Scan Config XML Breakout

Scan Config XML Breakout

Below is a sample of an XML config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.

ScanConfig is the top-level structure in the Scan Configuration File and contains all elements of the config to be submitted. For Example:

  • Name sets the name for the config

  • AppVersion identifies which version of AppSpider the config was written for (defaults to the current major version of the Scan Engine)

  • Log is a binary field to tell the engine to enable or disable logging (defaults to "1")

    • 1 - Enables Logging
    • 2 - Disables Logging

A full breakout of all XML elements contained in a scan config can be found at Scan Configuration Parameters

Caution

All elements must be submitted for the XML to be considered a "well-formed" request. Failure to include any element will result in the request being dropped

XML File example
xml
1
<ScanConfig>
2
<Name>webscantest</Name>
3
<AppVersion>7.0</AppVersion>
4
<Log>1</Log>
5
<DetailedLogging>0</DetailedLogging>
6
<IncludeTraffic>0</IncludeTraffic>
7
<WindowsErrors>0</WindowsErrors>
8
<UseSystemDsn>0</UseSystemDsn>
9
<Recrawl>0</Recrawl>
10
<PauseOnRecoverableError>1</PauseOnRecoverableError>
11
<DisplayImminentLicenseExpiryMessage>1</DisplayImminentLicenseExpiryMessage>
12
<ExecuteCommandLineURL></ExecuteCommandLineURL>
13
<NotifyScanDoneURL></NotifyScanDoneURL>
14
<JavaScriptEngine>Chrome</JavaScriptEngine>
15
<MaxDatabaseSize>1073741824</MaxDatabaseSize>
16
<MaxTrafficFiles>0</MaxTrafficFiles>
17
<CrawlConfig>
18
<MaxDomain>100</MaxDomain>
19
<MaxCrawlResults>5000</MaxCrawlResults>
20
<MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
21
<MaxPerDirCrawlResults>400</MaxPerDirCrawlResults>
22
<MaxPerLinkCrawlResults>40</MaxPerLinkCrawlResults>
23
<MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
24
<MaxPerDirChildNodes>300</MaxPerDirChildNodes>
25
<MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
26
<MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
27
<MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
28
<MaxPerQueryCrawlResults>100</MaxPerQueryCrawlResults>
29
<RecursionDepth>2</RecursionDepth>
30
<MaxDirDepth>15</MaxDirDepth>
31
<DiscoveryDepth>-1</DiscoveryDepth>
32
<UrlRepetitionTolerance>15</UrlRepetitionTolerance>
33
<SequenceRepetitionTolerance>3</SequenceRepetitionTolerance>
34
<MaxReportedImages>500</MaxReportedImages>
35
<MaxReportedLinks>2500</MaxReportedLinks>
36
<MaxReportedComments>500</MaxReportedComments>
37
<MaxReportedScripts>500</MaxReportedScripts>
38
<MaxReportedEmails>500</MaxReportedEmails>
39
<MaxReportedForms>500</MaxReportedForms>
40
<MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
41
<MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
42
<MaxBrowserDOMDepth>2</MaxBrowserDOMDepth>
43
<MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
44
<MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
45
<MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
46
<MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
47
<NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
48
<MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
49
<MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>
50
<MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>
51
<CrawlPrioritization>Smart</CrawlPrioritization>
52
<FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File
53
(or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
54
<ServerErrorRegex></ServerErrorRegex>
55
<InvalidURLRegexAttack>
56
<![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]>
57
</InvalidURLRegexAttack>
58
<InvalidURLRegexCrawl>
59
<![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]>
60
</InvalidURLRegexCrawl>
61
<PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>
62
<LockCookies>0</LockCookies>
63
<CaseSensitivity>Case Sensitive</CaseSensitivity>
64
<UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
65
<SaveReferences>0</SaveReferences>
66
<UseBrowser>1</UseBrowser>
67
<ShowBrowser>0</ShowBrowser>
68
<StayOnPort>0</StayOnPort>
69
<RestrictToMacro>0</RestrictToMacro>
70
<RestrictToManualCrawling>0</RestrictToManualCrawling>
71
<RestrictToSeedList>0</RestrictToSeedList>
72
<RestrictToWebService>0</RestrictToWebService>
73
<RestrictToSelenium>0</RestrictToSelenium>
74
<RestrictToSwagger>0</RestrictToSwagger>
75
<RestrictToAgentRoutes>0</RestrictToAgentRoutes>
76
<ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
77
<PageEqualThreshhold>0.95</PageEqualThreshhold>
78
<PageSimilarThreshhold>0.8</PageSimilarThreshhold>
79
<ExperimentalCrawling>Disabled</ExperimentalCrawling>
80
<Flash>1</Flash>
81
<EnableAdvancedParsers>1</EnableAdvancedParsers>
82
<SearchForUrls>1</SearchForUrls>
83
<CookieCommaSeparator>1</CookieCommaSeparator>
84
<MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
85
<BlacklistContactForms>0</BlacklistContactForms>
86
<EnableRobotstxtSitemapCrawling>0</EnableRobotstxtSitemapCrawling>
87
<LogDomContents>0</LogDomContents>
88
<UseBrowserResponseCaching>1</UseBrowserResponseCaching>
89
<FrameworksCrawlConfig>
90
<EnableFrameworksCrawling>1</EnableFrameworksCrawling>
91
<FrameworkConfigList>
92
<FrameworkConfig>
93
<Name>ReactJS</Name>
94
<DefaultConfigVersion>2</DefaultConfigVersion>
95
<Enabled>1</Enabled>
96
<HEAD>1</HEAD>
97
<DetectionRegex>createReactRootIndex</DetectionRegex>
98
<HealthcheckString>react</HealthcheckString>
99
<FileName>fm.react.min.js</FileName>
100
<GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>
101
<GetAllEventsDelay>0</GetAllEventsDelay>
102
<GetVersionStringScript></GetVersionStringScript>
103
</FrameworkConfig>
104
<FrameworkConfig>
105
<Name>AngularJS</Name>
106
<DefaultConfigVersion>1</DefaultConfigVersion>
107
<Enabled>1</Enabled>
108
<HEAD>0</HEAD>
109
<DetectionRegex>ng-controller</DetectionRegex>
110
<HealthcheckString>angular</HealthcheckString>
111
<FileName>angular-hook-bundle.min.js</FileName>
112
<GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>
113
<GetAllEventsDelay>0</GetAllEventsDelay>
114
<GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>
115
</FrameworkConfig>
116
<FrameworkConfig>
117
<Name>KnockoutJS</Name>
118
<DefaultConfigVersion>1</DefaultConfigVersion>
119
<Enabled>1</Enabled>
120
<HEAD>0</HEAD>
121
<DetectionRegex>data-bind</DetectionRegex>
122
<HealthcheckString>ko</HealthcheckString>
123
<FileName>ko-hook-bundle.min.js</FileName>
124
<GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>
125
<GetAllEventsDelay>5000</GetAllEventsDelay>
126
<GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>
127
</FrameworkConfig>
128
<FrameworkConfig>
129
<Name>AngularLib</Name>
130
<DefaultConfigVersion>2</DefaultConfigVersion>
131
<Enabled>1</Enabled>
132
133
<HEAD>0</HEAD>
134
<DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>
135
<HealthcheckString></HealthcheckString>
136
<FileName>angular-4-hook-bundle.min.js</FileName>
137
<GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>
138
<GetAllEventsDelay>6000</GetAllEventsDelay>
139
<GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>
140
</FrameworkConfig>
141
<FrameworkConfig>
142
<Name>ReactLib</Name>
143
<DefaultConfigVersion>1</DefaultConfigVersion>
144
<Enabled>1</Enabled>
145
<HEAD>0</HEAD>
146
<DetectionRegex>react-text</DetectionRegex>
147
<HealthcheckString></HealthcheckString>
148
<FileName>react-hook-bundle.min.js</FileName>
149
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>
150
<GetAllEventsDelay>8000</GetAllEventsDelay>
151
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
152
</FrameworkConfig>
153
<FrameworkConfig>
154
<Name>ReactTwo</Name>
155
<DefaultConfigVersion>1</DefaultConfigVersion>
156
<Enabled>1</Enabled>
157
<HEAD>0</HEAD>
158
<DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>
159
<HealthcheckString></HealthcheckString>
160
<FileName>react-hook-bundle.min.js</FileName>
161
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>
162
<GetAllEventsDelay>8000</GetAllEventsDelay>
163
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
164
</FrameworkConfig>
165
<FrameworkConfig>
166
<Name>OpenUI5</Name>
167
<DefaultConfigVersion>1</DefaultConfigVersion>
168
<Enabled>1</Enabled>
169
<HEAD>0</HEAD>
170
<DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>
171
<HealthcheckString></HealthcheckString>
172
<FileName>sap-open-ui5-hook-bundle.min.js</FileName>
173
<GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>
174
<GetAllEventsDelay>5000</GetAllEventsDelay>
175
<GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>
176
</FrameworkConfig>
177
<FrameworkConfig>
178
<Name>Vue</Name>
179
<DefaultConfigVersion>1</DefaultConfigVersion>
180
<Enabled>1</Enabled>
181
<HEAD>0</HEAD>
182
<DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>
183
<HealthcheckString></HealthcheckString>
184
<FileName>vue-hook-bundle.min.js</FileName>
185
<GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>
186
<GetAllEventsDelay>5000</GetAllEventsDelay>
187
<GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>
188
</FrameworkConfig>
189
<FrameworkConfig>
190
<Name>Ember</Name>
191
<DefaultConfigVersion>1</DefaultConfigVersion>
192
<Enabled>1</Enabled>
193
<HEAD>0</HEAD>
194
<DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>
195
<HealthcheckString></HealthcheckString>
196
<FileName>ember-hook-bundle.min.js</FileName>
197
<GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>
198
<GetAllEventsDelay>5000</GetAllEventsDelay>
199
<GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>
200
</FrameworkConfig>
201
<FrameworkConfig>
202
<Name>Backbone</Name>
203
<DefaultConfigVersion>1</DefaultConfigVersion>
204
<Enabled>1</Enabled>
205
<HEAD>0</HEAD>
206
<DetectionRegex>(?-i)Backbone</DetectionRegex>
207
<HealthcheckString></HealthcheckString>
208
<FileName>backbone-hook-bundle.min.js</FileName>
209
<GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>
210
<GetAllEventsDelay>5000</GetAllEventsDelay>
211
<GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>
212
</FrameworkConfig>
213
</FrameworkConfigList>
214
</FrameworksCrawlConfig>
215
<SeedUrlList>
216
<SeedUrl>
217
<Value>http://www.webscantest.com/</Value>
218
</SeedUrl>
219
</SeedUrlList>
220
<ScopeConstraintList>
221
<ScopeConstraint>
222
<URL>http://www.webscantest.com/*</URL>
223
<Method>All</Method>
224
<MatchCriteria>Wildcard</MatchCriteria>
225
<Exclusion>Include</Exclusion>
226
</ScopeConstraint>
227
<ScopeConstraint>
228
<URL>http://*.www.webscantest.com/*</URL>
229
<Method>All</Method>
230
<MatchCriteria>Wildcard</MatchCriteria>
231
<Exclusion>Include</Exclusion>
232
</ScopeConstraint>
233
</ScopeConstraintList>
234
<BlackListExtensionList>
235
<BlackListExtension>
236
<Value>css</Value>
237
</BlackListExtension>
238
<BlackListExtension>
239
<Value>axd</Value>
240
</BlackListExtension>
241
</BlackListExtensionList>
242
<GrayListExtensionList>
243
<GrayListExtension>
244
<Value>pdf</Value>
245
</GrayListExtension>
246
<GrayListExtension>
247
<Value>doc</Value>
248
</GrayListExtension>
249
<GrayListExtension>
250
<Value>jpg</Value>
251
</GrayListExtension>
252
<GrayListExtension>
253
<Value>jpeg</Value>
254
</GrayListExtension>
255
<GrayListExtension>
256
<Value>gif</Value>
257
</GrayListExtension>
258
<GrayListExtension>
259
<Value>png</Value>
260
</GrayListExtension>
261
<GrayListExtension>
262
<Value>bmp</Value>
263
</GrayListExtension>
264
<GrayListExtension>
265
<Value>ico</Value>
266
</GrayListExtension>
267
<GrayListExtension>
268
<Value>js</Value>
269
</GrayListExtension>
270
<GrayListExtension>
271
<Value>tiff</Value>
272
</GrayListExtension>
273
<GrayListExtension>
274
<Value>eot</Value>
275
</GrayListExtension>
276
<GrayListExtension>
277
<Value>ttf</Value>
278
</GrayListExtension>
279
<GrayListExtension>
280
<Value>mid</Value>
281
</GrayListExtension>
282
<GrayListExtension>
283
<Value>midi</Value>
284
</GrayListExtension>
285
<GrayListExtension>
286
<Value>mp3</Value>
287
</GrayListExtension>
288
<GrayListExtension>
289
<Value>mpeg</Value>
290
</GrayListExtension>
291
<GrayListExtension>
292
<Value>wav</Value>
293
</GrayListExtension>
294
<GrayListExtension>
295
<Value>avi</Value>
296
</GrayListExtension>
297
<GrayListExtension>
298
<Value>woff</Value>
299
</GrayListExtension>
300
<GrayListExtension>
301
<Value>svg</Value>
302
</GrayListExtension>
303
</GrayListExtensionList>
304
<BinaryExtensionList>
305
<BinaryExtension>
306
<Value>fla</Value>
307
</BinaryExtension>
308
<BinaryExtension>
309
<Value>swf</Value>
310
</BinaryExtension>
311
<BinaryExtension>
312
<Value>pdf</Value>
313
</BinaryExtension>
314
<BinaryExtension>
315
<Value>doc</Value>
316
</BinaryExtension>
317
<BinaryExtension>
318
<Value>jpg</Value>
319
</BinaryExtension>
320
<BinaryExtension>
321
<Value>jpeg</Value>
322
</BinaryExtension>
323
<BinaryExtension>
324
<Value>gif</Value>
325
</BinaryExtension>
326
<BinaryExtension>
327
<Value>png</Value>
328
</BinaryExtension>
329
<BinaryExtension>
330
<Value>bmp</Value>
331
</BinaryExtension>
332
<BinaryExtension>
333
<Value>ico</Value>
334
</BinaryExtension>
335
<BinaryExtension>
336
<Value>dll</Value>
337
</BinaryExtension>
338
<BinaryExtension>
339
<Value>exe</Value>
340
</BinaryExtension>
341
<BinaryExtension>
342
<Value>eot</Value>
343
</BinaryExtension>
344
<BinaryExtension>
345
<Value>ttf</Value>
346
</BinaryExtension>
347
<BinaryExtension>
348
<Value>mp3</Value>
349
</BinaryExtension>
350
<BinaryExtension>
351
<Value>mp4</Value>
352
</BinaryExtension>
353
<BinaryExtension>
354
<Value>wav</Value>
355
</BinaryExtension>
356
<BinaryExtension>
357
<Value>woff</Value>
358
</BinaryExtension>
359
<BinaryExtension>
360
<Value>svg</Value>
361
</BinaryExtension>
362
</BinaryExtensionList>
363
<TextExtensionList>
364
<TextExtension>
365
<Value>txt</Value>
366
</TextExtension>
367
<TextExtension>
368
<Value>js</Value>
369
</TextExtension>
370
<TextExtension>
371
<Value>css</Value>
372
</TextExtension>
373
<TextExtension>
374
<Value>json</Value>
375
</TextExtension>
376
</TextExtensionList>
377
<BinaryContentTypeList>
378
<BinaryContentType>
379
<Value>audio/*</Value>
380
</BinaryContentType>
381
<BinaryContentType>
382
<Value>image/*</Value>
383
</BinaryContentType>
384
<BinaryContentType>
385
<Value>video/*</Value>
386
</BinaryContentType>
387
<BinaryContentType>
388
<Value>application/pdf</Value>
389
</BinaryContentType>
390
<BinaryContentType>
391
<Value>application/zip</Value>
392
</BinaryContentType>
393
<BinaryContentType>
394
<Value>application/x-rar-compressed</Value>
395
</BinaryContentType>
396
<BinaryContentType>
397
<Value>application/x-dvi</Value>
398
</BinaryContentType>
399
<BinaryContentType>
400
<Value>application/x-shockwave-flash</Value>
401
</BinaryContentType>
402
<BinaryContentType>
403
<Value>application/msword</Value>
404
</BinaryContentType>
405
<BinaryContentType>
406
<Value>application/ogg</Value>
407
</BinaryContentType>
408
<BinaryContentType>
409
<Value>application/x-tar</Value>
410
</BinaryContentType>
411
<BinaryContentType>
412
<Value>application/octet-stream</Value>
413
</BinaryContentType>
414
</BinaryContentTypeList>
415
<HTMLContentTypeList>
416
<HTMLContentType>
417
<Value>text/html</Value>
418
</HTMLContentType>
419
<HTMLContentType>
420
<Value>html/*</Value>
421
</HTMLContentType>
422
<HTMLContentType>
423
<Value>application/xhtml+xml</Value>
424
</HTMLContentType>
425
</HTMLContentTypeList>
426
<TextContentTypeList>
427
<TextContentType>
428
<Value>text/plain</Value>
429
</TextContentType>
430
<TextContentType>
431
<Value>text/csv</Value>
432
</TextContentType>
433
<TextContentType>
434
<Value>text/css</Value>
435
</TextContentType>
436
<TextContentType>
437
<Value>text/javascript</Value>
438
</TextContentType>
439
<TextContentType>
440
<Value>application/javascript</Value>
441
</TextContentType>
442
<TextContentType>
443
<Value>application/x-javascript</Value>
444
</TextContentType>
445
<TextContentType>
446
<Value>application/json</Value>
447
</TextContentType>
448
<TextContentType>
449
<Value>application/x-httpd-php-source</Value>
450
</TextContentType>
451
</TextContentTypeList>
452
<XMLContentTypeList>
453
<XMLContentType>
454
<Value>application/xml-dtd</Value>
455
</XMLContentType>
456
<XMLContentType>
457
<Value>text/xml</Value>
458
</XMLContentType>
459
<XMLContentType>
460
<Value>application/soap+xml</Value>
461
</XMLContentType>
462
<XMLContentType>
463
<Value>application/xml</Value>
464
</XMLContentType>
465
</XMLContentTypeList>
466
<BrowserDownloadWhitelistList>
467
<BrowserDownloadWhitelist>
468
<Value>*.css</Value>
469
</BrowserDownloadWhitelist>
470
<BrowserDownloadWhitelist>
471
<Value>*.js</Value>
472
</BrowserDownloadWhitelist>
473
<BrowserDownloadWhitelist>
474
<Value>*.xml</Value>
475
</BrowserDownloadWhitelist>
476
<BrowserDownloadWhitelist>
477
<Value>*.dtd</Value>
478
</BrowserDownloadWhitelist>
479
<BrowserDownloadWhitelist>
480
<Value>*.axd</Value>
481
</BrowserDownloadWhitelist>
482
<BrowserDownloadWhitelist>
483
<Value>*.json</Value>
484
</BrowserDownloadWhitelist>
485
<BrowserDownloadWhitelist>
486
<Value>*/js/*</Value>
487
</BrowserDownloadWhitelist>
488
<BrowserDownloadWhitelist>
489
<Value>*/css/*</Value>
490
</BrowserDownloadWhitelist>
491
</BrowserDownloadWhitelistList>
492
<BrowserDoNotDownloadExtensionList>
493
<BrowserDoNotDownloadExtension>
494
<Value>pdf</Value>
495
</BrowserDoNotDownloadExtension>
496
<BrowserDoNotDownloadExtension>
497
<Value>doc</Value>
498
</BrowserDoNotDownloadExtension>
499
<BrowserDoNotDownloadExtension>
500
<Value>jpg</Value>
501
</BrowserDoNotDownloadExtension>
502
<BrowserDoNotDownloadExtension>
503
<Value>jpeg</Value>
504
</BrowserDoNotDownloadExtension>
505
<BrowserDoNotDownloadExtension>
506
<Value>gif</Value>
507
</BrowserDoNotDownloadExtension>
508
<BrowserDoNotDownloadExtension>
509
<Value>png</Value>
510
</BrowserDoNotDownloadExtension>
511
<BrowserDoNotDownloadExtension>
512
<Value>bmp</Value>
513
</BrowserDoNotDownloadExtension>
514
<BrowserDoNotDownloadExtension>
515
<Value>ico</Value>
516
</BrowserDoNotDownloadExtension>
517
<BrowserDoNotDownloadExtension>
518
<Value>exe</Value>
519
</BrowserDoNotDownloadExtension>
520
<BrowserDoNotDownloadExtension>
521
<Value>swf</Value>
522
</BrowserDoNotDownloadExtension>
523
<BrowserDoNotDownloadExtension>
524
<Value>mp3</Value>
525
</BrowserDoNotDownloadExtension>
526
<BrowserDoNotDownloadExtension>
527
<Value>mp4</Value>
528
</BrowserDoNotDownloadExtension>
529
<BrowserDoNotDownloadExtension>
530
<Value>wav</Value>
531
</BrowserDoNotDownloadExtension>
532
<BrowserDoNotDownloadExtension>
533
<Value>eot</Value>
534
</BrowserDoNotDownloadExtension>
535
<BrowserDoNotDownloadExtension>
536
<Value>ttf</Value>
537
</BrowserDoNotDownloadExtension>
538
<BrowserDoNotDownloadExtension>
539
<Value>woff</Value>
540
</BrowserDoNotDownloadExtension>
541
<BrowserDoNotDownloadExtension>
542
<Value>ico</Value>
543
</BrowserDoNotDownloadExtension>
544
<BrowserDoNotDownloadExtension>
545
<Value>svg</Value>
546
</BrowserDoNotDownloadExtension>
547
</BrowserDoNotDownloadExtensionList>
548
<BrowserDoNotDownloadContentTypeList>
549
<BrowserDoNotDownloadContentType>
550
<Value>audio/*</Value>
551
</BrowserDoNotDownloadContentType>
552
<BrowserDoNotDownloadContentType>
553
<Value>image/*</Value>
554
</BrowserDoNotDownloadContentType>
555
<BrowserDoNotDownloadContentType>
556
<Value>video/*</Value>
557
</BrowserDoNotDownloadContentType>
558
<BrowserDoNotDownloadContentType>
559
<Value>application/pdf</Value>
560
</BrowserDoNotDownloadContentType>
561
<BrowserDoNotDownloadContentType>
562
<Value>application/zip</Value>
563
</BrowserDoNotDownloadContentType>
564
<BrowserDoNotDownloadContentType>
565
<Value>application/x-rar-compressed</Value>
566
</BrowserDoNotDownloadContentType>
567
<BrowserDoNotDownloadContentType>
568
<Value>application/x-dvi</Value>
569
</BrowserDoNotDownloadContentType>
570
<BrowserDoNotDownloadContentType>
571
<Value>application/x-shockwave-flash</Value>
572
</BrowserDoNotDownloadContentType>
573
<BrowserDoNotDownloadContentType>
574
<Value>application/msword</Value>
575
</BrowserDoNotDownloadContentType>
576
<BrowserDoNotDownloadContentType>
577
<Value>application/ogg</Value>
578
</BrowserDoNotDownloadContentType>
579
<BrowserDoNotDownloadContentType>
580
<Value>application/x-tar</Value>
581
</BrowserDoNotDownloadContentType>
582
<BrowserDoNotDownloadContentType>
583
<Value>application/octet-stream</Value>
584
</BrowserDoNotDownloadContentType>
585
</BrowserDoNotDownloadContentTypeList>
586
</CrawlConfig>
587
<AttackerConfig>
588
<ParametersToAttackBeforeLimitingAttacks>100</ParametersToAttackBeforeLimitingAttacks>
589
<LinksToAttackBeforeLimitingAttacks>20</LinksToAttackBeforeLimitingAttacks>
590
<MaxSameNameParameterAttackPoints>10</MaxSameNameParameterAttackPoints>
591
<MaxSameCookieParameterAttackPoints>5</MaxSameCookieParameterAttackPoints>
592
<MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
593
<MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
594
<MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
595
<ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
596
<ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
597
<MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>
598
<MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>
599
<ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>
600
<OutOfBandHost></OutOfBandHost>
601
<MaxSeverityForTrafficReduction>Low</MaxSeverityForTrafficReduction>
602
<MinResponseSizeForTrafficReduction>204800</MinResponseSizeForTrafficReduction>
603
<DefaultDoNotAttackParamList>
604
<DefaultDoNotAttackParam>
605
<ParameterName>
606
^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$
607
</ParameterName>
608
<MatchCriteria>Regex</MatchCriteria>
609
</DefaultDoNotAttackParam>
610
</DefaultDoNotAttackParamList>
611
</AttackerConfig>
612
<AttackPolicyConfig>
613
<Policy>All Modules</Policy>
614
<AttackPrioritization>Smart</AttackPrioritization>
615
<AttackDepth>Smart</AttackDepth>
616
<EnableAdvancedAttacks>0</EnableAdvancedAttacks>
617
<FalsePositiveRegex></FalsePositiveRegex>
618
<FalsePositiveFindingRegex></FalsePositiveFindingRegex>
619
<RootCauseIdExcludeList></RootCauseIdExcludeList>
620
<AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
621
<EnforceEncoding>0</EnforceEncoding>
622
<AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
623
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
624
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
625
<AttackModulePolicyList>
626
<AttackModulePolicy>
627
<Enabled>1</Enabled>
628
<ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>
629
<ModulePriority>High</ModulePriority>
630
<Severity>Informational</Severity>
631
<MaxVulnLimit>10</MaxVulnLimit>
632
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
633
<MaxVarianceLimit>2</MaxVarianceLimit>
634
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
635
<EnforceEncoding>0</EnforceEncoding>
636
<ApplyPolicySeverity>0</ApplyPolicySeverity>
637
<AttackPoints>Web Site</AttackPoints>
638
<ParameterLocations></ParameterLocations>
639
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
640
<DisplayName>Anonymous Access</DisplayName>
641
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
642
</AttackModulePolicy>
643
<AttackModulePolicy>
644
<Enabled>1</Enabled>
645
<ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
646
<ModulePriority>High</ModulePriority>
647
<Severity>High</Severity>
648
<MaxVulnLimit>100</MaxVulnLimit>
649
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
650
<MaxVarianceLimit>3</MaxVarianceLimit>
651
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
652
<EnforceEncoding>0</EnforceEncoding>
653
<ApplyPolicySeverity>0</ApplyPolicySeverity>
654
<AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
655
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
656
</ParameterLocations>
657
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
658
<DisplayName>Apache Struts 2 Framework Checks</DisplayName>
659
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
660
</AttackModulePolicy>
661
<AttackModulePolicy>
662
<Enabled>1</Enabled>
663
<ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
664
<ModulePriority>High</ModulePriority>
665
<Severity>Informational</Severity>
666
<MaxVulnLimit>100</MaxVulnLimit>
667
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
668
<MaxVarianceLimit>3</MaxVarianceLimit>
669
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
670
<EnforceEncoding>0</EnforceEncoding>
671
<ApplyPolicySeverity>0</ApplyPolicySeverity>
672
<AttackPoints>Response Analysis</AttackPoints>
673
<ParameterLocations></ParameterLocations>
674
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
675
<DisplayName>Apache Struts Detection</DisplayName>
676
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
677
</AttackModulePolicy>
678
<AttackModulePolicy>
679
<Enabled>1</Enabled>
680
<ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
681
<ModulePriority>High</ModulePriority>
682
<Severity>High</Severity>
683
<MaxVulnLimit>100</MaxVulnLimit>
684
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
685
<MaxVarianceLimit>4</MaxVarianceLimit>
686
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
687
<EnforceEncoding>0</EnforceEncoding>
688
<ApplyPolicySeverity>0</ApplyPolicySeverity>
689
<AttackPoints>Parameter</AttackPoints>
690
<ParameterLocations>Post</ParameterLocations>
691
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
692
<DisplayName>Arbitrary File Upload</DisplayName>
693
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
694
</AttackModulePolicy>
695
<AttackModulePolicy>
696
<Enabled>1</Enabled>
697
<ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
698
<ModulePriority>Medium</ModulePriority>
699
<Severity>Low</Severity>
700
<MaxVulnLimit>25</MaxVulnLimit>
701
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
702
<MaxVarianceLimit>2</MaxVarianceLimit>
703
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
704
<EnforceEncoding>0</EnforceEncoding>
705
<ApplyPolicySeverity>0</ApplyPolicySeverity>
706
<AttackPoints>Directory</AttackPoints>
707
<ParameterLocations></ParameterLocations>
708
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
709
<DisplayName>ASP.NET Misconfiguration</DisplayName>
710
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
711
</AttackModulePolicy>
712
<AttackModulePolicy>
713
<Enabled>1</Enabled>
714
<ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>
715
<ModulePriority>Medium</ModulePriority>
716
<Severity>High</Severity>
717
<MaxVulnLimit>25</MaxVulnLimit>
718
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
719
<MaxVarianceLimit>4</MaxVarianceLimit>
720
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
721
<EnforceEncoding>0</EnforceEncoding>
722
<ApplyPolicySeverity>0</ApplyPolicySeverity>
723
<AttackPoints>Parameter</AttackPoints>
724
<ParameterLocations>Post|Cookie</ParameterLocations>
725
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
726
<DisplayName>ASP.NET Serialization</DisplayName>
727
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
728
</AttackModulePolicy>
729
<AttackModulePolicy>
730
<Enabled>1</Enabled>
731
<ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
732
<ModulePriority>Medium</ModulePriority>
733
<Severity>Low</Severity>
734
<MaxVulnLimit>200</MaxVulnLimit>
735
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
736
<MaxVarianceLimit>2</MaxVarianceLimit>
737
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
738
<EnforceEncoding>0</EnforceEncoding>
739
<ApplyPolicySeverity>0</ApplyPolicySeverity>
740
<AttackPoints>Response Analysis</AttackPoints>
741
<ParameterLocations></ParameterLocations>
742
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
743
<DisplayName>Autocomplete attribute</DisplayName>
744
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
745
</AttackModulePolicy>
746
<AttackModulePolicy>
747
<Enabled>1</Enabled>
748
<ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>
749
<ModulePriority>High</ModulePriority>
750
<Severity>High</Severity>
751
<MaxVulnLimit>75</MaxVulnLimit>
752
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
753
<MaxVarianceLimit>4</MaxVarianceLimit>
754
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
755
<EnforceEncoding>0</EnforceEncoding>
756
<ApplyPolicySeverity>0</ApplyPolicySeverity>
757
<AttackPoints>Parameter</AttackPoints>
758
<ParameterLocations>Query|Post</ParameterLocations>
759
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
760
<DisplayName>Blind LDAP Injection</DisplayName>
761
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
762
</AttackModulePolicy>
763
<AttackModulePolicy>
764
<Enabled>1</Enabled>
765
<ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
766
<ModulePriority>Medium</ModulePriority>
767
<Severity>Informational</Severity>
768
<MaxVulnLimit>100</MaxVulnLimit>
769
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
770
<MaxVarianceLimit>1</MaxVarianceLimit>
771
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
772
<EnforceEncoding>0</EnforceEncoding>
773
<ApplyPolicySeverity>0</ApplyPolicySeverity>
774
<AttackPoints>Response Analysis</AttackPoints>
775
<ParameterLocations></ParameterLocations>
776
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
777
<DisplayName>Browser Cache directive (web application performance)</DisplayName>
778
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
779
</AttackModulePolicy>
780
<AttackModulePolicy>
781
<Enabled>1</Enabled>
782
<ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
783
<ModulePriority>Medium</ModulePriority>
784
<Severity>Low</Severity>
785
<MaxVulnLimit>150</MaxVulnLimit>
786
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
787
<MaxVarianceLimit>4</MaxVarianceLimit>
788
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
789
<EnforceEncoding>0</EnforceEncoding>
790
<ApplyPolicySeverity>0</ApplyPolicySeverity>
791
<AttackPoints>Response Analysis</AttackPoints>
792
<ParameterLocations></ParameterLocations>
793
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
794
<DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>
795
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
796
</AttackModulePolicy>
797
<AttackModulePolicy>
798
<Enabled>1</Enabled>
799
<ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
800
<ModulePriority>High</ModulePriority>
801
<Severity>High</Severity>
802
<MaxVulnLimit>5</MaxVulnLimit>
803
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
804
<MaxVarianceLimit>2</MaxVarianceLimit>
805
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
806
<EnforceEncoding>0</EnforceEncoding>
807
<ApplyPolicySeverity>0</ApplyPolicySeverity>
808
<AttackPoints>Web Resource</AttackPoints>
809
<ParameterLocations></ParameterLocations>
810
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
811
<DisplayName>Brute Force (HTTP Auth)</DisplayName>
812
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
813
</AttackModulePolicy>
814
<AttackModulePolicy>
815
<Enabled>1</Enabled>
816
<ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
817
<ModulePriority>High</ModulePriority>
818
<Severity>High</Severity>
819
<MaxVulnLimit>5</MaxVulnLimit>
820
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
821
<MaxVarianceLimit>2</MaxVarianceLimit>
822
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
823
<EnforceEncoding>0</EnforceEncoding>
824
<ApplyPolicySeverity>0</ApplyPolicySeverity>
825
<AttackPoints>Parameter</AttackPoints>
826
<ParameterLocations>Query|Post</ParameterLocations>
827
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
828
<DisplayName>Brute Force (Form Auth)</DisplayName>
829
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
830
</AttackModulePolicy>
831
<AttackModulePolicy>
832
<Enabled>1</Enabled>
833
<ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
834
<ModulePriority>High</ModulePriority>
835
<Severity>High</Severity>
836
<MaxVulnLimit>250</MaxVulnLimit>
837
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
838
<MaxVarianceLimit>4</MaxVarianceLimit>
839
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
840
<EnforceEncoding>0</EnforceEncoding>
841
<ApplyPolicySeverity>0</ApplyPolicySeverity>
842
<AttackPoints>Parameter</AttackPoints>
843
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
844
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
845
<DisplayName>Blind SQL</DisplayName>
846
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
847
</AttackModulePolicy>
848
<AttackModulePolicy>
849
<Enabled>1</Enabled>
850
<ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
851
<ModulePriority>Low</ModulePriority>
852
<Severity>Low</Severity>
853
<MaxVulnLimit>100</MaxVulnLimit>
854
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
855
<MaxVarianceLimit>4</MaxVarianceLimit>
856
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
857
<EnforceEncoding>0</EnforceEncoding>
858
<ApplyPolicySeverity>0</ApplyPolicySeverity>
859
<AttackPoints>Directory</AttackPoints>
860
<ParameterLocations></ParameterLocations>
861
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
862
<DisplayName>Clients Cross-Domain Policy Files</DisplayName>
863
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
864
</AttackModulePolicy>
865
<AttackModulePolicy>
866
<Enabled>1</Enabled>
867
<ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
868
<ModulePriority>Low</ModulePriority>
869
<Severity>Informational</Severity>
870
<MaxVulnLimit>100</MaxVulnLimit>
871
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
872
<MaxVarianceLimit>4</MaxVarianceLimit>
873
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
874
<EnforceEncoding>0</EnforceEncoding>
875
<ApplyPolicySeverity>0</ApplyPolicySeverity>
876
<AttackPoints>Response Analysis</AttackPoints>
877
<ParameterLocations></ParameterLocations>
878
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
879
<DisplayName>Information Disclosure in comments</DisplayName>
880
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
881
</AttackModulePolicy>
882
<AttackModulePolicy>
883
<Enabled>1</Enabled>
884
<ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
885
<ModulePriority>Medium</ModulePriority>
886
<Severity>Low</Severity>
887
<MaxVulnLimit>50</MaxVulnLimit>
888
<MaxPerWebSiteVulnLimit>20</MaxPerWebSiteVulnLimit>
889
<MaxVarianceLimit>10</MaxVarianceLimit>
890
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
891
<EnforceEncoding>0</EnforceEncoding>
892
<ApplyPolicySeverity>0</ApplyPolicySeverity>
893
<AttackPoints>Response Analysis</AttackPoints>
894
<ParameterLocations></ParameterLocations>
895
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
896
<DisplayName>Cookie attributes</DisplayName>
897
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
898
</AttackModulePolicy>
899
<AttackModulePolicy>
900
<Enabled>1</Enabled>
901
<ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
902
<ModulePriority>Low</ModulePriority>
903
<Severity>Low</Severity>
904
<MaxVulnLimit>100</MaxVulnLimit>
905
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
906
<MaxVarianceLimit>5</MaxVarianceLimit>
907
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
908
<EnforceEncoding>0</EnforceEncoding>
909
<ApplyPolicySeverity>0</ApplyPolicySeverity>
910
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
911
<ParameterLocations></ParameterLocations>
912
<RequestOriginations>AJAX</RequestOriginations>
913
<DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>
914
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
915
</AttackModulePolicy>
916
<AttackModulePolicy>
917
<Enabled>1</Enabled>
918
<ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
919
<ModulePriority>Low</ModulePriority>
920
<Severity>Medium</Severity>
921
<MaxVulnLimit>25</MaxVulnLimit>
922
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
923
<MaxVarianceLimit>2</MaxVarianceLimit>
924
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
925
<EnforceEncoding>0</EnforceEncoding>
926
<ApplyPolicySeverity>0</ApplyPolicySeverity>
927
<AttackPoints>Response Analysis</AttackPoints>
928
<ParameterLocations></ParameterLocations>
929
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
930
<DisplayName>Credentials over an insecure channel</DisplayName>
931
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
932
</AttackModulePolicy>
933
<AttackModulePolicy>
934
<Enabled>1</Enabled>
935
<ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>
936
<ModulePriority>Medium</ModulePriority>
937
<Severity>Informational</Severity>
938
<MaxVulnLimit>100</MaxVulnLimit>
939
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
940
<MaxVarianceLimit>4</MaxVarianceLimit>
941
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
942
<EnforceEncoding>0</EnforceEncoding>
943
<ApplyPolicySeverity>0</ApplyPolicySeverity>
944
<AttackPoints>Response Analysis</AttackPoints>
945
<ParameterLocations></ParameterLocations>
946
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
947
<DisplayName>Content Security Policy Header</DisplayName>
948
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
949
</AttackModulePolicy>
950
<AttackModulePolicy>
951
<Enabled>1</Enabled>
952
<ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
953
<ModulePriority>Low</ModulePriority>
954
<Severity>Low</Severity>
955
<MaxVulnLimit>250</MaxVulnLimit>
956
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
957
<MaxVarianceLimit>2</MaxVarianceLimit>
958
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
959
<EnforceEncoding>0</EnforceEncoding>
960
<ApplyPolicySeverity>0</ApplyPolicySeverity>
961
<AttackPoints>Web Resource</AttackPoints>
962
<ParameterLocations></ParameterLocations>
963
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
964
<DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>
965
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
966
</AttackModulePolicy>
967
<AttackModulePolicy>
968
<Enabled>0</Enabled>
969
<ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
970
<ModulePriority>Medium</ModulePriority>
971
<Severity>Informational</Severity>
972
<MaxVulnLimit>20</MaxVulnLimit>
973
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
974
<MaxVarianceLimit>1</MaxVarianceLimit>
975
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
976
<EnforceEncoding>0</EnforceEncoding>
977
<ApplyPolicySeverity>0</ApplyPolicySeverity>
978
<AttackPoints>Directory</AttackPoints>
979
<ParameterLocations></ParameterLocations>
980
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
981
<DisplayName>Custom Directory Module</DisplayName>
982
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
983
</AttackModulePolicy>
984
<AttackModulePolicy>
985
<Enabled>0</Enabled>
986
<ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
987
<ModulePriority>Medium</ModulePriority>
988
<Severity>Informational</Severity>
989
<MaxVulnLimit>20</MaxVulnLimit>
990
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
991
<MaxVarianceLimit>1</MaxVarianceLimit>
992
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
993
<EnforceEncoding>0</EnforceEncoding>
994
<ApplyPolicySeverity>0</ApplyPolicySeverity>
995
<AttackPoints>Parameter</AttackPoints>
996
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
997
</ParameterLocations>
998
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
999
<DisplayName>Custom Parameter Module</DisplayName>
1000
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1001
</AttackModulePolicy>
1002
<AttackModulePolicy>
1003
<Enabled>0</Enabled>
1004
<ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
1005
<ModulePriority>Medium</ModulePriority>
1006
<Severity>Informational</Severity>
1007
<MaxVulnLimit>20</MaxVulnLimit>
1008
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1009
<MaxVarianceLimit>1</MaxVarianceLimit>
1010
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1011
<EnforceEncoding>0</EnforceEncoding>
1012
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1013
<AttackPoints>Response Analysis</AttackPoints>
1014
<ParameterLocations></ParameterLocations>
1015
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1016
<DisplayName>Custom Passive Module</DisplayName>
1017
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1018
</AttackModulePolicy>
1019
<AttackModulePolicy>
1020
<Enabled>1</Enabled>
1021
<ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
1022
<ModulePriority>Medium</ModulePriority>
1023
<Severity>Low</Severity>
1024
<MaxVulnLimit>250</MaxVulnLimit>
1025
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1026
<MaxVarianceLimit>1</MaxVarianceLimit>
1027
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1028
<EnforceEncoding>0</EnforceEncoding>
1029
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1030
<AttackPoints>Directory</AttackPoints>
1031
<ParameterLocations></ParameterLocations>
1032
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1033
<DisplayName>Directory Indexing</DisplayName>
1034
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1035
</AttackModulePolicy>
1036
<AttackModulePolicy>
1037
<Enabled>1</Enabled>
1038
<ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
1039
<ModulePriority>Low</ModulePriority>
1040
<Severity>Informational</Severity>
1041
<MaxVulnLimit>150</MaxVulnLimit>
1042
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1043
<MaxVarianceLimit>4</MaxVarianceLimit>
1044
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1045
<EnforceEncoding>0</EnforceEncoding>
1046
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1047
<AttackPoints>Response Analysis</AttackPoints>
1048
<ParameterLocations></ParameterLocations>
1049
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1050
<DisplayName>Email Disclosure</DisplayName>
1051
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1052
</AttackModulePolicy>
1053
<AttackModulePolicy>
1054
<Enabled>1</Enabled>
1055
<ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
1056
<ModulePriority>High</ModulePriority>
1057
<Severity>High</Severity>
1058
<MaxVulnLimit>100</MaxVulnLimit>
1059
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1060
<MaxVarianceLimit>4</MaxVarianceLimit>
1061
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1062
<EnforceEncoding>0</EnforceEncoding>
1063
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1064
<AttackPoints>Parameter</AttackPoints>
1065
<ParameterLocations>Path|Query|Post</ParameterLocations>
1066
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1067
<DisplayName>Expression Language Injection</DisplayName>
1068
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1069
</AttackModulePolicy>
1070
<AttackModulePolicy>
1071
<Enabled>1</Enabled>
1072
<ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
1073
<ModulePriority>Low</ModulePriority>
1074
<Severity>Low</Severity>
1075
<MaxVulnLimit>100</MaxVulnLimit>
1076
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1077
<MaxVarianceLimit>2</MaxVarianceLimit>
1078
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1079
<EnforceEncoding>0</EnforceEncoding>
1080
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1081
<AttackPoints>Parameter</AttackPoints>
1082
<ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
1083
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1084
<DisplayName>Forced Browsing</DisplayName>
1085
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1086
</AttackModulePolicy>
1087
<AttackModulePolicy>
1088
<Enabled>1</Enabled>
1089
<ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
1090
<ModulePriority>Medium</ModulePriority>
1091
<Severity>Low</Severity>
1092
<MaxVulnLimit>200</MaxVulnLimit>
1093
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1094
<MaxVarianceLimit>2</MaxVarianceLimit>
1095
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1096
<EnforceEncoding>0</EnforceEncoding>
1097
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1098
<AttackPoints>Response Analysis</AttackPoints>
1099
<ParameterLocations></ParameterLocations>
1100
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1101
<DisplayName>Sensitive Data Exposure</DisplayName>
1102
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1103
</AttackModulePolicy>
1104
<AttackModulePolicy>
1105
<Enabled>1</Enabled>
1106
<ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
1107
<ModulePriority>High</ModulePriority>
1108
<Severity>Low</Severity>
1109
<MaxVulnLimit>5</MaxVulnLimit>
1110
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1111
<MaxVarianceLimit>4</MaxVarianceLimit>
1112
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1113
<EnforceEncoding>0</EnforceEncoding>
1114
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1115
<AttackPoints>Web Resource</AttackPoints>
1116
<ParameterLocations></ParameterLocations>
1117
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1118
<DisplayName>Form Session Strength</DisplayName>
1119
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1120
</AttackModulePolicy>
1121
<AttackModulePolicy>
1122
<Enabled>1</Enabled>
1123
<ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
1124
<ModulePriority>High</ModulePriority>
1125
<Severity>High</Severity>
1126
<MaxVulnLimit>25</MaxVulnLimit>
1127
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1128
<MaxVarianceLimit>50</MaxVarianceLimit>
1129
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1130
<EnforceEncoding>0</EnforceEncoding>
1131
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1132
<AttackPoints>Web Site</AttackPoints>
1133
<ParameterLocations></ParameterLocations>
1134
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1135
<DisplayName>FrontPage Checks</DisplayName>
1136
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1137
</AttackModulePolicy>
1138
<AttackModulePolicy>
1139
<Enabled>1</Enabled>
1140
<ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
1141
<ModulePriority>High</ModulePriority>
1142
<Severity>High</Severity>
1143
<MaxVulnLimit>25</MaxVulnLimit>
1144
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1145
<MaxVarianceLimit>1</MaxVarianceLimit>
1146
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1147
<EnforceEncoding>0</EnforceEncoding>
1148
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1149
<AttackPoints>Web Site</AttackPoints>
1150
<ParameterLocations></ParameterLocations>
1151
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1152
<DisplayName>Heartbleed Check</DisplayName>
1153
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1154
</AttackModulePolicy>
1155
<AttackModulePolicy>
1156
<Enabled>1</Enabled>
1157
<ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
1158
<ModulePriority>Low</ModulePriority>
1159
<Severity>Informational</Severity>
1160
<MaxVulnLimit>20</MaxVulnLimit>
1161
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1162
<MaxVarianceLimit>1</MaxVarianceLimit>
1163
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1164
<EnforceEncoding>0</EnforceEncoding>
1165
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1166
<AttackPoints>Response Analysis</AttackPoints>
1167
<ParameterLocations></ParameterLocations>
1168
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1169
<DisplayName>HTTP Strict Transport Security</DisplayName>
1170
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1171
</AttackModulePolicy>
1172
<AttackModulePolicy>
1173
<Enabled>1</Enabled>
1174
<ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
1175
<ModulePriority>Low</ModulePriority>
1176
<Severity>Low</Severity>
1177
<MaxVulnLimit>20</MaxVulnLimit>
1178
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
1179
<MaxVarianceLimit>4</MaxVarianceLimit>
1180
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1181
<EnforceEncoding>0</EnforceEncoding>
1182
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1183
<AttackPoints>Response Analysis</AttackPoints>
1184
<ParameterLocations></ParameterLocations>
1185
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1186
<DisplayName>HTTP Authentication over insecure channel</DisplayName>
1187
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1188
</AttackModulePolicy>
1189
<AttackModulePolicy>
1190
<Enabled>1</Enabled>
1191
<ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
1192
<ModulePriority>Low</ModulePriority>
1193
<Severity>Low</Severity>
1194
<MaxVulnLimit>200</MaxVulnLimit>
1195
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1196
<MaxVarianceLimit>1</MaxVarianceLimit>
1197
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1198
<EnforceEncoding>0</EnforceEncoding>
1199
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1200
<AttackPoints>Web Resource</AttackPoints>
1201
<ParameterLocations></ParameterLocations>
1202
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1203
<DisplayName>HTTPS Downgrade</DisplayName>
1204
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1205
</AttackModulePolicy>
1206
<AttackModulePolicy>
1207
<Enabled>1</Enabled>
1208
<ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
1209
<ModulePriority>Medium</ModulePriority>
1210
<Severity>Informational</Severity>
1211
<MaxVulnLimit>200</MaxVulnLimit>
1212
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1213
<MaxVarianceLimit>4</MaxVarianceLimit>
1214
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1215
<EnforceEncoding>0</EnforceEncoding>
1216
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1217
<AttackPoints>Response Analysis</AttackPoints>
1218
<ParameterLocations></ParameterLocations>
1219
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1220
<DisplayName>HTTP Headers</DisplayName>
1221
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1222
</AttackModulePolicy>
1223
<AttackModulePolicy>
1224
<Enabled>1</Enabled>
1225
<ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
1226
<ModulePriority>High</ModulePriority>
1227
<Severity>High</Severity>
1228
<MaxVulnLimit>200</MaxVulnLimit>
1229
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1230
<MaxVarianceLimit>4</MaxVarianceLimit>
1231
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1232
<EnforceEncoding>0</EnforceEncoding>
1233
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1234
<AttackPoints>Parameter</AttackPoints>
1235
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1236
</ParameterLocations>
1237
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1238
<DisplayName>HTTP Response Splitting</DisplayName>
1239
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1240
</AttackModulePolicy>
1241
<AttackModulePolicy>
1242
<Enabled>1</Enabled>
1243
<ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>
1244
<ModulePriority>Low</ModulePriority>
1245
<Severity>Low</Severity>
1246
<MaxVulnLimit>200</MaxVulnLimit>
1247
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1248
<MaxVarianceLimit>1</MaxVarianceLimit>
1249
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1250
<EnforceEncoding>0</EnforceEncoding>
1251
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1252
<AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>
1253
<ParameterLocations></ParameterLocations>
1254
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1255
<DisplayName>HTTPS Everywhere</DisplayName>
1256
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1257
</AttackModulePolicy>
1258
<AttackModulePolicy>
1259
<Enabled>1</Enabled>
1260
<ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>
1261
<ModulePriority>Low</ModulePriority>
1262
<Severity>Informational</Severity>
1263
<MaxVulnLimit>20</MaxVulnLimit>
1264
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1265
<MaxVarianceLimit>1</MaxVarianceLimit>
1266
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1267
<EnforceEncoding>0</EnforceEncoding>
1268
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1269
<AttackPoints>Web Resource</AttackPoints>
1270
<ParameterLocations></ParameterLocations>
1271
<RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1272
<DisplayName>HTTP User-Agent Check</DisplayName>
1273
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1274
</AttackModulePolicy>
1275
<AttackModulePolicy>
1276
<Enabled>1</Enabled>
1277
<ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
1278
<ModulePriority>Low</ModulePriority>
1279
<Severity>Informational</Severity>
1280
<MaxVulnLimit>500</MaxVulnLimit>
1281
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1282
<MaxVarianceLimit>4</MaxVarianceLimit>
1283
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1284
<EnforceEncoding>0</EnforceEncoding>
1285
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1286
<AttackPoints>Response Analysis</AttackPoints>
1287
<ParameterLocations></ParameterLocations>
1288
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1289
<DisplayName>Information Disclosure in response</DisplayName>
1290
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1291
</AttackModulePolicy>
1292
<AttackModulePolicy>
1293
<Enabled>1</Enabled>
1294
<ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
1295
<ModulePriority>High</ModulePriority>
1296
<Severity>Low</Severity>
1297
<MaxVulnLimit>500</MaxVulnLimit>
1298
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1299
<MaxVarianceLimit>4</MaxVarianceLimit>
1300
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1301
<EnforceEncoding>0</EnforceEncoding>
1302
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1303
<AttackPoints>Response Analysis</AttackPoints>
1304
<ParameterLocations></ParameterLocations>
1305
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1306
<DisplayName>Information Leakage in responses</DisplayName>
1307
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1308
</AttackModulePolicy>
1309
<AttackModulePolicy>
1310
<Enabled>1</Enabled>
1311
<ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
1312
<ModulePriority>Low</ModulePriority>
1313
<Severity>Low</Severity>
1314
<MaxVulnLimit>100</MaxVulnLimit>
1315
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1316
<MaxVarianceLimit>4</MaxVarianceLimit>
1317
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1318
<EnforceEncoding>0</EnforceEncoding>
1319
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1320
<AttackPoints>Web Resource</AttackPoints>
1321
<ParameterLocations></ParameterLocations>
1322
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1323
<DisplayName>Java Grinder</DisplayName>
1324
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1325
</AttackModulePolicy>
1326
<AttackModulePolicy>
1327
<Enabled>1</Enabled>
1328
<ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>
1329
<ModulePriority>Low</ModulePriority>
1330
<Severity>Informational</Severity>
1331
<MaxVulnLimit>100</MaxVulnLimit>
1332
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1333
<MaxVarianceLimit>4</MaxVarianceLimit>
1334
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1335
<EnforceEncoding>0</EnforceEncoding>
1336
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1337
<AttackPoints>Response Analysis</AttackPoints>
1338
<ParameterLocations></ParameterLocations>
1339
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1340
<DisplayName>JavaScript Memory Leaks</DisplayName>
1341
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1342
</AttackModulePolicy>
1343
<AttackModulePolicy>
1344
<Enabled>1</Enabled>
1345
<ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
1346
<ModulePriority>High</ModulePriority>
1347
<Severity>High</Severity>
1348
<MaxVulnLimit>100</MaxVulnLimit>
1349
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
1350
<MaxVarianceLimit>4</MaxVarianceLimit>
1351
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1352
<EnforceEncoding>0</EnforceEncoding>
1353
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1354
<AttackPoints>Parameter</AttackPoints>
1355
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1356
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1357
<DisplayName>LDAP Injection</DisplayName>
1358
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1359
</AttackModulePolicy>
1360
<AttackModulePolicy>
1361
<Enabled>1</Enabled>
1362
<ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
1363
<ModulePriority>High</ModulePriority>
1364
<Severity>Informational</Severity>
1365
<MaxVulnLimit>250</MaxVulnLimit>
1366
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1367
<MaxVarianceLimit>4</MaxVarianceLimit>
1368
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1369
<EnforceEncoding>0</EnforceEncoding>
1370
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1371
<AttackPoints>Response Analysis</AttackPoints>
1372
<ParameterLocations></ParameterLocations>
1373
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1374
<DisplayName>Local Storage Usage</DisplayName>
1375
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1376
</AttackModulePolicy>
1377
<AttackModulePolicy>
1378
<Enabled>1</Enabled>
1379
<ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
1380
<ModulePriority>Medium</ModulePriority>
1381
<Severity>Low</Severity>
1382
<MaxVulnLimit>100</MaxVulnLimit>
1383
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1384
<MaxVarianceLimit>4</MaxVarianceLimit>
1385
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1386
<EnforceEncoding>0</EnforceEncoding>
1387
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1388
<AttackPoints>Parameter|Response Analysis</AttackPoints>
1389
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1390
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1391
<DisplayName>Business logic abuse attacks</DisplayName>
1392
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1393
</AttackModulePolicy>
1394
<AttackModulePolicy>
1395
<Enabled>1</Enabled>
1396
<ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
1397
<ModulePriority>High</ModulePriority>
1398
<Severity>High</Severity>
1399
<MaxVulnLimit>10</MaxVulnLimit>
1400
<MaxPerWebSiteVulnLimit>1</MaxPerWebSiteVulnLimit>
1401
<MaxVarianceLimit>1</MaxVarianceLimit>
1402
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1403
<EnforceEncoding>0</EnforceEncoding>
1404
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1405
<AttackPoints>Parameter</AttackPoints>
1406
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1407
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1408
<DisplayName>Nginx NULL code</DisplayName>
1409
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1410
</AttackModulePolicy>
1411
<AttackModulePolicy>
1412
<Enabled>1</Enabled>
1413
<ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>
1414
<ModulePriority>High</ModulePriority>
1415
<Severity>High</Severity>
1416
<MaxVulnLimit>500</MaxVulnLimit>
1417
<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1418
<MaxVarianceLimit>4</MaxVarianceLimit>
1419
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1420
<EnforceEncoding>0</EnforceEncoding>
1421
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1422
<AttackPoints>Parameter</AttackPoints>
1423
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1424
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1425
<DisplayName>NoSQLi Injection</DisplayName>
1426
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1427
</AttackModulePolicy>
1428
<AttackModulePolicy>
1429
<Enabled>1</Enabled>
1430
<ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>
1431
<ModulePriority>High</ModulePriority>
1432
<Severity>High</Severity>
1433
<MaxVulnLimit>250</MaxVulnLimit>
1434
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1435
<MaxVarianceLimit>4</MaxVarianceLimit>
1436
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1437
<EnforceEncoding>0</EnforceEncoding>
1438
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1439
<AttackPoints>Parameter</AttackPoints>
1440
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1441
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1442
<DisplayName>Blind NoSQLi</DisplayName>
1443
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1444
</AttackModulePolicy>
1445
<AttackModulePolicy>
1446
<Enabled>1</Enabled>
1447
<ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
1448
<ModulePriority>Medium</ModulePriority>
1449
<Severity>High</Severity>
1450
<MaxVulnLimit>200</MaxVulnLimit>
1451
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1452
<MaxVarianceLimit>4</MaxVarianceLimit>
1453
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1454
<EnforceEncoding>0</EnforceEncoding>
1455
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1456
<AttackPoints>Parameter</AttackPoints>
1457
<ParameterLocations>File|Path|Query|Post</ParameterLocations>
1458
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1459
<DisplayName>OS Commanding</DisplayName>
1460
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1461
</AttackModulePolicy>
1462
<AttackModulePolicy>
1463
<Enabled>1</Enabled>
1464
<ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
1465
<ModulePriority>High</ModulePriority>
1466
<Severity>High</Severity>
1467
<MaxVulnLimit>250</MaxVulnLimit>
1468
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1469
<MaxVarianceLimit>5</MaxVarianceLimit>
1470
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1471
<EnforceEncoding>0</EnforceEncoding>
1472
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1473
<AttackPoints>Parameter</AttackPoints>
1474
<ParameterLocations>Query|Post</ParameterLocations>
1475
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1476
<DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>
1477
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1478
</AttackModulePolicy>
1479
<AttackModulePolicy>
1480
<Enabled>1</Enabled>
1481
<ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
1482
<ModulePriority>High</ModulePriority>
1483
<Severity>Medium</Severity>
1484
<MaxVulnLimit>250</MaxVulnLimit>
1485
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1486
<MaxVarianceLimit>5</MaxVarianceLimit>
1487
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1488
<EnforceEncoding>0</EnforceEncoding>
1489
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1490
<AttackPoints>Parameter</AttackPoints>
1491
<ParameterLocations>Query|Post</ParameterLocations>
1492
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1493
<DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>
1494
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1495
</AttackModulePolicy>
1496
<AttackModulePolicy>
1497
<Enabled>1</Enabled>
1498
<ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
1499
<ModulePriority>High</ModulePriority>
1500
<Severity>Medium</Severity>
1501
<MaxVulnLimit>500</MaxVulnLimit>
1502
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1503
<MaxVarianceLimit>4</MaxVarianceLimit>
1504
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1505
<EnforceEncoding>0</EnforceEncoding>
1506
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1507
<AttackPoints>Parameter</AttackPoints>
1508
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1509
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1510
<DisplayName>Parameter Fuzzing</DisplayName>
1511
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1512
</AttackModulePolicy>
1513
<AttackModulePolicy>
1514
<Enabled>1</Enabled>
1515
<ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
1516
<ModulePriority>High</ModulePriority>
1517
<Severity>Low</Severity>
1518
<MaxVulnLimit>10</MaxVulnLimit>
1519
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1520
<MaxVarianceLimit>2</MaxVarianceLimit>
1521
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1522
<EnforceEncoding>0</EnforceEncoding>
1523
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1524
<AttackPoints>Response Analysis</AttackPoints>
1525
<ParameterLocations></ParameterLocations>
1526
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1527
<DisplayName>Credentials stored in clear text in a cookie.</DisplayName>
1528
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1529
</AttackModulePolicy>
1530
<AttackModulePolicy>
1531
<Enabled>1</Enabled>
1532
<ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
1533
<ModulePriority>Medium</ModulePriority>
1534
<Severity>Informational</Severity>
1535
<MaxVulnLimit>200</MaxVulnLimit>
1536
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1537
<MaxVarianceLimit>10</MaxVarianceLimit>
1538
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1539
<EnforceEncoding>0</EnforceEncoding>
1540
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1541
<AttackPoints>Response Analysis</AttackPoints>
1542
<ParameterLocations></ParameterLocations>
1543
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1544
<DisplayName>Collecting Sensitive Personal Information</DisplayName>
1545
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1546
</AttackModulePolicy>
1547
<AttackModulePolicy>
1548
<Enabled>1</Enabled>
1549
<ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
1550
<ModulePriority>High</ModulePriority>
1551
<Severity>Medium</Severity>
1552
<MaxVulnLimit>100</MaxVulnLimit>
1553
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1554
<MaxVarianceLimit>4</MaxVarianceLimit>
1555
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1556
<EnforceEncoding>0</EnforceEncoding>
1557
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1558
<AttackPoints>Parameter</AttackPoints>
1559
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1560
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1561
<DisplayName>PHP Code Execution</DisplayName>
1562
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1563
</AttackModulePolicy>
1564
<AttackModulePolicy>
1565
<Enabled>1</Enabled>
1566
<ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>
1567
<ModulePriority>High</ModulePriority>
1568
<Severity>Low</Severity>
1569
<MaxVulnLimit>4</MaxVulnLimit>
1570
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1571
<MaxVarianceLimit>4</MaxVarianceLimit>
1572
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1573
<EnforceEncoding>0</EnforceEncoding>
1574
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1575
<AttackPoints>Web Resource</AttackPoints>
1576
<ParameterLocations></ParameterLocations>
1577
<RequestOriginations>HTML</RequestOriginations>
1578
<DisplayName>Privacy Policy Check</DisplayName>
1579
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1580
</AttackModulePolicy>
1581
<AttackModulePolicy>
1582
<Enabled>1</Enabled>
1583
<ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
1584
<ModulePriority>Low</ModulePriority>
1585
<Severity>Informational</Severity>
1586
<MaxVulnLimit>250</MaxVulnLimit>
1587
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1588
<MaxVarianceLimit>10</MaxVarianceLimit>
1589
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1590
<EnforceEncoding>0</EnforceEncoding>
1591
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1592
<AttackPoints>Response Analysis</AttackPoints>
1593
<ParameterLocations></ParameterLocations>
1594
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1595
<DisplayName>Privacy Disclosure</DisplayName>
1596
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1597
</AttackModulePolicy>
1598
<AttackModulePolicy>
1599
<Enabled>1</Enabled>
1600
<ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
1601
<ModulePriority>Medium</ModulePriority>
1602
<Severity>Low</Severity>
1603
<MaxVulnLimit>10</MaxVulnLimit>
1604
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1605
<MaxVarianceLimit>4</MaxVarianceLimit>
1606
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1607
<EnforceEncoding>0</EnforceEncoding>
1608
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1609
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
1610
<ParameterLocations></ParameterLocations>
1611
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1612
<DisplayName>Privilege Escalation</DisplayName>
1613
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1614
</AttackModulePolicy>
1615
<AttackModulePolicy>
1616
<Enabled>1</Enabled>
1617
<ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
1618
<ModulePriority>Low</ModulePriority>
1619
<Severity>Informational</Severity>
1620
<MaxVulnLimit>200</MaxVulnLimit>
1621
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1622
<MaxVarianceLimit>4</MaxVarianceLimit>
1623
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1624
<EnforceEncoding>0</EnforceEncoding>
1625
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1626
<AttackPoints>Response Analysis</AttackPoints>
1627
<ParameterLocations></ParameterLocations>
1628
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1629
<DisplayName>Profanity</DisplayName>
1630
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1631
</AttackModulePolicy>
1632
<AttackModulePolicy>
1633
<Enabled>1</Enabled>
1634
<ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
1635
<ModulePriority>Low</ModulePriority>
1636
<Severity>Informational</Severity>
1637
<MaxVulnLimit>500</MaxVulnLimit>
1638
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1639
<MaxVarianceLimit>4</MaxVarianceLimit>
1640
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1641
<EnforceEncoding>0</EnforceEncoding>
1642
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1643
<AttackPoints>Parameter</AttackPoints>
1644
<ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
1645
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1646
<DisplayName>Reflection</DisplayName>
1647
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1648
</AttackModulePolicy>
1649
<AttackModulePolicy>
1650
<Enabled>1</Enabled>
1651
<ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
1652
<ModulePriority>Medium</ModulePriority>
1653
<Severity>Medium</Severity>
1654
<MaxVulnLimit>1000</MaxVulnLimit>
1655
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1656
<MaxVarianceLimit>4</MaxVarianceLimit>
1657
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1658
<EnforceEncoding>0</EnforceEncoding>
1659
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1660
<AttackPoints>Directory|File|Parameter</AttackPoints>
1661
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1662
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1663
<DisplayName>File Inclusion</DisplayName>
1664
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1665
</AttackModulePolicy>
1666
<AttackModulePolicy>
1667
<Enabled>1</Enabled>
1668
<ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
1669
<ModulePriority>Low</ModulePriority>
1670
<Severity>Informational</Severity>
1671
<MaxVulnLimit>50</MaxVulnLimit>
1672
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1673
<MaxVarianceLimit>2</MaxVarianceLimit>
1674
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1675
<EnforceEncoding>0</EnforceEncoding>
1676
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1677
<AttackPoints>Web Resource</AttackPoints>
1678
<ParameterLocations></ParameterLocations>
1679
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1680
<DisplayName>HTTP Verb Tampering</DisplayName>
1681
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1682
</AttackModulePolicy>
1683
<AttackModulePolicy>
1684
<Enabled>1</Enabled>
1685
<ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
1686
<ModulePriority>Low</ModulePriority>
1687
<Severity>Low</Severity>
1688
<MaxVulnLimit>200</MaxVulnLimit>
1689
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1690
<MaxVarianceLimit>10</MaxVarianceLimit>
1691
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1692
<EnforceEncoding>0</EnforceEncoding>
1693
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1694
<AttackPoints>Web Site|Directory|File</AttackPoints>
1695
<ParameterLocations></ParameterLocations>
1696
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1697
<DisplayName>Predictable Resource Location</DisplayName>
1698
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1699
</AttackModulePolicy>
1700
<AttackModulePolicy>
1701
<Enabled>1</Enabled>
1702
<ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
1703
<ModulePriority>Medium</ModulePriority>
1704
<Severity>Medium</Severity>
1705
<MaxVulnLimit>250</MaxVulnLimit>
1706
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1707
<MaxVarianceLimit>4</MaxVarianceLimit>
1708
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1709
<EnforceEncoding>0</EnforceEncoding>
1710
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1711
<AttackPoints>Parameter</AttackPoints>
1712
<ParameterLocations>Query</ParameterLocations>
1713
<RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
1714
<DisplayName>Reverse Clickjacking</DisplayName>
1715
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1716
</AttackModulePolicy>
1717
<AttackModulePolicy>
1718
<Enabled>1</Enabled>
1719
<ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
1720
<ModulePriority>High</ModulePriority>
1721
<Severity>Low</Severity>
1722
<MaxVulnLimit>25</MaxVulnLimit>
1723
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1724
<MaxVarianceLimit>1</MaxVarianceLimit>
1725
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1726
<EnforceEncoding>0</EnforceEncoding>
1727
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1728
<AttackPoints>Web Site</AttackPoints>
1729
<ParameterLocations></ParameterLocations>
1730
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1731
<DisplayName>Reverse Proxy</DisplayName>
1732
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1733
</AttackModulePolicy>
1734
<AttackModulePolicy>
1735
<Enabled>1</Enabled>
1736
<ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
1737
<ModulePriority>Low</ModulePriority>
1738
<Severity>Low</Severity>
1739
<MaxVulnLimit>200</MaxVulnLimit>
1740
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1741
<MaxVarianceLimit>4</MaxVarianceLimit>
1742
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1743
<EnforceEncoding>0</EnforceEncoding>
1744
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1745
<AttackPoints>Response Analysis</AttackPoints>
1746
<ParameterLocations></ParameterLocations>
1747
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1748
<DisplayName>Information Disclosure in scripts</DisplayName>
1749
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1750
</AttackModulePolicy>
1751
<AttackModulePolicy>
1752
<Enabled>1</Enabled>
1753
<ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
1754
<ModulePriority>Low</ModulePriority>
1755
<Severity>Informational</Severity>
1756
<MaxVulnLimit>250</MaxVulnLimit>
1757
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1758
<MaxVarianceLimit>3</MaxVarianceLimit>
1759
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1760
<EnforceEncoding>0</EnforceEncoding>
1761
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1762
<AttackPoints>Response Analysis</AttackPoints>
1763
<ParameterLocations></ParameterLocations>
1764
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1765
<DisplayName>Secure and non-secure content mix</DisplayName>
1766
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1767
</AttackModulePolicy>
1768
<AttackModulePolicy>
1769
<Enabled>1</Enabled>
1770
<ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
1771
<ModulePriority>Low</ModulePriority>
1772
<Severity>Low</Severity>
1773
<MaxVulnLimit>100</MaxVulnLimit>
1774
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1775
<MaxVarianceLimit>4</MaxVarianceLimit>
1776
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1777
<EnforceEncoding>0</EnforceEncoding>
1778
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1779
<AttackPoints>Response Analysis</AttackPoints>
1780
<ParameterLocations></ParameterLocations>
1781
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1782
<DisplayName>Sensitive data over an insecure channel</DisplayName>
1783
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1784
</AttackModulePolicy>
1785
<AttackModulePolicy>
1786
<Enabled>1</Enabled>
1787
<ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
1788
<ModulePriority>High</ModulePriority>
1789
<Severity>Informational</Severity>
1790
<MaxVulnLimit>10</MaxVulnLimit>
1791
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1792
<MaxVarianceLimit>1</MaxVarianceLimit>
1793
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1794
<EnforceEncoding>0</EnforceEncoding>
1795
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1796
<AttackPoints>Web Site|Response Analysis</AttackPoints>
1797
<ParameterLocations></ParameterLocations>
1798
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1799
<DisplayName>Server Configuration</DisplayName>
1800
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1801
</AttackModulePolicy>
1802
<AttackModulePolicy>
1803
<Enabled>1</Enabled>
1804
<ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
1805
<ModulePriority>Medium</ModulePriority>
1806
<Severity>Medium</Severity>
1807
<MaxVulnLimit>150</MaxVulnLimit>
1808
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1809
<MaxVarianceLimit>4</MaxVarianceLimit>
1810
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1811
<EnforceEncoding>0</EnforceEncoding>
1812
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1813
<AttackPoints>Parameter</AttackPoints>
1814
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1815
</ParameterLocations>
1816
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1817
<DisplayName>Server Side Include (SSI) Injection</DisplayName>
1818
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1819
</AttackModulePolicy>
1820
<AttackModulePolicy>
1821
<Enabled>1</Enabled>
1822
<ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>
1823
<ModulePriority>High</ModulePriority>
1824
<Severity>High</Severity>
1825
<MaxVulnLimit>250</MaxVulnLimit>
1826
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1827
<MaxVarianceLimit>4</MaxVarianceLimit>
1828
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1829
<EnforceEncoding>0</EnforceEncoding>
1830
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1831
<AttackPoints>Directory|File|Parameter</AttackPoints>
1832
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1833
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1834
<DisplayName>Server Side Request Forgery</DisplayName>
1835
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1836
</AttackModulePolicy>
1837
<AttackModulePolicy>
1838
<Enabled>1</Enabled>
1839
<ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>
1840
<ModulePriority>High</ModulePriority>
1841
<Severity>High</Severity>
1842
<MaxVulnLimit>200</MaxVulnLimit>
1843
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1844
<MaxVarianceLimit>4</MaxVarianceLimit>
1845
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1846
<EnforceEncoding>0</EnforceEncoding>
1847
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1848
<AttackPoints>Parameter</AttackPoints>
1849
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1850
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1851
<DisplayName>Server Side Template Injection</DisplayName>
1852
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1853
</AttackModulePolicy>
1854
<AttackModulePolicy>
1855
<Enabled>1</Enabled>
1856
<ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
1857
<ModulePriority>High</ModulePriority>
1858
<Severity>Medium</Severity>
1859
<MaxVulnLimit>25</MaxVulnLimit>
1860
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1861
<MaxVarianceLimit>2</MaxVarianceLimit>
1862
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1863
<EnforceEncoding>0</EnforceEncoding>
1864
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1865
<AttackPoints>Web Resource</AttackPoints>
1866
<ParameterLocations></ParameterLocations>
1867
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1868
<DisplayName>Session Fixation</DisplayName>
1869
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1870
</AttackModulePolicy>
1871
<AttackModulePolicy>
1872
<Enabled>1</Enabled>
1873
<ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>
1874
<ModulePriority>Low</ModulePriority>
1875
<Severity>Low</Severity>
1876
<MaxVulnLimit>10</MaxVulnLimit>
1877
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1878
<MaxVarianceLimit>1</MaxVarianceLimit>
1879
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1880
<EnforceEncoding>0</EnforceEncoding>
1881
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1882
<AttackPoints>Parameter</AttackPoints>
1883
<ParameterLocations>Directory|Path|Query</ParameterLocations>
1884
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1885
<DisplayName>HTTP Query Session Check</DisplayName>
1886
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1887
</AttackModulePolicy>
1888
<AttackModulePolicy>
1889
<Enabled>1</Enabled>
1890
<ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
1891
<ModulePriority>Medium</ModulePriority>
1892
<Severity>Low</Severity>
1893
<MaxVulnLimit>10</MaxVulnLimit>
1894
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1895
<MaxVarianceLimit>4</MaxVarianceLimit>
1896
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1897
<EnforceEncoding>0</EnforceEncoding>
1898
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1899
<AttackPoints>Web Resource</AttackPoints>
1900
<ParameterLocations></ParameterLocations>
1901
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1902
<DisplayName>Session Strength</DisplayName>
1903
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1904
</AttackModulePolicy>
1905
<AttackModulePolicy>
1906
<Enabled>1</Enabled>
1907
<ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>
1908
<ModulePriority>Medium</ModulePriority>
1909
<Severity>Low</Severity>
1910
<MaxVulnLimit>50</MaxVulnLimit>
1911
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1912
<MaxVarianceLimit>4</MaxVarianceLimit>
1913
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1914
<EnforceEncoding>0</EnforceEncoding>
1915
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1916
<AttackPoints>Response Analysis</AttackPoints>
1917
<ParameterLocations></ParameterLocations>
1918
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1919
<DisplayName>Session Upgrade</DisplayName>
1920
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1921
</AttackModulePolicy>
1922
<AttackModulePolicy>
1923
<Enabled>1</Enabled>
1924
<ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
1925
<ModulePriority>Low</ModulePriority>
1926
<Severity>Medium</Severity>
1927
<MaxVulnLimit>100</MaxVulnLimit>
1928
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1929
<MaxVarianceLimit>4</MaxVarianceLimit>
1930
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1931
<EnforceEncoding>0</EnforceEncoding>
1932
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1933
<AttackPoints>File</AttackPoints>
1934
<ParameterLocations></ParameterLocations>
1935
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1936
<DisplayName>Source Code Disclosure</DisplayName>
1937
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1938
</AttackModulePolicy>
1939
<AttackModulePolicy>
1940
<Enabled>1</Enabled>
1941
<ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
1942
<ModulePriority>High</ModulePriority>
1943
<Severity>Low</Severity>
1944
<MaxVulnLimit>250</MaxVulnLimit>
1945
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1946
<MaxVarianceLimit>4</MaxVarianceLimit>
1947
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1948
<EnforceEncoding>0</EnforceEncoding>
1949
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1950
<AttackPoints>Response Analysis</AttackPoints>
1951
<ParameterLocations></ParameterLocations>
1952
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1953
<DisplayName>SQL Information Leakage</DisplayName>
1954
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1955
</AttackModulePolicy>
1956
<AttackModulePolicy>
1957
<Enabled>1</Enabled>
1958
<ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
1959
<ModulePriority>High</ModulePriority>
1960
<Severity>High</Severity>
1961
<MaxVulnLimit>500</MaxVulnLimit>
1962
<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1963
<MaxVarianceLimit>4</MaxVarianceLimit>
1964
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1965
<EnforceEncoding>0</EnforceEncoding>
1966
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1967
<AttackPoints>Parameter</AttackPoints>
1968
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1969
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1970
<DisplayName>SQL Injection</DisplayName>
1971
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1972
</AttackModulePolicy>
1973
<AttackModulePolicy>
1974
<Enabled>1</Enabled>
1975
<ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
1976
<ModulePriority>High</ModulePriority>
1977
<Severity>High</Severity>
1978
<MaxVulnLimit>25</MaxVulnLimit>
1979
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1980
<MaxVarianceLimit>4</MaxVarianceLimit>
1981
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1982
<EnforceEncoding>0</EnforceEncoding>
1983
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1984
<AttackPoints>Parameter</AttackPoints>
1985
<ParameterLocations>Path|Query|Post</ParameterLocations>
1986
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1987
<DisplayName>SQL Injection Auth Bypass</DisplayName>
1988
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1989
</AttackModulePolicy>
1990
<AttackModulePolicy>
1991
<Enabled>1</Enabled>
1992
<ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
1993
<ModulePriority>Medium</ModulePriority>
1994
<Severity>Medium</Severity>
1995
<MaxVulnLimit>100</MaxVulnLimit>
1996
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1997
<MaxVarianceLimit>4</MaxVarianceLimit>
1998
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1999
<EnforceEncoding>0</EnforceEncoding>
2000
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2001
<AttackPoints>Response Analysis</AttackPoints>
2002
<ParameterLocations></ParameterLocations>
2003
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2004
<DisplayName>SQL Parameter Check</DisplayName>
2005
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2006
</AttackModulePolicy>
2007
<AttackModulePolicy>
2008
<Enabled>1</Enabled>
2009
<ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
2010
<ModulePriority>Medium</ModulePriority>
2011
<Severity>Informational</Severity>
2012
<MaxVulnLimit>25</MaxVulnLimit>
2013
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2014
<MaxVarianceLimit>100</MaxVarianceLimit>
2015
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2016
<EnforceEncoding>0</EnforceEncoding>
2017
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2018
<AttackPoints>Web Site</AttackPoints>
2019
<ParameterLocations></ParameterLocations>
2020
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2021
<DisplayName>SSL Strength</DisplayName>
2022
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2023
</AttackModulePolicy>
2024
<AttackModulePolicy>
2025
<Enabled>1</Enabled>
2026
<ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
2027
<ModulePriority>Medium</ModulePriority>
2028
<Severity>Informational</Severity>
2029
<MaxVulnLimit>50</MaxVulnLimit>
2030
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2031
<MaxVarianceLimit>20</MaxVarianceLimit>
2032
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2033
<EnforceEncoding>0</EnforceEncoding>
2034
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2035
<AttackPoints>Web Site</AttackPoints>
2036
<ParameterLocations></ParameterLocations>
2037
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2038
<DisplayName>Subdomain discovery</DisplayName>
2039
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2040
</AttackModulePolicy>
2041
<AttackModulePolicy>
2042
<Enabled>1</Enabled>
2043
<ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>
2044
<ModulePriority>Low</ModulePriority>
2045
<Severity>Low</Severity>
2046
<MaxVulnLimit>100</MaxVulnLimit>
2047
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2048
<MaxVarianceLimit>4</MaxVarianceLimit>
2049
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2050
<EnforceEncoding>0</EnforceEncoding>
2051
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2052
<AttackPoints>Response Analysis</AttackPoints>
2053
<ParameterLocations></ParameterLocations>
2054
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
2055
<DisplayName>Subresource Integrity</DisplayName>
2056
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2057
</AttackModulePolicy>
2058
<AttackModulePolicy>
2059
<Enabled>1</Enabled>
2060
<ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
2061
<ModulePriority>High</ModulePriority>
2062
<Severity>Medium</Severity>
2063
<MaxVulnLimit>40</MaxVulnLimit>
2064
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2065
<MaxVarianceLimit>4</MaxVarianceLimit>
2066
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2067
<EnforceEncoding>0</EnforceEncoding>
2068
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2069
<AttackPoints>Parameter</AttackPoints>
2070
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2071
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2072
<DisplayName>Unvalidated Redirect</DisplayName>
2073
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2074
</AttackModulePolicy>
2075