2V8d2VpdGVyIGVpbmthdWZlbg==
3532
                </Match>
3533
                <Value></Value>
3534
                <ValueMatch></ValueMatch>
3535
                <MatchCriteria>Regex</MatchCriteria>
3536
            </TrainingParameter>
3537
            <TrainingParameter>
3538
                <PatternName>Logout button</PatternName>
3539
                <Types>button,image,submi</Types>
3540
                <Language>de</Language>
3541
                <Match>Abmeldung|Abmeldung|ausloggen|(sign|log)-?(off|out)</Match>
3542
                <Value></Value>
3543
                <ValueMatch></ValueMatch>
3544
                <MatchCriteria>Regex</MatchCriteria>
3545
            </TrainingParameter>
3546
            <TrainingParameter>
3547
                <PatternName>Login button</PatternName>
3548
                <Types>button,image,submi</Types>
3549
                <Language>de</Language>
3550
                <Match>(log|sign)-?in</Match>
3551
                <Value></Value>
3552
                <ValueMatch></ValueMatch>
3553
                <MatchCriteria>Regex</MatchCriteria>
3554
            </TrainingParameter>
3555
            <TrainingParameter>
3556
                <PatternName>Size</PatternName>
3557
                <Types>select</Types>
3558
                <Language>de</Language>
3559
                <Match>MJPYBZHSWwshWRRFSGWAGER3LDtnNzZXxYWEw=</Match>
3560
                <Value>m</Value>
3561
                <ValueMatch>m|s|42</ValueMatch>
3562
                <MatchCriteria>Regex</MatchCriteria>
3563
            </TrainingParameter>
3564
            <TrainingParameter>
3565
                <PatternName>Color</PatternName>
3566
                <Types>select</Types>
3567
                <Language>de</Language>
3568
                <Match>Farbe</Match>
3569
                <Value>Blue</Value>
3570
                <ValueMatch></ValueMatch>
3571
                <MatchCriteria>Regex</MatchCriteria>
3572
            </TrainingParameter>
3573
            <TrainingParameter>
3574
                <PatternName>Enter price</PatternName>
3575
                <Types>text,textarea</Types>
3576
                <Language>de</Language>
3577
                <Match>Preis</Match>
3578
                <Value>20</Value>
3579
                <ValueMatch></ValueMatch>
3580
                <MatchCriteria>Regex</MatchCriteria>
3581
            </TrainingParameter>
3582
            <TrainingParameter>
3583
                <PatternName>Attention</PatternName>
3584
                <Types>text,textarea</Types>
3585
                <Language>de</Language>
3586
                <Match>Aufmerksamkeit</Match>
3587
                <Value>John</Value>
3588
                <ValueMatch></ValueMatch>
3589
                <MatchCriteria>Regex</MatchCriteria>
3590
            </TrainingParameter>
3591
            <TrainingParameter>
3592
                <PatternName>Gender</PatternName>
3593
                <Types>select,radio,checkbox</Types>
3594
                <Language>de</Language>
3595
                <Match>Geschlecht|Herren</Match>
3596
                <Value>m</Value>
3597
                <ValueMatch>m|h</ValueMatch>
3598
                <MatchCriteria>Regex</MatchCriteria>
3599
            </TrainingParameter>
3600
            <TrainingParameter>
3601
                <PatternName>Legal age</PatternName>
3602
                <Types>select,radio,checkbox</Types>
3603
                <Language>de</Language>
3604
                <Match>rechtliche|\d\d[:space:]*Jahre</Match>
3605
                <Value>ja</Value>
3606
                <ValueMatch>ja|yes|1|on|true</ValueMatch>
3607
                <MatchCriteria>Regex</MatchCriteria>
3608
            </TrainingParameter>
3609
            <TrainingParameter>
3610
                <PatternName>Coupon code</PatternName>
3611
                <Types>text,textarea</Types>
3612
                <Language>de</Language>
3613
                <Match>MJPYBZHSWwshWRRFSGWAGERsO2cmRlcnVuZ3xHdXRzY2hlaW4=</Match>
3614
                <Value>111</Value>
3615
                <ValueMatch></ValueMatch>
3616
                <MatchCriteria>Regex</MatchCriteria>
3617
            </TrainingParameter>
3618
            <TrainingParameter>
3619
                <PatternName>Send message</PatternName>
3620
                <Types>text,textarea</Types>
3621
                <Language>de</Language>
3622
                <Match>Nachricht|Kommentar|beschweren|Anfrage|Kritik</Match>
3623
                <Value>comment</Value>
3624
                <ValueMatch></ValueMatch>
3625
                <MatchCriteria>Regex</MatchCriteria>
3626
            </TrainingParameter>
3627
            <TrainingParameter>
3628
                <PatternName>Age</PatternName>
3629
                <Types>text,textarea</Types>
3630
                <Language>de</Language>
3631
                <Match>Alter|unter|mehr</Match>
3632
                <Value>40</Value>
3633
                <ValueMatch></ValueMatch>
3634
                <MatchCriteria>Regex</MatchCriteria>
3635
            </TrainingParameter>
3636
            <TrainingParameter>
3637
                <PatternName>Passphrase Hint</PatternName>
3638
                <Types>text,textarea</Types>
3639
                <Language>de</Language>
3640
                <Match>Was machen|Name des Haustieres|Ihr Vater</Match>
3641
                <Value>What make was your first car?</Value>
3642
                <ValueMatch></ValueMatch>
3643
                <MatchCriteria>Regex</MatchCriteria>
3644
            </TrainingParameter>
3645
            <TrainingParameter>
3646
                <PatternName>Passphrase Hint Answer</PatternName>
3647
                <Types>text,textarea</Types>
3648
                <Language>de</Language>
3649
                <Match>beantworten</Match>
3650
                <Value>Ford</Value>
3651
                <ValueMatch></ValueMatch>
3652
                <MatchCriteria>Regex</MatchCriteria>
3653
            </TrainingParameter>
3654
            <TrainingParameter>
3655
                <PatternName>Doctor name</PatternName>
3656
                <Types>text,textarea</Types>
3657
                <Language>de</Language>
3658
                <Match>Arzt</Match>
3659
                <Value>John Johnson</Value>
3660
                <ValueMatch></ValueMatch>
3661
                <MatchCriteria>Regex</MatchCriteria>
3662
            </TrainingParameter>
3663
        </TrainingParameterList>
3664
    </ParameterTrainingConfig>
3665
    <AutoSequenceConfig>
3666
        <SequenceIgnoreExtensionList>
3667
            <SequenceIgnoreExtension>
3668
                <Value>js</Value>
3669
            </SequenceIgnoreExtension>
3670
            <SequenceIgnoreExtension>
3671
                <Value>css</Value>
3672
            </SequenceIgnoreExtension>
3673
            <SequenceIgnoreExtension>
3674
                <Value>doc</Value>
3675
            </SequenceIgnoreExtension>
3676
            <SequenceIgnoreExtension>
3677
                <Value>jpg</Value>
3678
            </SequenceIgnoreExtension>
3679
            <SequenceIgnoreExtension>
3680
                <Value>jpeg</Value>
3681
            </SequenceIgnoreExtension>
3682
            <SequenceIgnoreExtension>
3683
                <Value>gif</Value>
3684
            </SequenceIgnoreExtension>
3685
            <SequenceIgnoreExtension>
3686
                <Value>png</Value>
3687
            </SequenceIgnoreExtension>
3688
            <SequenceIgnoreExtension>
3689
                <Value>bmp</Value>
3690
            </SequenceIgnoreExtension>
3691
            <SequenceIgnoreExtension>
3692
                <Value>ico</Value>
3693
            </SequenceIgnoreExtension>
3694
            <SequenceIgnoreExtension>
3695
                <Value>exe</Value>
3696
            </SequenceIgnoreExtension>
3697
            <SequenceIgnoreExtension>
3698
                <Value>swf</Value>
3699
            </SequenceIgnoreExtension>
3700
            <SequenceIgnoreExtension>
3701
                <Value>mp3</Value>
3702
            </SequenceIgnoreExtension>
3703
            <SequenceIgnoreExtension>
3704
                <Value>wav</Value>
3705
            </SequenceIgnoreExtension>
3706
            <SequenceIgnoreExtension>
3707
                <Value>eot</Value>
3708
            </SequenceIgnoreExtension>
3709
        </SequenceIgnoreExtensionList>
3710
        <SequenceIgnoreContentTypeList>
3711
            <SequenceIgnoreContentType>
3712
                <Value>*font*</Value>
3713
            </SequenceIgnoreContentType>
3714
            <SequenceIgnoreContentType>
3715
                <Value>audio/*</Value>
3716
            </SequenceIgnoreContentType>
3717
            <SequenceIgnoreContentType>
3718
                <Value>image/*</Value>
3719
            </SequenceIgnoreContentType>
3720
            <SequenceIgnoreContentType>
3721
                <Value>video/*</Value>
3722
            </SequenceIgnoreContentType>
3723
            <SequenceIgnoreContentType>
3724
                <Value>application/pdf</Value>
3725
            </SequenceIgnoreContentType>
3726
            <SequenceIgnoreContentType>
3727
                <Value>application/zip</Value>
3728
            </SequenceIgnoreContentType>
3729
            <SequenceIgnoreContentType>
3730
                <Value>application/x-rar-compressed</Value>
3731
            </SequenceIgnoreContentType>
3732
            <SequenceIgnoreContentType>
3733
                <Value>application/x-dvi</Value>
3734
            </SequenceIgnoreContentType>
3735
            <SequenceIgnoreContentType>
3736
                <Value>application/x-shockwave-flash</Value>
3737
            </SequenceIgnoreContentType>
3738
            <SequenceIgnoreContentType>
3739
                <Value>application/msword</Value>
3740
            </SequenceIgnoreContentType>
3741
            <SequenceIgnoreContentType>
3742
                <Value>application/ogg</Value>
3743
            </SequenceIgnoreContentType>
3744
            <SequenceIgnoreContentType>
3745
                <Value>application/x-tar</Value>
3746
            </SequenceIgnoreContentType>
3747
            <SequenceIgnoreContentType>
3748
                <Value>application/octet-stream</Value>
3749
            </SequenceIgnoreContentType>
3750
        </SequenceIgnoreContentTypeList>
3751
    </AutoSequenceConfig>
3752
    <MacroConfig>
3753
        <SequentialMacroPlayback>1</SequentialMacroPlayback>
3754
    </MacroConfig>
3755
    <SeleniumConfig>
3756
        <ListenForOtherScripts>0</ListenForOtherScripts>
3757
        <SequentialSeleniumScriptPlayback>1</SequentialSeleniumScriptPlayback>
3758
        <SeleniumPort>32768</SeleniumPort>
3759
        <FirefoxProfile></FirefoxProfile>
3760
        <WebDriverForHtml>Chrome</WebDriverForHtml>
3761
    </SeleniumConfig>
3762
    <WebServiceConfig>
3763
        <Username></Username>
3764
        <Password></Password>
3765
        <ContentType></ContentType>
3766
        <WsdlRegex>([?]wsdl|[.]wsdl)$</WsdlRegex>
3767
        <AutoDiscoverWSDL>1</AutoDiscoverWSDL>
3768
        <WebServicesEnhancements>0</WebServicesEnhancements>
3769
        <PasswordOption>Hashed</PasswordOption>
3770
        <SwaggerHostName></SwaggerHostName>
3771
        <SwaggerParseFail>1</SwaggerParseFail>
3772
        <SwaggerWarningLevel>Strict</SwaggerWarningLevel>
3773
    </WebServiceConfig>
3774
    <ReportConfig>
3775
        <GlobalDatabaseDSN></GlobalDatabaseDSN>
3776
        <GlobalDatabaseUID></GlobalDatabaseUID>
3777
        <GlobalDatabasePWD></GlobalDatabasePWD>
3778
        <Language>en</Language>
3779
        <BrandingDirectory></BrandingDirectory>
3780
        <UseSQLite>0</UseSQLite>
3781
        <XML>0</XML>
3782
        <AttackModulesJSON>1</AttackModulesJSON>
3783
        <CrawledLinksJSON>1</CrawledLinksJSON>
3784
        <WebAppScanSelectedChildrenJSON>1</WebAppScanSelectedChildrenJSON>
3785
        <ScanStatusJSON>1</ScanStatusJSON>
3786
        <WebSitesJSON>1</WebSitesJSON>
3787
        <CrawlResultsJSON>1</CrawlResultsJSON>
3788
        <FormsJSON>1</FormsJSON>
3789
        <WebResourcesJSON>1</WebResourcesJSON>
3790
        <AttackVectorsJSON>1</AttackVectorsJSON>
3791
        <FindingsJSON>1</FindingsJSON>
3792
        <UserMessageLogEntriesJSON>1</UserMessageLogEntriesJSON>
3793
        <AttackLocationsJSON>0</AttackLocationsJSON>
3794
        <VulnerabilitiesSummaryXML>1</VulnerabilitiesSummaryXML>
3795
        <VulnerabilitiesSummaryJSON>0</VulnerabilitiesSummaryJSON>
3796
        <BrowserLinksJSON>1</BrowserLinksJSON>
3797
        <CrawledLinksXML>0</CrawledLinksXML>
3798
        <ValidationJSON>1</ValidationJSON>
3799
        <TreatNTOEFindingFlagsSameAsUI>0</TreatNTOEFindingFlagsSameAsUI>
3800
        <Index>1</Index>
3801
        <ExecutiveSummary>1</ExecutiveSummary>
3802
        <AllLinks>1</AllLinks>
3803
        <AppThreatModeling>1</AppThreatModeling>
3804
        <BestPractices>1</BestPractices>
3805
        <Reflection>1</Reflection>
3806
        <RemediationSummary>1</RemediationSummary>
3807
        <Resources>0</Resources>
3808
        <ResourceDetails>0</ResourceDetails>
3809
        <ResourceSummaryBreakdown>0</ResourceSummaryBreakdown>
3810
        <Application>1</Application>
3811
        <Server>1</Server>
3812
        <Database>1</Database>
3813
        <BySite>0</BySite>
3814
        <SiteLinks>1</SiteLinks>
3815
        <StatusAndConfig>1</StatusAndConfig>
3816
        <Vulnerabilities>1</Vulnerabilities>
3817
        <VulnerabilitiesByUrlStandAlone>0</VulnerabilitiesByUrlStandAlone>
3818
        <DISASTIG>1</DISASTIG>
3819
        <FISMA>1</FISMA>
3820
        <CWESANS>1</CWESANS>
3821
        <GLB>1</GLB>
3822
        <HIPAA>1</HIPAA>
3823
        <OWASP2007>0</OWASP2007>
3824
        <OWASP2010>0</OWASP2010>
3825
        <OWASP2013>0</OWASP2013>
3826
        <OWASP2017>1</OWASP2017>
3827
        <GDPR2016>1</GDPR2016>
3828
        <PCI>0</PCI>
3829
        <PCI31>1</PCI31>
3830
        <SOX>1</SOX>
3831
        <Privacy>1</Privacy>
3832
        <Comments>1</Comments>
3833
        <Cookies>1</Cookies>
3834
        <PDF>0</PDF>
3835
        <ZipReport>0</ZipReport>
3836
        <ValidateApplet>1</ValidateApplet>
3837
        <IncludeDbInZip>0</IncludeDbInZip>
3838
        <DisableBigReportPagesThreshold>10000</DisableBigReportPagesThreshold>
3839
        <AesEncryptPassword></AesEncryptPassword>
3840
        <Metadata></Metadata>
3841
        <Confidence>1</Confidence>
3842
    </ReportConfig>
3843
    <WAFConfig>
3844
        <Snort>1</Snort>
3845
        <Imperva>1</Imperva>
3846
        <ModSec>1</ModSec>
3847
        <SnortMode>Alert</SnortMode>
3848
    </WAFConfig>
3849
    <ScheduleConfig>
3850
        <Enabled>0</Enabled>
3851
        <PauseTime>2020-06-24 17:08:33</PauseTime>
3852
        <ResumeTime>2020-06-24 17:08:33</ResumeTime>
3853
        <MaxRunTime>44006 Days, 17:08:33</MaxRunTime>
3854
    </ScheduleConfig>
3855
    <SiteTechnologyConfig>
3856
        <Autodetect>1</Autodetect>
3857
        <ServerPerformance>Unknown</ServerPerformance>
3858
        <TechnologyTargets>
3859
        </TechnologyTargets>
3860
    </SiteTechnologyConfig>
3861
    <OneTimeTokenConfig>
3862
        <AutoDetectCSRF>1</AutoDetectCSRF>
3863
        <MaxTokenLifetime>1899-12-30 00:00:00</MaxTokenLifetime>
3864
        <ExpirationRegex></ExpirationRegex>
3865
        <TokenNameRegex>csrf</TokenNameRegex>
3866
        <TokenValueRegex></TokenValueRegex>
3867
    </OneTimeTokenConfig>
3868
    <CVSSConfig>
3869
        <CollateralDamagePotential>Not Defined</CollateralDamagePotential>
3870
        <TargetDistribution>Not Defined</TargetDistribution>
3871
        <ConfidentialityRequirement>Not Defined</ConfidentialityRequirement>
3872
        <IntegrityRequirement>Not Defined</IntegrityRequirement>
3873
        <AvailabilityRequirement>Not Defined</AvailabilityRequirement>
3874
        <AccessVector>Not Defined</AccessVector>
3875
        <AccessComplexity>Not Defined</AccessComplexity>
3876
        <CvssAuthentication>Not Defined</CvssAuthentication>
3877
    </CVSSConfig>
3878
    <ParameterParserConfig>
3879
        <EnableBase64ParameterValues>1</EnableBase64ParameterValues>
3880
        <StandardURLParserConfig>
3881
            <PathNameValueDelimiters>=.</PathNameValueDelimiters>
3882
            <PathParameterDelimiters>/;</PathParameterDelimiters>
3883
            <QueryNameValueDelimiters>=</QueryNameValueDelimiters>
3884
            <QueryParameterDelimiters>
3885
                <![CDATA[&]]>
3886
            </QueryParameterDelimiters>
3887
            <PathParamsValueRegex>\d+</PathParamsValueRegex>
3888
            <StartPathParamsPosition>-1</StartPathParamsPosition>
3889
        </StandardURLParserConfig>
3890
    </ParameterParserConfig>
3891
    <ParameterValueConfig>
3892
    </ParameterValueConfig>
3893
    <RTCConfig>
3894
        <Enabled>0</Enabled>
3895
        <AuthToken></AuthToken>
3896
        <ScanID></ScanID>
3897
    </RTCConfig>
3898
    <NexposeRESTConfig>
3899
        <RootUrl></RootUrl>
3900
        <FunctionAttackModuleList></FunctionAttackModuleList>
3901
        <FunctionWebAppScanSelectedChildren></FunctionWebAppScanSelectedChildren>
3902
        <FunctionNewWebSite></FunctionNewWebSite>
3903
        <FunctionNewCrawlResult></FunctionNewCrawlResult>
3904
        <FunctionNewForm></FunctionNewForm>
3905
        <FunctionNewWebResource></FunctionNewWebResource>
3906
        <FunctionNewAttackVector></FunctionNewAttackVector>
3907
        <FunctionNewFinding></FunctionNewFinding>
3908
        <FunctionTrimFalsePositiveFinding></FunctionTrimFalsePositiveFinding>
3909
        <AuthKey></AuthKey>
3910
        <ServicePullRequests>0</ServicePullRequests>
3911
    </NexposeRESTConfig>
3912
</ScanConfig>
Did this page help you?
AppSpider Enterprise REST API
XML config
Custom Attack Module API
Attack Module API Overview