Scan Config XML Breakout

Below is a sample of an XML config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.
ScanConfig is the top-level structure in the Scan Configuration File and contains all elements of the config to be submitted. For Example:
Name sets the name for the config
AppVersion identifies which version of AppSpider the config was written for (defaults to the current major version of the Scan Engine)
Log is a binary field to tell the engine to enable or disable logging (defaults to "1")
- 1 - Enables Logging
- 2 - Disables Logging
A full breakout of all XML elements contained in a scan config can be found at Scan Configuration Parameters
Caution

All elements must be submitted for the XML to be considered a "well-formed" request. Failure to include any element will result in the request being dropped
XML File example

xml
1
<ScanConfig>
2
    <Name>webscantest</Name>
3
    <AppVersion>7.0</AppVersion>
4
    <Log>1</Log>
5
    <DetailedLogging>0</DetailedLogging>
6
    <IncludeTraffic>0</IncludeTraffic>
7
    <WindowsErrors>0</WindowsErrors>
8
    <UseSystemDsn>0</UseSystemDsn>
9
    <Recrawl>0</Recrawl>
10
    <PauseOnRecoverableError>1</PauseOnRecoverableError>
11
    <DisplayImminentLicenseExpiryMessage>1</DisplayImminentLicenseExpiryMessage>
12
    <ExecuteCommandLineURL></ExecuteCommandLineURL>
13
    <NotifyScanDoneURL></NotifyScanDoneURL>
14
    <JavaScriptEngine>Chrome</JavaScriptEngine>
15
    <MaxDatabaseSize>1073741824</MaxDatabaseSize>
16
    <MaxTrafficFiles>0</MaxTrafficFiles>
17
    <CrawlConfig>
18
        <MaxDomain>100</MaxDomain>
19
        <MaxCrawlResults>5000</MaxCrawlResults>
20
        <MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
21
        <MaxPerDirCrawlResults>400</MaxPerDirCrawlResults>
22
        <MaxPerLinkCrawlResults>40</MaxPerLinkCrawlResults>
23
        <MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
24
        <MaxPerDirChildNodes>300</MaxPerDirChildNodes>
25
        <MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
26
        <MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
27
        <MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
28
        <MaxPerQueryCrawlResults>100</MaxPerQueryCrawlResults>
29
        <RecursionDepth>2</RecursionDepth>
30
        <MaxDirDepth>15</MaxDirDepth>
31
        <DiscoveryDepth>-1</DiscoveryDepth>
32
        <UrlRepetitionTolerance>15</UrlRepetitionTolerance>
33
        <SequenceRepetitionTolerance>3</SequenceRepetitionTolerance>
34
        <MaxReportedImages>500</MaxReportedImages>
35
        <MaxReportedLinks>2500</MaxReportedLinks>
36
        <MaxReportedComments>500</MaxReportedComments>
37
        <MaxReportedScripts>500</MaxReportedScripts>
38
        <MaxReportedEmails>500</MaxReportedEmails>
39
        <MaxReportedForms>500</MaxReportedForms>
40
        <MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
41
        <MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
42
        <MaxBrowserDOMDepth>2</MaxBrowserDOMDepth>
43
        <MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
44
        <MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
45
        <MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
46
        <MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
47
        <NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
48
        <MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
49
        <MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>
50
        <MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>
51
        <CrawlPrioritization>Smart</CrawlPrioritization>
52
        <FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File
53
            (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
54
        <ServerErrorRegex></ServerErrorRegex>
55
        <InvalidURLRegexAttack>
56
            <![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]>
57
        </InvalidURLRegexAttack>
58
        <InvalidURLRegexCrawl>
59
            <![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]>
60
        </InvalidURLRegexCrawl>
61
        <PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>
62
        <LockCookies>0</LockCookies>
63
        <CaseSensitivity>Case Sensitive</CaseSensitivity>
64
        <UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
65
        <SaveReferences>0</SaveReferences>
66
        <UseBrowser>1</UseBrowser>
67
        <ShowBrowser>0</ShowBrowser>
68
        <StayOnPort>0</StayOnPort>
69
        <RestrictToMacro>0</RestrictToMacro>
70
        <RestrictToManualCrawling>0</RestrictToManualCrawling>
71
        <RestrictToSeedList>0</RestrictToSeedList>
72
        <RestrictToWebService>0</RestrictToWebService>
73
        <RestrictToSelenium>0</RestrictToSelenium>
74
        <RestrictToSwagger>0</RestrictToSwagger>
75
        <RestrictToAgentRoutes>0</RestrictToAgentRoutes>
76
        <ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
77
        <PageEqualThreshhold>0.95</PageEqualThreshhold>
78
        <PageSimilarThreshhold>0.8</PageSimilarThreshhold>
79
        <ExperimentalCrawling>Disabled</ExperimentalCrawling>
80
        <Flash>1</Flash>
81
        <EnableAdvancedParsers>1</EnableAdvancedParsers>
82
        <SearchForUrls>1</SearchForUrls>
83
        <CookieCommaSeparator>1</CookieCommaSeparator>
84
        <MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
85
        <BlacklistContactForms>0</BlacklistContactForms>
86
        <EnableRobotstxtSitemapCrawling>0</EnableRobotstxtSitemapCrawling>
87
        <LogDomContents>0</LogDomContents>
88
        <UseBrowserResponseCaching>1</UseBrowserResponseCaching>
89
        <FrameworksCrawlConfig>
90
            <EnableFrameworksCrawling>1</EnableFrameworksCrawling>
91
            <FrameworkConfigList>
92
                <FrameworkConfig>
93
                    <Name>ReactJS</Name>
94
                    <DefaultConfigVersion>2</DefaultConfigVersion>
95
                    <Enabled>1</Enabled>
96
                    <HEAD>1</HEAD>
97
                    <DetectionRegex>createReactRootIndex</DetectionRegex>
98
                    <HealthcheckString>react</HealthcheckString>
99
                    <FileName>fm.react.min.js</FileName>
100
                    <GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>
101
                    <GetAllEventsDelay>0</GetAllEventsDelay>
102
                    <GetVersionStringScript></GetVersionStringScript>
103
                </FrameworkConfig>
104
                <FrameworkConfig>
105
                    <Name>AngularJS</Name>
106
                    <DefaultConfigVersion>1</DefaultConfigVersion>
107
                    <Enabled>1</Enabled>
108
                    <HEAD>0</HEAD>
109
                    <DetectionRegex>ng-controller</DetectionRegex>
110
                    <HealthcheckString>angular</HealthcheckString>
111
                    <FileName>angular-hook-bundle.min.js</FileName>
112
                    <GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>
113
                    <GetAllEventsDelay>0</GetAllEventsDelay>
114
                    <GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>
115
                </FrameworkConfig>
116
                <FrameworkConfig>
117
                    <Name>KnockoutJS</Name>
118
                    <DefaultConfigVersion>1</DefaultConfigVersion>
119
                    <Enabled>1</Enabled>
120
                    <HEAD>0</HEAD>
121
                    <DetectionRegex>data-bind</DetectionRegex>
122
                    <HealthcheckString>ko</HealthcheckString>
123
                    <FileName>ko-hook-bundle.min.js</FileName>
124
                    <GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>
125
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
126
                    <GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>
127
                </FrameworkConfig>
128
                <FrameworkConfig>
129
                    <Name>AngularLib</Name>
130
                    <DefaultConfigVersion>2</DefaultConfigVersion>
131
                    <Enabled>1</Enabled>
132

133
                    <HEAD>0</HEAD>
134
                    <DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>
135
                    <HealthcheckString></HealthcheckString>
136
                    <FileName>angular-4-hook-bundle.min.js</FileName>
137
                    <GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>
138
                    <GetAllEventsDelay>6000</GetAllEventsDelay>
139
                    <GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>
140
                </FrameworkConfig>
141
                <FrameworkConfig>
142
                    <Name>ReactLib</Name>
143
                    <DefaultConfigVersion>1</DefaultConfigVersion>
144
                    <Enabled>1</Enabled>
145
                    <HEAD>0</HEAD>
146
                    <DetectionRegex>react-text</DetectionRegex>
147
                    <HealthcheckString></HealthcheckString>
148
                    <FileName>react-hook-bundle.min.js</FileName>
149
                    <GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>
150
                    <GetAllEventsDelay>8000</GetAllEventsDelay>
151
                    <GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
152
                </FrameworkConfig>
153
                <FrameworkConfig>
154
                    <Name>ReactTwo</Name>
155
                    <DefaultConfigVersion>1</DefaultConfigVersion>
156
                    <Enabled>1</Enabled>
157
                    <HEAD>0</HEAD>
158
                    <DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>
159
                    <HealthcheckString></HealthcheckString>
160
                    <FileName>react-hook-bundle.min.js</FileName>
161
                    <GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>
162
                    <GetAllEventsDelay>8000</GetAllEventsDelay>
163
                    <GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
164
                </FrameworkConfig>
165
                <FrameworkConfig>
166
                    <Name>OpenUI5</Name>
167
                    <DefaultConfigVersion>1</DefaultConfigVersion>
168
                    <Enabled>1</Enabled>
169
                    <HEAD>0</HEAD>
170
                    <DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>
171
                    <HealthcheckString></HealthcheckString>
172
                    <FileName>sap-open-ui5-hook-bundle.min.js</FileName>
173
                    <GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>
174
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
175
                    <GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>
176
                </FrameworkConfig>
177
                <FrameworkConfig>
178
                    <Name>Vue</Name>
179
                    <DefaultConfigVersion>1</DefaultConfigVersion>
180
                    <Enabled>1</Enabled>
181
                    <HEAD>0</HEAD>
182
                    <DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>
183
                    <HealthcheckString></HealthcheckString>
184
                    <FileName>vue-hook-bundle.min.js</FileName>
185
                    <GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>
186
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
187
                    <GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>
188
                </FrameworkConfig>
189
                <FrameworkConfig>
190
                    <Name>Ember</Name>
191
                    <DefaultConfigVersion>1</DefaultConfigVersion>
192
                    <Enabled>1</Enabled>
193
                    <HEAD>0</HEAD>
194
                    <DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>
195
                    <HealthcheckString></HealthcheckString>
196
                    <FileName>ember-hook-bundle.min.js</FileName>
197
                    <GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>
198
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
199
                    <GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>
200
                </FrameworkConfig>
201
                <FrameworkConfig>
202
                    <Name>Backbone</Name>
203
                    <DefaultConfigVersion>1</DefaultConfigVersion>
204
                    <Enabled>1</Enabled>
205
                    <HEAD>0</HEAD>
206
                    <DetectionRegex>(?-i)Backbone</DetectionRegex>
207
                    <HealthcheckString></HealthcheckString>
208
                    <FileName>backbone-hook-bundle.min.js</FileName>
209
                    <GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>
210
                    <GetAllEventsDelay>5000</GetAllEventsDelay>
211
                    <GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>
212
                </FrameworkConfig>
213
            </FrameworkConfigList>
214
        </FrameworksCrawlConfig>
215
        <SeedUrlList>
216
            <SeedUrl>
217
                <Value>http://www.webscantest.com/</Value>
218
            </SeedUrl>
219
        </SeedUrlList>
220
        <ScopeConstraintList>
221
            <ScopeConstraint>
222
                <URL>http://www.webscantest.com/*</URL>
223
                <Method>All</Method>
224
                <MatchCriteria>Wildcard</MatchCriteria>
225
                <Exclusion>Include</Exclusion>
226
            </ScopeConstraint>
227
            <ScopeConstraint>
228
                <URL>http://*.www.webscantest.com/*</URL>
229
                <Method>All</Method>
230
                <MatchCriteria>Wildcard</MatchCriteria>
231
                <Exclusion>Include</Exclusion>
232
            </ScopeConstraint>
233
        </ScopeConstraintList>
234
        <BlackListExtensionList>
235
            <BlackListExtension>
236
                <Value>css</Value>
237
            </BlackListExtension>
238
            <BlackListExtension>
239
                <Value>axd</Value>
240
            </BlackListExtension>
241
        </BlackListExtensionList>
242
        <GrayListExtensionList>
243
            <GrayListExtension>
244
                <Value>pdf</Value>
245
            </GrayListExtension>
246
            <GrayListExtension>
247
                <Value>doc</Value>
248
            </GrayListExtension>
249
            <GrayListExtension>
250
                <Value>jpg</Value>
251
            </GrayListExtension>
252
            <GrayListExtension>
253
                <Value>jpeg</Value>
254
            </GrayListExtension>
255
            <GrayListExtension>
256
                <Value>gif</Value>
257
            </GrayListExtension>
258
            <GrayListExtension>
259
                <Value>png</Value>
260
            </GrayListExtension>
261
            <GrayListExtension>
262
                <Value>bmp</Value>
263
            </GrayListExtension>
264
            <GrayListExtension>
265
                <Value>ico</Value>
266
            </GrayListExtension>
267
            <GrayListExtension>
268
                <Value>js</Value>
269
            </GrayListExtension>
270
            <GrayListExtension>
271
                <Value>tiff</Value>
272
            </GrayListExtension>
273
            <GrayListExtension>
274
                <Value>eot</Value>
275
            </GrayListExtension>
276
            <GrayListExtension>
277
                <Value>ttf</Value>
278
            </GrayListExtension>
279
            <GrayListExtension>
280
                <Value>mid</Value>
281
            </GrayListExtension>
282
            <GrayListExtension>
283
                <Value>midi</Value>
284
            </GrayListExtension>
285
            <GrayListExtension>
286
                <Value>mp3</Value>
287
            </GrayListExtension>
288
            <GrayListExtension>
289
                <Value>mpeg</Value>
290
            </GrayListExtension>
291
            <GrayListExtension>
292
                <Value>wav</Value>
293
            </GrayListExtension>
294
            <GrayListExtension>
295
                <Value>avi</Value>
296
            </GrayListExtension>
297
            <GrayListExtension>
298
                <Value>woff</Value>
299
            </GrayListExtension>
300
            <GrayListExtension>
301
                <Value>svg</Value>
302
            </GrayListExtension>
303
        </GrayListExtensionList>
304
        <BinaryExtensionList>
305
            <BinaryExtension>
306
                <Value>fla</Value>
307
            </BinaryExtension>
308
            <BinaryExtension>
309
                <Value>swf</Value>
310
            </BinaryExtension>
311
            <BinaryExtension>
312
                <Value>pdf</Value>
313
            </BinaryExtension>
314
            <BinaryExtension>
315
                <Value>doc</Value>
316
            </BinaryExtension>
317
            <BinaryExtension>
318
                <Value>jpg</Value>
319
            </BinaryExtension>
320
            <BinaryExtension>
321
                <Value>jpeg</Value>
322
            </BinaryExtension>
323
            <BinaryExtension>
324
                <Value>gif</Value>
325
            </BinaryExtension>
326
            <BinaryExtension>
327
                <Value>png</Value>
328
            </BinaryExtension>
329
            <BinaryExtension>
330
                <Value>bmp</Value>
331
            </BinaryExtension>
332
            <BinaryExtension>
333
                <Value>ico</Value>
334
            </BinaryExtension>
335
            <BinaryExtension>
336
                <Value>dll</Value>
337
            </BinaryExtension>
338
            <BinaryExtension>
339
                <Value>exe</Value>
340
            </BinaryExtension>
341
            <BinaryExtension>
342
                <Value>eot</Value>
343
            </BinaryExtension>
344
            <BinaryExtension>
345
                <Value>ttf</Value>
346
            </BinaryExtension>
347
            <BinaryExtension>
348
                <Value>mp3</Value>
349
            </BinaryExtension>
350
            <BinaryExtension>
351
                <Value>mp4</Value>
352
            </BinaryExtension>
353
            <BinaryExtension>
354
                <Value>wav</Value>
355
            </BinaryExtension>
356
            <BinaryExtension>
357
                <Value>woff</Value>
358
            </BinaryExtension>
359
            <BinaryExtension>
360
                <Value>svg</Value>
361
            </BinaryExtension>
362
        </BinaryExtensionList>
363
        <TextExtensionList>
364
            <TextExtension>
365
                <Value>txt</Value>
366
            </TextExtension>
367
            <TextExtension>
368
                <Value>js</Value>
369
            </TextExtension>
370
            <TextExtension>
371
                <Value>css</Value>
372
            </TextExtension>
373
            <TextExtension>
374
                <Value>json</Value>
375
            </TextExtension>
376
        </TextExtensionList>
377
        <BinaryContentTypeList>
378
            <BinaryContentType>
379
                <Value>audio/*</Value>
380
            </BinaryContentType>
381
            <BinaryContentType>
382
                <Value>image/*</Value>
383
            </BinaryContentType>
384
            <BinaryContentType>
385
                <Value>video/*</Value>
386
            </BinaryContentType>
387
            <BinaryContentType>
388
                <Value>application/pdf</Value>
389
            </BinaryContentType>
390
            <BinaryContentType>
391
                <Value>application/zip</Value>
392
            </BinaryContentType>
393
            <BinaryContentType>
394
                <Value>application/x-rar-compressed</Value>
395
            </BinaryContentType>
396
            <BinaryContentType>
397
                <Value>application/x-dvi</Value>
398
            </BinaryContentType>
399
            <BinaryContentType>
400
                <Value>application/x-shockwave-flash</Value>
401
            </BinaryContentType>
402
            <BinaryContentType>
403
                <Value>application/msword</Value>
404
            </BinaryContentType>
405
            <BinaryContentType>
406
                <Value>application/ogg</Value>
407
            </BinaryContentType>
408
            <BinaryContentType>
409
                <Value>application/x-tar</Value>
410
            </BinaryContentType>
411
            <BinaryContentType>
412
                <Value>application/octet-stream</Value>
413
            </BinaryContentType>
414
        </BinaryContentTypeList>
415
        <HTMLContentTypeList>
416
            <HTMLContentType>
417
                <Value>text/html</Value>
418
            </HTMLContentType>
419
            <HTMLContentType>
420
                <Value>html/*</Value>
421
            </HTMLContentType>
422
            <HTMLContentType>
423
                <Value>application/xhtml+xml</Value>
424
            </HTMLContentType>
425
        </HTMLContentTypeList>
426
        <TextContentTypeList>
427
            <TextContentType>
428
                <Value>text/plain</Value>
429
            </TextContentType>
430
            <TextContentType>
431
                <Value>text/csv</Value>
432
            </TextContentType>
433
            <TextContentType>
434
                <Value>text/css</Value>
435
            </TextContentType>
436
            <TextContentType>
437
                <Value>text/javascript</Value>
438
            </TextContentType>
439
            <TextContentType>
440
                <Value>application/javascript</Value>
441
            </TextContentType>
442
            <TextContentType>
443
                <Value>application/x-javascript</Value>
444
            </TextContentType>
445
            <TextContentType>
446
                <Value>application/json</Value>
447
            </TextContentType>
448
            <TextContentType>
449
                <Value>application/x-httpd-php-source</Value>
450
            </TextContentType>
451
        </TextContentTypeList>
452
        <XMLContentTypeList>
453
            <XMLContentType>
454
                <Value>application/xml-dtd</Value>
455
            </XMLContentType>
456
            <XMLContentType>
457
                <Value>text/xml</Value>
458
            </XMLContentType>
459
            <XMLContentType>
460
                <Value>application/soap+xml</Value>
461
            </XMLContentType>
462
            <XMLContentType>
463
                <Value>application/xml</Value>
464
            </XMLContentType>
465
        </XMLContentTypeList>
466
        <BrowserDownloadWhitelistList>
467
            <BrowserDownloadWhitelist>
468
                <Value>*.css</Value>
469
            </BrowserDownloadWhitelist>
470
            <BrowserDownloadWhitelist>
471
                <Value>*.js</Value>
472
            </BrowserDownloadWhitelist>
473
            <BrowserDownloadWhitelist>
474
                <Value>*.xml</Value>
475
            </BrowserDownloadWhitelist>
476
            <BrowserDownloadWhitelist>
477
                <Value>*.dtd</Value>
478
            </BrowserDownloadWhitelist>
479
            <BrowserDownloadWhitelist>
480
                <Value>*.axd</Value>
481
            </BrowserDownloadWhitelist>
482
            <BrowserDownloadWhitelist>
483
                <Value>*.json</Value>
484
            </BrowserDownloadWhitelist>
485
            <BrowserDownloadWhitelist>
486
                <Value>*/js/*</Value>
487
            </BrowserDownloadWhitelist>
488
            <BrowserDownloadWhitelist>
489
                <Value>*/css/*</Value>
490
            </BrowserDownloadWhitelist>
491
        </BrowserDownloadWhitelistList>
492
        <BrowserDoNotDownloadExtensionList>
493
            <BrowserDoNotDownloadExtension>
494
                <Value>pdf</Value>
495
            </BrowserDoNotDownloadExtension>
496
            <BrowserDoNotDownloadExtension>
497
                <Value>doc</Value>
498
            </BrowserDoNotDownloadExtension>
499
            <BrowserDoNotDownloadExtension>
500
                <Value>jpg</Value>
501
            </BrowserDoNotDownloadExtension>
502
            <BrowserDoNotDownloadExtension>
503
                <Value>jpeg</Value>
504
            </BrowserDoNotDownloadExtension>
505
            <BrowserDoNotDownloadExtension>
506
                <Value>gif</Value>
507
            </BrowserDoNotDownloadExtension>
508
            <BrowserDoNotDownloadExtension>
509
                <Value>png</Value>
510
            </BrowserDoNotDownloadExtension>
511
            <BrowserDoNotDownloadExtension>
512
                <Value>bmp</Value>
513
            </BrowserDoNotDownloadExtension>
514
            <BrowserDoNotDownloadExtension>
515
                <Value>ico</Value>
516
            </BrowserDoNotDownloadExtension>
517
            <BrowserDoNotDownloadExtension>
518
                <Value>exe</Value>
519
            </BrowserDoNotDownloadExtension>
520
            <BrowserDoNotDownloadExtension>
521
                <Value>swf</Value>
522
            </BrowserDoNotDownloadExtension>
523
            <BrowserDoNotDownloadExtension>
524
                <Value>mp3</Value>
525
            </BrowserDoNotDownloadExtension>
526
            <BrowserDoNotDownloadExtension>
527
                <Value>mp4</Value>
528
            </BrowserDoNotDownloadExtension>
529
            <BrowserDoNotDownloadExtension>
530
                <Value>wav</Value>
531
            </BrowserDoNotDownloadExtension>
532
            <BrowserDoNotDownloadExtension>
533
                <Value>eot</Value>
534
            </BrowserDoNotDownloadExtension>
535
            <BrowserDoNotDownloadExtension>
536
                <Value>ttf</Value>
537
            </BrowserDoNotDownloadExtension>
538
            <BrowserDoNotDownloadExtension>
539
                <Value>woff</Value>
540
            </BrowserDoNotDownloadExtension>
541
            <BrowserDoNotDownloadExtension>
542
                <Value>ico</Value>
543
            </BrowserDoNotDownloadExtension>
544
            <BrowserDoNotDownloadExtension>
545
                <Value>svg</Value>
546
            </BrowserDoNotDownloadExtension>
547
        </BrowserDoNotDownloadExtensionList>
548
        <BrowserDoNotDownloadContentTypeList>
549
            <BrowserDoNotDownloadContentType>
550
                <Value>audio/*</Value>
551
            </BrowserDoNotDownloadContentType>
552
            <BrowserDoNotDownloadContentType>
553
                <Value>image/*</Value>
554
            </BrowserDoNotDownloadContentType>
555
            <BrowserDoNotDownloadContentType>
556
                <Value>video/*</Value>
557
            </BrowserDoNotDownloadContentType>
558
            <BrowserDoNotDownloadContentType>
559
                <Value>application/pdf</Value>
560
            </BrowserDoNotDownloadContentType>
561
            <BrowserDoNotDownloadContentType>
562
                <Value>application/zip</Value>
563
            </BrowserDoNotDownloadContentType>
564
            <BrowserDoNotDownloadContentType>
565
                <Value>application/x-rar-compressed</Value>
566
            </BrowserDoNotDownloadContentType>
567
            <BrowserDoNotDownloadContentType>
568
                <Value>application/x-dvi</Value>
569
            </BrowserDoNotDownloadContentType>
570
            <BrowserDoNotDownloadContentType>
571
                <Value>application/x-shockwave-flash</Value>
572
            </BrowserDoNotDownloadContentType>
573
            <BrowserDoNotDownloadContentType>
574
                <Value>application/msword</Value>
575
            </BrowserDoNotDownloadContentType>
576
            <BrowserDoNotDownloadContentType>
577
                <Value>application/ogg</Value>
578
            </BrowserDoNotDownloadContentType>
579
            <BrowserDoNotDownloadContentType>
580
                <Value>application/x-tar</Value>
581
            </BrowserDoNotDownloadContentType>
582
            <BrowserDoNotDownloadContentType>
583
                <Value>application/octet-stream</Value>
584
            </BrowserDoNotDownloadContentType>
585
        </BrowserDoNotDownloadContentTypeList>
586
    </CrawlConfig>
587
    <AttackerConfig>
588
        <ParametersToAttackBeforeLimitingAttacks>100</ParametersToAttackBeforeLimitingAttacks>
589
        <LinksToAttackBeforeLimitingAttacks>20</LinksToAttackBeforeLimitingAttacks>
590
        <MaxSameNameParameterAttackPoints>10</MaxSameNameParameterAttackPoints>
591
        <MaxSameCookieParameterAttackPoints>5</MaxSameCookieParameterAttackPoints>
592
        <MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
593
        <MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
594
        <MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
595
        <ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
596
        <ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
597
        <MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>
598
        <MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>
599
        <ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>
600
        <OutOfBandHost></OutOfBandHost>
601
        <MaxSeverityForTrafficReduction>Low</MaxSeverityForTrafficReduction>
602
        <MinResponseSizeForTrafficReduction>204800</MinResponseSizeForTrafficReduction>
603
        <DefaultDoNotAttackParamList>
604
            <DefaultDoNotAttackParam>
605
                <ParameterName>
606
                    ^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$
607
                </ParameterName>
608
                <MatchCriteria>Regex</MatchCriteria>
609
            </DefaultDoNotAttackParam>
610
        </DefaultDoNotAttackParamList>
611
    </AttackerConfig>
612
    <AttackPolicyConfig>
613
        <Policy>All Modules</Policy>
614
        <AttackPrioritization>Smart</AttackPrioritization>
615
        <AttackDepth>Smart</AttackDepth>
616
        <EnableAdvancedAttacks>0</EnableAdvancedAttacks>
617
        <FalsePositiveRegex></FalsePositiveRegex>
618
        <FalsePositiveFindingRegex></FalsePositiveFindingRegex>
619
        <RootCauseIdExcludeList></RootCauseIdExcludeList>
620
        <AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
621
        <EnforceEncoding>0</EnforceEncoding>
622
        <AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
623
        <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
624
        <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
625
        <AttackModulePolicyList>
626
            <AttackModulePolicy>
627
                <Enabled>1</Enabled>
628
                <ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>
629
                <ModulePriority>High</ModulePriority>
630
                <Severity>Informational</Severity>
631
                <MaxVulnLimit>10</MaxVulnLimit>
632
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
633
                <MaxVarianceLimit>2</MaxVarianceLimit>
634
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
635
                <EnforceEncoding>0</EnforceEncoding>
636
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
637
                <AttackPoints>Web Site</AttackPoints>
638
                <ParameterLocations></ParameterLocations>
639
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
640
                <DisplayName>Anonymous Access</DisplayName>
641
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
642
            </AttackModulePolicy>
643
            <AttackModulePolicy>
644
                <Enabled>1</Enabled>
645
                <ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
646
                <ModulePriority>High</ModulePriority>
647
                <Severity>High</Severity>
648
                <MaxVulnLimit>100</MaxVulnLimit>
649
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
650
                <MaxVarianceLimit>3</MaxVarianceLimit>
651
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
652
                <EnforceEncoding>0</EnforceEncoding>
653
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
654
                <AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
655
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
656
                </ParameterLocations>
657
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
658
                <DisplayName>Apache Struts 2 Framework Checks</DisplayName>
659
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
660
            </AttackModulePolicy>
661
            <AttackModulePolicy>
662
                <Enabled>1</Enabled>
663
                <ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
664
                <ModulePriority>High</ModulePriority>
665
                <Severity>Informational</Severity>
666
                <MaxVulnLimit>100</MaxVulnLimit>
667
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
668
                <MaxVarianceLimit>3</MaxVarianceLimit>
669
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
670
                <EnforceEncoding>0</EnforceEncoding>
671
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
672
                <AttackPoints>Response Analysis</AttackPoints>
673
                <ParameterLocations></ParameterLocations>
674
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
675
                <DisplayName>Apache Struts Detection</DisplayName>
676
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
677
            </AttackModulePolicy>
678
            <AttackModulePolicy>
679
                <Enabled>1</Enabled>
680
                <ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
681
                <ModulePriority>High</ModulePriority>
682
                <Severity>High</Severity>
683
                <MaxVulnLimit>100</MaxVulnLimit>
684
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
685
                <MaxVarianceLimit>4</MaxVarianceLimit>
686
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
687
                <EnforceEncoding>0</EnforceEncoding>
688
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
689
                <AttackPoints>Parameter</AttackPoints>
690
                <ParameterLocations>Post</ParameterLocations>
691
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
692
                <DisplayName>Arbitrary File Upload</DisplayName>
693
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
694
            </AttackModulePolicy>
695
            <AttackModulePolicy>
696
                <Enabled>1</Enabled>
697
                <ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
698
                <ModulePriority>Medium</ModulePriority>
699
                <Severity>Low</Severity>
700
                <MaxVulnLimit>25</MaxVulnLimit>
701
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
702
                <MaxVarianceLimit>2</MaxVarianceLimit>
703
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
704
                <EnforceEncoding>0</EnforceEncoding>
705
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
706
                <AttackPoints>Directory</AttackPoints>
707
                <ParameterLocations></ParameterLocations>
708
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
709
                <DisplayName>ASP.NET Misconfiguration</DisplayName>
710
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
711
            </AttackModulePolicy>
712
            <AttackModulePolicy>
713
                <Enabled>1</Enabled>
714
                <ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>
715
                <ModulePriority>Medium</ModulePriority>
716
                <Severity>High</Severity>
717
                <MaxVulnLimit>25</MaxVulnLimit>
718
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
719
                <MaxVarianceLimit>4</MaxVarianceLimit>
720
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
721
                <EnforceEncoding>0</EnforceEncoding>
722
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
723
                <AttackPoints>Parameter</AttackPoints>
724
                <ParameterLocations>Post|Cookie</ParameterLocations>
725
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
726
                <DisplayName>ASP.NET Serialization</DisplayName>
727
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
728
            </AttackModulePolicy>
729
            <AttackModulePolicy>
730
                <Enabled>1</Enabled>
731
                <ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
732
                <ModulePriority>Medium</ModulePriority>
733
                <Severity>Low</Severity>
734
                <MaxVulnLimit>200</MaxVulnLimit>
735
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
736
                <MaxVarianceLimit>2</MaxVarianceLimit>
737
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
738
                <EnforceEncoding>0</EnforceEncoding>
739
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
740
                <AttackPoints>Response Analysis</AttackPoints>
741
                <ParameterLocations></ParameterLocations>
742
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
743
                <DisplayName>Autocomplete attribute</DisplayName>
744
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
745
            </AttackModulePolicy>
746
            <AttackModulePolicy>
747
                <Enabled>1</Enabled>
748
                <ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>
749
                <ModulePriority>High</ModulePriority>
750
                <Severity>High</Severity>
751
                <MaxVulnLimit>75</MaxVulnLimit>
752
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
753
                <MaxVarianceLimit>4</MaxVarianceLimit>
754
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
755
                <EnforceEncoding>0</EnforceEncoding>
756
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
757
                <AttackPoints>Parameter</AttackPoints>
758
                <ParameterLocations>Query|Post</ParameterLocations>
759
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
760
                <DisplayName>Blind LDAP Injection</DisplayName>
761
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
762
            </AttackModulePolicy>
763
            <AttackModulePolicy>
764
                <Enabled>1</Enabled>
765
                <ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
766
                <ModulePriority>Medium</ModulePriority>
767
                <Severity>Informational</Severity>
768
                <MaxVulnLimit>100</MaxVulnLimit>
769
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
770
                <MaxVarianceLimit>1</MaxVarianceLimit>
771
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
772
                <EnforceEncoding>0</EnforceEncoding>
773
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
774
                <AttackPoints>Response Analysis</AttackPoints>
775
                <ParameterLocations></ParameterLocations>
776
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
777
                <DisplayName>Browser Cache directive (web application performance)</DisplayName>
778
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
779
            </AttackModulePolicy>
780
            <AttackModulePolicy>
781
                <Enabled>1</Enabled>
782
                <ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
783
                <ModulePriority>Medium</ModulePriority>
784
                <Severity>Low</Severity>
785
                <MaxVulnLimit>150</MaxVulnLimit>
786
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
787
                <MaxVarianceLimit>4</MaxVarianceLimit>
788
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
789
                <EnforceEncoding>0</EnforceEncoding>
790
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
791
                <AttackPoints>Response Analysis</AttackPoints>
792
                <ParameterLocations></ParameterLocations>
793
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
794
                <DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>
795
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
796
            </AttackModulePolicy>
797
            <AttackModulePolicy>
798
                <Enabled>1</Enabled>
799
                <ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
800
                <ModulePriority>High</ModulePriority>
801
                <Severity>High</Severity>
802
                <MaxVulnLimit>5</MaxVulnLimit>
803
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
804
                <MaxVarianceLimit>2</MaxVarianceLimit>
805
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
806
                <EnforceEncoding>0</EnforceEncoding>
807
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
808
                <AttackPoints>Web Resource</AttackPoints>
809
                <ParameterLocations></ParameterLocations>
810
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
811
                <DisplayName>Brute Force (HTTP Auth)</DisplayName>
812
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
813
            </AttackModulePolicy>
814
            <AttackModulePolicy>
815
                <Enabled>1</Enabled>
816
                <ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
817
                <ModulePriority>High</ModulePriority>
818
                <Severity>High</Severity>
819
                <MaxVulnLimit>5</MaxVulnLimit>
820
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
821
                <MaxVarianceLimit>2</MaxVarianceLimit>
822
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
823
                <EnforceEncoding>0</EnforceEncoding>
824
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
825
                <AttackPoints>Parameter</AttackPoints>
826
                <ParameterLocations>Query|Post</ParameterLocations>
827
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
828
                <DisplayName>Brute Force (Form Auth)</DisplayName>
829
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
830
            </AttackModulePolicy>
831
            <AttackModulePolicy>
832
                <Enabled>1</Enabled>
833
                <ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
834
                <ModulePriority>High</ModulePriority>
835
                <Severity>High</Severity>
836
                <MaxVulnLimit>250</MaxVulnLimit>
837
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
838
                <MaxVarianceLimit>4</MaxVarianceLimit>
839
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
840
                <EnforceEncoding>0</EnforceEncoding>
841
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
842
                <AttackPoints>Parameter</AttackPoints>
843
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
844
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
845
                <DisplayName>Blind SQL</DisplayName>
846
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
847
            </AttackModulePolicy>
848
            <AttackModulePolicy>
849
                <Enabled>1</Enabled>
850
                <ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
851
                <ModulePriority>Low</ModulePriority>
852
                <Severity>Low</Severity>
853
                <MaxVulnLimit>100</MaxVulnLimit>
854
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
855
                <MaxVarianceLimit>4</MaxVarianceLimit>
856
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
857
                <EnforceEncoding>0</EnforceEncoding>
858
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
859
                <AttackPoints>Directory</AttackPoints>
860
                <ParameterLocations></ParameterLocations>
861
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
862
                <DisplayName>Clients Cross-Domain Policy Files</DisplayName>
863
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
864
            </AttackModulePolicy>
865
            <AttackModulePolicy>
866
                <Enabled>1</Enabled>
867
                <ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
868
                <ModulePriority>Low</ModulePriority>
869
                <Severity>Informational</Severity>
870
                <MaxVulnLimit>100</MaxVulnLimit>
871
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
872
                <MaxVarianceLimit>4</MaxVarianceLimit>
873
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
874
                <EnforceEncoding>0</EnforceEncoding>
875
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
876
                <AttackPoints>Response Analysis</AttackPoints>
877
                <ParameterLocations></ParameterLocations>
878
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
879
                <DisplayName>Information Disclosure in comments</DisplayName>
880
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
881
            </AttackModulePolicy>
882
            <AttackModulePolicy>
883
                <Enabled>1</Enabled>
884
                <ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
885
                <ModulePriority>Medium</ModulePriority>
886
                <Severity>Low</Severity>
887
                <MaxVulnLimit>50</MaxVulnLimit>
888
                <MaxPerWebSiteVulnLimit>20</MaxPerWebSiteVulnLimit>
889
                <MaxVarianceLimit>10</MaxVarianceLimit>
890
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
891
                <EnforceEncoding>0</EnforceEncoding>
892
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
893
                <AttackPoints>Response Analysis</AttackPoints>
894
                <ParameterLocations></ParameterLocations>
895
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
896
                <DisplayName>Cookie attributes</DisplayName>
897
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
898
            </AttackModulePolicy>
899
            <AttackModulePolicy>
900
                <Enabled>1</Enabled>
901
                <ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
902
                <ModulePriority>Low</ModulePriority>
903
                <Severity>Low</Severity>
904
                <MaxVulnLimit>100</MaxVulnLimit>
905
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
906
                <MaxVarianceLimit>5</MaxVarianceLimit>
907
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
908
                <EnforceEncoding>0</EnforceEncoding>
909
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
910
                <AttackPoints>Web Resource|Response Analysis</AttackPoints>
911
                <ParameterLocations></ParameterLocations>
912
                <RequestOriginations>AJAX</RequestOriginations>
913
                <DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>
914
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
915
            </AttackModulePolicy>
916
            <AttackModulePolicy>
917
                <Enabled>1</Enabled>
918
                <ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
919
                <ModulePriority>Low</ModulePriority>
920
                <Severity>Medium</Severity>
921
                <MaxVulnLimit>25</MaxVulnLimit>
922
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
923
                <MaxVarianceLimit>2</MaxVarianceLimit>
924
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
925
                <EnforceEncoding>0</EnforceEncoding>
926
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
927
                <AttackPoints>Response Analysis</AttackPoints>
928
                <ParameterLocations></ParameterLocations>
929
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
930
                <DisplayName>Credentials over an insecure channel</DisplayName>
931
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
932
            </AttackModulePolicy>
933
            <AttackModulePolicy>
934
                <Enabled>1</Enabled>
935
                <ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>
936
                <ModulePriority>Medium</ModulePriority>
937
                <Severity>Informational</Severity>
938
                <MaxVulnLimit>100</MaxVulnLimit>
939
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
940
                <MaxVarianceLimit>4</MaxVarianceLimit>
941
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
942
                <EnforceEncoding>0</EnforceEncoding>
943
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
944
                <AttackPoints>Response Analysis</AttackPoints>
945
                <ParameterLocations></ParameterLocations>
946
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
947
                <DisplayName>Content Security Policy Header</DisplayName>
948
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
949
            </AttackModulePolicy>
950
            <AttackModulePolicy>
951
                <Enabled>1</Enabled>
952
                <ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
953
                <ModulePriority>Low</ModulePriority>
954
                <Severity>Low</Severity>
955
                <MaxVulnLimit>250</MaxVulnLimit>
956
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
957
                <MaxVarianceLimit>2</MaxVarianceLimit>
958
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
959
                <EnforceEncoding>0</EnforceEncoding>
960
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
961
                <AttackPoints>Web Resource</AttackPoints>
962
                <ParameterLocations></ParameterLocations>
963
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
964
                <DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>
965
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
966
            </AttackModulePolicy>
967
            <AttackModulePolicy>
968
                <Enabled>0</Enabled>
969
                <ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
970
                <ModulePriority>Medium</ModulePriority>
971
                <Severity>Informational</Severity>
972
                <MaxVulnLimit>20</MaxVulnLimit>
973
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
974
                <MaxVarianceLimit>1</MaxVarianceLimit>
975
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
976
                <EnforceEncoding>0</EnforceEncoding>
977
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
978
                <AttackPoints>Directory</AttackPoints>
979
                <ParameterLocations></ParameterLocations>
980
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
981
                <DisplayName>Custom Directory Module</DisplayName>
982
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
983
            </AttackModulePolicy>
984
            <AttackModulePolicy>
985
                <Enabled>0</Enabled>
986
                <ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
987
                <ModulePriority>Medium</ModulePriority>
988
                <Severity>Informational</Severity>
989
                <MaxVulnLimit>20</MaxVulnLimit>
990
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
991
                <MaxVarianceLimit>1</MaxVarianceLimit>
992
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
993
                <EnforceEncoding>0</EnforceEncoding>
994
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
995
                <AttackPoints>Parameter</AttackPoints>
996
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
997
                </ParameterLocations>
998
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
999
                <DisplayName>Custom Parameter Module</DisplayName>
1000
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1001
            </AttackModulePolicy>
1002
            <AttackModulePolicy>
1003
                <Enabled>0</Enabled>
1004
                <ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
1005
                <ModulePriority>Medium</ModulePriority>
1006
                <Severity>Informational</Severity>
1007
                <MaxVulnLimit>20</MaxVulnLimit>
1008
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1009
                <MaxVarianceLimit>1</MaxVarianceLimit>
1010
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1011
                <EnforceEncoding>0</EnforceEncoding>
1012
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1013
                <AttackPoints>Response Analysis</AttackPoints>
1014
                <ParameterLocations></ParameterLocations>
1015
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1016
                <DisplayName>Custom Passive Module</DisplayName>
1017
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1018
            </AttackModulePolicy>
1019
            <AttackModulePolicy>
1020
                <Enabled>1</Enabled>
1021
                <ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
1022
                <ModulePriority>Medium</ModulePriority>
1023
                <Severity>Low</Severity>
1024
                <MaxVulnLimit>250</MaxVulnLimit>
1025
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1026
                <MaxVarianceLimit>1</MaxVarianceLimit>
1027
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1028
                <EnforceEncoding>0</EnforceEncoding>
1029
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1030
                <AttackPoints>Directory</AttackPoints>
1031
                <ParameterLocations></ParameterLocations>
1032
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1033
                <DisplayName>Directory Indexing</DisplayName>
1034
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1035
            </AttackModulePolicy>
1036
            <AttackModulePolicy>
1037
                <Enabled>1</Enabled>
1038
                <ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
1039
                <ModulePriority>Low</ModulePriority>
1040
                <Severity>Informational</Severity>
1041
                <MaxVulnLimit>150</MaxVulnLimit>
1042
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1043
                <MaxVarianceLimit>4</MaxVarianceLimit>
1044
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1045
                <EnforceEncoding>0</EnforceEncoding>
1046
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1047
                <AttackPoints>Response Analysis</AttackPoints>
1048
                <ParameterLocations></ParameterLocations>
1049
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1050
                <DisplayName>Email Disclosure</DisplayName>
1051
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1052
            </AttackModulePolicy>
1053
            <AttackModulePolicy>
1054
                <Enabled>1</Enabled>
1055
                <ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
1056
                <ModulePriority>High</ModulePriority>
1057
                <Severity>High</Severity>
1058
                <MaxVulnLimit>100</MaxVulnLimit>
1059
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1060
                <MaxVarianceLimit>4</MaxVarianceLimit>
1061
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1062
                <EnforceEncoding>0</EnforceEncoding>
1063
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1064
                <AttackPoints>Parameter</AttackPoints>
1065
                <ParameterLocations>Path|Query|Post</ParameterLocations>
1066
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1067
                <DisplayName>Expression Language Injection</DisplayName>
1068
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1069
            </AttackModulePolicy>
1070
            <AttackModulePolicy>
1071
                <Enabled>1</Enabled>
1072
                <ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
1073
                <ModulePriority>Low</ModulePriority>
1074
                <Severity>Low</Severity>
1075
                <MaxVulnLimit>100</MaxVulnLimit>
1076
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1077
                <MaxVarianceLimit>2</MaxVarianceLimit>
1078
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1079
                <EnforceEncoding>0</EnforceEncoding>
1080
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1081
                <AttackPoints>Parameter</AttackPoints>
1082
                <ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
1083
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1084
                <DisplayName>Forced Browsing</DisplayName>
1085
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1086
            </AttackModulePolicy>
1087
            <AttackModulePolicy>
1088
                <Enabled>1</Enabled>
1089
                <ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
1090
                <ModulePriority>Medium</ModulePriority>
1091
                <Severity>Low</Severity>
1092
                <MaxVulnLimit>200</MaxVulnLimit>
1093
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1094
                <MaxVarianceLimit>2</MaxVarianceLimit>
1095
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1096
                <EnforceEncoding>0</EnforceEncoding>
1097
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1098
                <AttackPoints>Response Analysis</AttackPoints>
1099
                <ParameterLocations></ParameterLocations>
1100
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1101
                <DisplayName>Sensitive Data Exposure</DisplayName>
1102
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1103
            </AttackModulePolicy>
1104
            <AttackModulePolicy>
1105
                <Enabled>1</Enabled>
1106
                <ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
1107
                <ModulePriority>High</ModulePriority>
1108
                <Severity>Low</Severity>
1109
                <MaxVulnLimit>5</MaxVulnLimit>
1110
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1111
                <MaxVarianceLimit>4</MaxVarianceLimit>
1112
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1113
                <EnforceEncoding>0</EnforceEncoding>
1114
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1115
                <AttackPoints>Web Resource</AttackPoints>
1116
                <ParameterLocations></ParameterLocations>
1117
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1118
                <DisplayName>Form Session Strength</DisplayName>
1119
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1120
            </AttackModulePolicy>
1121
            <AttackModulePolicy>
1122
                <Enabled>1</Enabled>
1123
                <ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
1124
                <ModulePriority>High</ModulePriority>
1125
                <Severity>High</Severity>
1126
                <MaxVulnLimit>25</MaxVulnLimit>
1127
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1128
                <MaxVarianceLimit>50</MaxVarianceLimit>
1129
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1130
                <EnforceEncoding>0</EnforceEncoding>
1131
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1132
                <AttackPoints>Web Site</AttackPoints>
1133
                <ParameterLocations></ParameterLocations>
1134
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1135
                <DisplayName>FrontPage Checks</DisplayName>
1136
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1137
            </AttackModulePolicy>
1138
            <AttackModulePolicy>
1139
                <Enabled>1</Enabled>
1140
                <ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
1141
                <ModulePriority>High</ModulePriority>
1142
                <Severity>High</Severity>
1143
                <MaxVulnLimit>25</MaxVulnLimit>
1144
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1145
                <MaxVarianceLimit>1</MaxVarianceLimit>
1146
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1147
                <EnforceEncoding>0</EnforceEncoding>
1148
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1149
                <AttackPoints>Web Site</AttackPoints>
1150
                <ParameterLocations></ParameterLocations>
1151
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1152
                <DisplayName>Heartbleed Check</DisplayName>
1153
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1154
            </AttackModulePolicy>
1155
            <AttackModulePolicy>
1156
                <Enabled>1</Enabled>
1157
                <ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
1158
                <ModulePriority>Low</ModulePriority>
1159
                <Severity>Informational</Severity>
1160
                <MaxVulnLimit>20</MaxVulnLimit>
1161
                <MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1162
                <MaxVarianceLimit>1</MaxVarianceLimit>
1163
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1164
                <EnforceEncoding>0</EnforceEncoding>
1165
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1166
                <AttackPoints>Response Analysis</AttackPoints>
1167
                <ParameterLocations></ParameterLocations>
1168
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1169
                <DisplayName>HTTP Strict Transport Security</DisplayName>
1170
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1171
            </AttackModulePolicy>
1172
            <AttackModulePolicy>
1173
                <Enabled>1</Enabled>
1174
                <ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
1175
                <ModulePriority>Low</ModulePriority>
1176
                <Severity>Low</Severity>
1177
                <MaxVulnLimit>20</MaxVulnLimit>
1178
                <MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
1179
                <MaxVarianceLimit>4</MaxVarianceLimit>
1180
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1181
                <EnforceEncoding>0</EnforceEncoding>
1182
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1183
                <AttackPoints>Response Analysis</AttackPoints>
1184
                <ParameterLocations></ParameterLocations>
1185
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1186
                <DisplayName>HTTP Authentication over insecure channel</DisplayName>
1187
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1188
            </AttackModulePolicy>
1189
            <AttackModulePolicy>
1190
                <Enabled>1</Enabled>
1191
                <ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
1192
                <ModulePriority>Low</ModulePriority>
1193
                <Severity>Low</Severity>
1194
                <MaxVulnLimit>200</MaxVulnLimit>
1195
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1196
                <MaxVarianceLimit>1</MaxVarianceLimit>
1197
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1198
                <EnforceEncoding>0</EnforceEncoding>
1199
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1200
                <AttackPoints>Web Resource</AttackPoints>
1201
                <ParameterLocations></ParameterLocations>
1202
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1203
                <DisplayName>HTTPS Downgrade</DisplayName>
1204
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1205
            </AttackModulePolicy>
1206
            <AttackModulePolicy>
1207
                <Enabled>1</Enabled>
1208
                <ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
1209
                <ModulePriority>Medium</ModulePriority>
1210
                <Severity>Informational</Severity>
1211
                <MaxVulnLimit>200</MaxVulnLimit>
1212
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1213
                <MaxVarianceLimit>4</MaxVarianceLimit>
1214
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1215
                <EnforceEncoding>0</EnforceEncoding>
1216
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1217
                <AttackPoints>Response Analysis</AttackPoints>
1218
                <ParameterLocations></ParameterLocations>
1219
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1220
                <DisplayName>HTTP Headers</DisplayName>
1221
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1222
            </AttackModulePolicy>
1223
            <AttackModulePolicy>
1224
                <Enabled>1</Enabled>
1225
                <ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
1226
                <ModulePriority>High</ModulePriority>
1227
                <Severity>High</Severity>
1228
                <MaxVulnLimit>200</MaxVulnLimit>
1229
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1230
                <MaxVarianceLimit>4</MaxVarianceLimit>
1231
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1232
                <EnforceEncoding>0</EnforceEncoding>
1233
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1234
                <AttackPoints>Parameter</AttackPoints>
1235
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1236
                </ParameterLocations>
1237
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1238
                <DisplayName>HTTP Response Splitting</DisplayName>
1239
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1240
            </AttackModulePolicy>
1241
            <AttackModulePolicy>
1242
                <Enabled>1</Enabled>
1243
                <ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>
1244
                <ModulePriority>Low</ModulePriority>
1245
                <Severity>Low</Severity>
1246
                <MaxVulnLimit>200</MaxVulnLimit>
1247
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1248
                <MaxVarianceLimit>1</MaxVarianceLimit>
1249
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1250
                <EnforceEncoding>0</EnforceEncoding>
1251
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1252
                <AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>
1253
                <ParameterLocations></ParameterLocations>
1254
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1255
                <DisplayName>HTTPS Everywhere</DisplayName>
1256
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1257
            </AttackModulePolicy>
1258
            <AttackModulePolicy>
1259
                <Enabled>1</Enabled>
1260
                <ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>
1261
                <ModulePriority>Low</ModulePriority>
1262
                <Severity>Informational</Severity>
1263
                <MaxVulnLimit>20</MaxVulnLimit>
1264
                <MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1265
                <MaxVarianceLimit>1</MaxVarianceLimit>
1266
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1267
                <EnforceEncoding>0</EnforceEncoding>
1268
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1269
                <AttackPoints>Web Resource</AttackPoints>
1270
                <ParameterLocations></ParameterLocations>
1271
                <RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1272
                <DisplayName>HTTP User-Agent Check</DisplayName>
1273
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1274
            </AttackModulePolicy>
1275
            <AttackModulePolicy>
1276
                <Enabled>1</Enabled>
1277
                <ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
1278
                <ModulePriority>Low</ModulePriority>
1279
                <Severity>Informational</Severity>
1280
                <MaxVulnLimit>500</MaxVulnLimit>
1281
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1282
                <MaxVarianceLimit>4</MaxVarianceLimit>
1283
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1284
                <EnforceEncoding>0</EnforceEncoding>
1285
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1286
                <AttackPoints>Response Analysis</AttackPoints>
1287
                <ParameterLocations></ParameterLocations>
1288
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1289
                <DisplayName>Information Disclosure in response</DisplayName>
1290
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1291
            </AttackModulePolicy>
1292
            <AttackModulePolicy>
1293
                <Enabled>1</Enabled>
1294
                <ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
1295
                <ModulePriority>High</ModulePriority>
1296
                <Severity>Low</Severity>
1297
                <MaxVulnLimit>500</MaxVulnLimit>
1298
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1299
                <MaxVarianceLimit>4</MaxVarianceLimit>
1300
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1301
                <EnforceEncoding>0</EnforceEncoding>
1302
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1303
                <AttackPoints>Response Analysis</AttackPoints>
1304
                <ParameterLocations></ParameterLocations>
1305
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1306
                <DisplayName>Information Leakage in responses</DisplayName>
1307
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1308
            </AttackModulePolicy>
1309
            <AttackModulePolicy>
1310
                <Enabled>1</Enabled>
1311
                <ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
1312
                <ModulePriority>Low</ModulePriority>
1313
                <Severity>Low</Severity>
1314
                <MaxVulnLimit>100</MaxVulnLimit>
1315
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1316
                <MaxVarianceLimit>4</MaxVarianceLimit>
1317
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1318
                <EnforceEncoding>0</EnforceEncoding>
1319
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1320
                <AttackPoints>Web Resource</AttackPoints>
1321
                <ParameterLocations></ParameterLocations>
1322
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1323
                <DisplayName>Java Grinder</DisplayName>
1324
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1325
            </AttackModulePolicy>
1326
            <AttackModulePolicy>
1327
                <Enabled>1</Enabled>
1328
                <ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>
1329
                <ModulePriority>Low</ModulePriority>
1330
                <Severity>Informational</Severity>
1331
                <MaxVulnLimit>100</MaxVulnLimit>
1332
                <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1333
                <MaxVarianceLimit>4</MaxVarianceLimit>
1334
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1335
                <EnforceEncoding>0</EnforceEncoding>
1336
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1337
                <AttackPoints>Response Analysis</AttackPoints>
1338
                <ParameterLocations></ParameterLocations>
1339
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1340
                <DisplayName>JavaScript Memory Leaks</DisplayName>
1341
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1342
            </AttackModulePolicy>
1343
            <AttackModulePolicy>
1344
                <Enabled>1</Enabled>
1345
                <ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
1346
                <ModulePriority>High</ModulePriority>
1347
                <Severity>High</Severity>
1348
                <MaxVulnLimit>100</MaxVulnLimit>
1349
                <MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
1350
                <MaxVarianceLimit>4</MaxVarianceLimit>
1351
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1352
                <EnforceEncoding>0</EnforceEncoding>
1353
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1354
                <AttackPoints>Parameter</AttackPoints>
1355
                <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1356
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1357
                <DisplayName>LDAP Injection</DisplayName>
1358
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1359
            </AttackModulePolicy>
1360
            <AttackModulePolicy>
1361
                <Enabled>1</Enabled>
1362
                <ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
1363
                <ModulePriority>High</ModulePriority>
1364
                <Severity>Informational</Severity>
1365
                <MaxVulnLimit>250</MaxVulnLimit>
1366
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1367
                <MaxVarianceLimit>4</MaxVarianceLimit>
1368
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1369
                <EnforceEncoding>0</EnforceEncoding>
1370
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1371
                <AttackPoints>Response Analysis</AttackPoints>
1372
                <ParameterLocations></ParameterLocations>
1373
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1374
                <DisplayName>Local Storage Usage</DisplayName>
1375
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1376
            </AttackModulePolicy>
1377
            <AttackModulePolicy>
1378
                <Enabled>1</Enabled>
1379
                <ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
1380
                <ModulePriority>Medium</ModulePriority>
1381
                <Severity>Low</Severity>
1382
                <MaxVulnLimit>100</MaxVulnLimit>
1383
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1384
                <MaxVarianceLimit>4</MaxVarianceLimit>
1385
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1386
                <EnforceEncoding>0</EnforceEncoding>
1387
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1388
                <AttackPoints>Parameter|Response Analysis</AttackPoints>
1389
                <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1390
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1391
                <DisplayName>Business logic abuse attacks</DisplayName>
1392
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1393
            </AttackModulePolicy>
1394
            <AttackModulePolicy>
1395
                <Enabled>1</Enabled>
1396
                <ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
1397
                <ModulePriority>High</ModulePriority>
1398
                <Severity>High</Severity>
1399
                <MaxVulnLimit>10</MaxVulnLimit>
1400
                <MaxPerWebSiteVulnLimit>1</MaxPerWebSiteVulnLimit>
1401
                <MaxVarianceLimit>1</MaxVarianceLimit>
1402
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1403
                <EnforceEncoding>0</EnforceEncoding>
1404
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1405
                <AttackPoints>Parameter</AttackPoints>
1406
                <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1407
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1408
                <DisplayName>Nginx NULL code</DisplayName>
1409
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1410
            </AttackModulePolicy>
1411
            <AttackModulePolicy>
1412
                <Enabled>1</Enabled>
1413
                <ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>
1414
                <ModulePriority>High</ModulePriority>
1415
                <Severity>High</Severity>
1416
                <MaxVulnLimit>500</MaxVulnLimit>
1417
                <MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1418
                <MaxVarianceLimit>4</MaxVarianceLimit>
1419
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1420
                <EnforceEncoding>0</EnforceEncoding>
1421
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1422
                <AttackPoints>Parameter</AttackPoints>
1423
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1424
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1425
                <DisplayName>NoSQLi Injection</DisplayName>
1426
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1427
            </AttackModulePolicy>
1428
            <AttackModulePolicy>
1429
                <Enabled>1</Enabled>
1430
                <ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>
1431
                <ModulePriority>High</ModulePriority>
1432
                <Severity>High</Severity>
1433
                <MaxVulnLimit>250</MaxVulnLimit>
1434
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1435
                <MaxVarianceLimit>4</MaxVarianceLimit>
1436
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1437
                <EnforceEncoding>0</EnforceEncoding>
1438
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1439
                <AttackPoints>Parameter</AttackPoints>
1440
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1441
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1442
                <DisplayName>Blind NoSQLi</DisplayName>
1443
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1444
            </AttackModulePolicy>
1445
            <AttackModulePolicy>
1446
                <Enabled>1</Enabled>
1447
                <ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
1448
                <ModulePriority>Medium</ModulePriority>
1449
                <Severity>High</Severity>
1450
                <MaxVulnLimit>200</MaxVulnLimit>
1451
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1452
                <MaxVarianceLimit>4</MaxVarianceLimit>
1453
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1454
                <EnforceEncoding>0</EnforceEncoding>
1455
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1456
                <AttackPoints>Parameter</AttackPoints>
1457
                <ParameterLocations>File|Path|Query|Post</ParameterLocations>
1458
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1459
                <DisplayName>OS Commanding</DisplayName>
1460
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1461
            </AttackModulePolicy>
1462
            <AttackModulePolicy>
1463
                <Enabled>1</Enabled>
1464
                <ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
1465
                <ModulePriority>High</ModulePriority>
1466
                <Severity>High</Severity>
1467
                <MaxVulnLimit>250</MaxVulnLimit>
1468
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1469
                <MaxVarianceLimit>5</MaxVarianceLimit>
1470
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1471
                <EnforceEncoding>0</EnforceEncoding>
1472
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1473
                <AttackPoints>Parameter</AttackPoints>
1474
                <ParameterLocations>Query|Post</ParameterLocations>
1475
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1476
                <DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>
1477
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1478
            </AttackModulePolicy>
1479
            <AttackModulePolicy>
1480
                <Enabled>1</Enabled>
1481
                <ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
1482
                <ModulePriority>High</ModulePriority>
1483
                <Severity>Medium</Severity>
1484
                <MaxVulnLimit>250</MaxVulnLimit>
1485
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1486
                <MaxVarianceLimit>5</MaxVarianceLimit>
1487
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1488
                <EnforceEncoding>0</EnforceEncoding>
1489
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1490
                <AttackPoints>Parameter</AttackPoints>
1491
                <ParameterLocations>Query|Post</ParameterLocations>
1492
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1493
                <DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>
1494
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1495
            </AttackModulePolicy>
1496
            <AttackModulePolicy>
1497
                <Enabled>1</Enabled>
1498
                <ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
1499
                <ModulePriority>High</ModulePriority>
1500
                <Severity>Medium</Severity>
1501
                <MaxVulnLimit>500</MaxVulnLimit>
1502
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1503
                <MaxVarianceLimit>4</MaxVarianceLimit>
1504
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1505
                <EnforceEncoding>0</EnforceEncoding>
1506
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1507
                <AttackPoints>Parameter</AttackPoints>
1508
                <ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1509
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1510
                <DisplayName>Parameter Fuzzing</DisplayName>
1511
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1512
            </AttackModulePolicy>
1513
            <AttackModulePolicy>
1514
                <Enabled>1</Enabled>
1515
                <ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
1516
                <ModulePriority>High</ModulePriority>
1517
                <Severity>Low</Severity>
1518
                <MaxVulnLimit>10</MaxVulnLimit>
1519
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1520
                <MaxVarianceLimit>2</MaxVarianceLimit>
1521
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1522
                <EnforceEncoding>0</EnforceEncoding>
1523
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1524
                <AttackPoints>Response Analysis</AttackPoints>
1525
                <ParameterLocations></ParameterLocations>
1526
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1527
                <DisplayName>Credentials stored in clear text in a cookie.</DisplayName>
1528
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1529
            </AttackModulePolicy>
1530
            <AttackModulePolicy>
1531
                <Enabled>1</Enabled>
1532
                <ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
1533
                <ModulePriority>Medium</ModulePriority>
1534
                <Severity>Informational</Severity>
1535
                <MaxVulnLimit>200</MaxVulnLimit>
1536
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1537
                <MaxVarianceLimit>10</MaxVarianceLimit>
1538
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1539
                <EnforceEncoding>0</EnforceEncoding>
1540
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1541
                <AttackPoints>Response Analysis</AttackPoints>
1542
                <ParameterLocations></ParameterLocations>
1543
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1544
                <DisplayName>Collecting Sensitive Personal Information</DisplayName>
1545
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1546
            </AttackModulePolicy>
1547
            <AttackModulePolicy>
1548
                <Enabled>1</Enabled>
1549
                <ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
1550
                <ModulePriority>High</ModulePriority>
1551
                <Severity>Medium</Severity>
1552
                <MaxVulnLimit>100</MaxVulnLimit>
1553
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1554
                <MaxVarianceLimit>4</MaxVarianceLimit>
1555
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1556
                <EnforceEncoding>0</EnforceEncoding>
1557
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1558
                <AttackPoints>Parameter</AttackPoints>
1559
                <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1560
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1561
                <DisplayName>PHP Code Execution</DisplayName>
1562
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1563
            </AttackModulePolicy>
1564
            <AttackModulePolicy>
1565
                <Enabled>1</Enabled>
1566
                <ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>
1567
                <ModulePriority>High</ModulePriority>
1568
                <Severity>Low</Severity>
1569
                <MaxVulnLimit>4</MaxVulnLimit>
1570
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1571
                <MaxVarianceLimit>4</MaxVarianceLimit>
1572
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1573
                <EnforceEncoding>0</EnforceEncoding>
1574
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1575
                <AttackPoints>Web Resource</AttackPoints>
1576
                <ParameterLocations></ParameterLocations>
1577
                <RequestOriginations>HTML</RequestOriginations>
1578
                <DisplayName>Privacy Policy Check</DisplayName>
1579
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1580
            </AttackModulePolicy>
1581
            <AttackModulePolicy>
1582
                <Enabled>1</Enabled>
1583
                <ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
1584
                <ModulePriority>Low</ModulePriority>
1585
                <Severity>Informational</Severity>
1586
                <MaxVulnLimit>250</MaxVulnLimit>
1587
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1588
                <MaxVarianceLimit>10</MaxVarianceLimit>
1589
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1590
                <EnforceEncoding>0</EnforceEncoding>
1591
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1592
                <AttackPoints>Response Analysis</AttackPoints>
1593
                <ParameterLocations></ParameterLocations>
1594
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1595
                <DisplayName>Privacy Disclosure</DisplayName>
1596
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1597
            </AttackModulePolicy>
1598
            <AttackModulePolicy>
1599
                <Enabled>1</Enabled>
1600
                <ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
1601
                <ModulePriority>Medium</ModulePriority>
1602
                <Severity>Low</Severity>
1603
                <MaxVulnLimit>10</MaxVulnLimit>
1604
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1605
                <MaxVarianceLimit>4</MaxVarianceLimit>
1606
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1607
                <EnforceEncoding>0</EnforceEncoding>
1608
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1609
                <AttackPoints>Web Resource|Response Analysis</AttackPoints>
1610
                <ParameterLocations></ParameterLocations>
1611
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1612
                <DisplayName>Privilege Escalation</DisplayName>
1613
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1614
            </AttackModulePolicy>
1615
            <AttackModulePolicy>
1616
                <Enabled>1</Enabled>
1617
                <ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
1618
                <ModulePriority>Low</ModulePriority>
1619
                <Severity>Informational</Severity>
1620
                <MaxVulnLimit>200</MaxVulnLimit>
1621
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1622
                <MaxVarianceLimit>4</MaxVarianceLimit>
1623
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1624
                <EnforceEncoding>0</EnforceEncoding>
1625
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1626
                <AttackPoints>Response Analysis</AttackPoints>
1627
                <ParameterLocations></ParameterLocations>
1628
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1629
                <DisplayName>Profanity</DisplayName>
1630
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1631
            </AttackModulePolicy>
1632
            <AttackModulePolicy>
1633
                <Enabled>1</Enabled>
1634
                <ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
1635
                <ModulePriority>Low</ModulePriority>
1636
                <Severity>Informational</Severity>
1637
                <MaxVulnLimit>500</MaxVulnLimit>
1638
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1639
                <MaxVarianceLimit>4</MaxVarianceLimit>
1640
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1641
                <EnforceEncoding>0</EnforceEncoding>
1642
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1643
                <AttackPoints>Parameter</AttackPoints>
1644
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
1645
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1646
                <DisplayName>Reflection</DisplayName>
1647
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1648
            </AttackModulePolicy>
1649
            <AttackModulePolicy>
1650
                <Enabled>1</Enabled>
1651
                <ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
1652
                <ModulePriority>Medium</ModulePriority>
1653
                <Severity>Medium</Severity>
1654
                <MaxVulnLimit>1000</MaxVulnLimit>
1655
                <MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1656
                <MaxVarianceLimit>4</MaxVarianceLimit>
1657
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1658
                <EnforceEncoding>0</EnforceEncoding>
1659
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1660
                <AttackPoints>Directory|File|Parameter</AttackPoints>
1661
                <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1662
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1663
                <DisplayName>File Inclusion</DisplayName>
1664
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1665
            </AttackModulePolicy>
1666
            <AttackModulePolicy>
1667
                <Enabled>1</Enabled>
1668
                <ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
1669
                <ModulePriority>Low</ModulePriority>
1670
                <Severity>Informational</Severity>
1671
                <MaxVulnLimit>50</MaxVulnLimit>
1672
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1673
                <MaxVarianceLimit>2</MaxVarianceLimit>
1674
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1675
                <EnforceEncoding>0</EnforceEncoding>
1676
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1677
                <AttackPoints>Web Resource</AttackPoints>
1678
                <ParameterLocations></ParameterLocations>
1679
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1680
                <DisplayName>HTTP Verb Tampering</DisplayName>
1681
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1682
            </AttackModulePolicy>
1683
            <AttackModulePolicy>
1684
                <Enabled>1</Enabled>
1685
                <ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
1686
                <ModulePriority>Low</ModulePriority>
1687
                <Severity>Low</Severity>
1688
                <MaxVulnLimit>200</MaxVulnLimit>
1689
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1690
                <MaxVarianceLimit>10</MaxVarianceLimit>
1691
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1692
                <EnforceEncoding>0</EnforceEncoding>
1693
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1694
                <AttackPoints>Web Site|Directory|File</AttackPoints>
1695
                <ParameterLocations></ParameterLocations>
1696
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1697
                <DisplayName>Predictable Resource Location</DisplayName>
1698
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1699
            </AttackModulePolicy>
1700
            <AttackModulePolicy>
1701
                <Enabled>1</Enabled>
1702
                <ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
1703
                <ModulePriority>Medium</ModulePriority>
1704
                <Severity>Medium</Severity>
1705
                <MaxVulnLimit>250</MaxVulnLimit>
1706
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1707
                <MaxVarianceLimit>4</MaxVarianceLimit>
1708
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1709
                <EnforceEncoding>0</EnforceEncoding>
1710
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1711
                <AttackPoints>Parameter</AttackPoints>
1712
                <ParameterLocations>Query</ParameterLocations>
1713
                <RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
1714
                <DisplayName>Reverse Clickjacking</DisplayName>
1715
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1716
            </AttackModulePolicy>
1717
            <AttackModulePolicy>
1718
                <Enabled>1</Enabled>
1719
                <ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
1720
                <ModulePriority>High</ModulePriority>
1721
                <Severity>Low</Severity>
1722
                <MaxVulnLimit>25</MaxVulnLimit>
1723
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1724
                <MaxVarianceLimit>1</MaxVarianceLimit>
1725
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1726
                <EnforceEncoding>0</EnforceEncoding>
1727
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1728
                <AttackPoints>Web Site</AttackPoints>
1729
                <ParameterLocations></ParameterLocations>
1730
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1731
                <DisplayName>Reverse Proxy</DisplayName>
1732
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1733
            </AttackModulePolicy>
1734
            <AttackModulePolicy>
1735
                <Enabled>1</Enabled>
1736
                <ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
1737
                <ModulePriority>Low</ModulePriority>
1738
                <Severity>Low</Severity>
1739
                <MaxVulnLimit>200</MaxVulnLimit>
1740
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1741
                <MaxVarianceLimit>4</MaxVarianceLimit>
1742
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1743
                <EnforceEncoding>0</EnforceEncoding>
1744
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1745
                <AttackPoints>Response Analysis</AttackPoints>
1746
                <ParameterLocations></ParameterLocations>
1747
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1748
                <DisplayName>Information Disclosure in scripts</DisplayName>
1749
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1750
            </AttackModulePolicy>
1751
            <AttackModulePolicy>
1752
                <Enabled>1</Enabled>
1753
                <ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
1754
                <ModulePriority>Low</ModulePriority>
1755
                <Severity>Informational</Severity>
1756
                <MaxVulnLimit>250</MaxVulnLimit>
1757
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1758
                <MaxVarianceLimit>3</MaxVarianceLimit>
1759
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1760
                <EnforceEncoding>0</EnforceEncoding>
1761
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1762
                <AttackPoints>Response Analysis</AttackPoints>
1763
                <ParameterLocations></ParameterLocations>
1764
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1765
                <DisplayName>Secure and non-secure content mix</DisplayName>
1766
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1767
            </AttackModulePolicy>
1768
            <AttackModulePolicy>
1769
                <Enabled>1</Enabled>
1770
                <ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
1771
                <ModulePriority>Low</ModulePriority>
1772
                <Severity>Low</Severity>
1773
                <MaxVulnLimit>100</MaxVulnLimit>
1774
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1775
                <MaxVarianceLimit>4</MaxVarianceLimit>
1776
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1777
                <EnforceEncoding>0</EnforceEncoding>
1778
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1779
                <AttackPoints>Response Analysis</AttackPoints>
1780
                <ParameterLocations></ParameterLocations>
1781
                <RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1782
                <DisplayName>Sensitive data over an insecure channel</DisplayName>
1783
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1784
            </AttackModulePolicy>
1785
            <AttackModulePolicy>
1786
                <Enabled>1</Enabled>
1787
                <ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
1788
                <ModulePriority>High</ModulePriority>
1789
                <Severity>Informational</Severity>
1790
                <MaxVulnLimit>10</MaxVulnLimit>
1791
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1792
                <MaxVarianceLimit>1</MaxVarianceLimit>
1793
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1794
                <EnforceEncoding>0</EnforceEncoding>
1795
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1796
                <AttackPoints>Web Site|Response Analysis</AttackPoints>
1797
                <ParameterLocations></ParameterLocations>
1798
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1799
                <DisplayName>Server Configuration</DisplayName>
1800
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1801
            </AttackModulePolicy>
1802
            <AttackModulePolicy>
1803
                <Enabled>1</Enabled>
1804
                <ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
1805
                <ModulePriority>Medium</ModulePriority>
1806
                <Severity>Medium</Severity>
1807
                <MaxVulnLimit>150</MaxVulnLimit>
1808
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1809
                <MaxVarianceLimit>4</MaxVarianceLimit>
1810
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1811
                <EnforceEncoding>0</EnforceEncoding>
1812
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1813
                <AttackPoints>Parameter</AttackPoints>
1814
                <ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1815
                </ParameterLocations>
1816
                <RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1817
                <DisplayName>Server Side Include (SSI) Injection</DisplayName>
1818
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1819
            </AttackModulePolicy>
1820
            <AttackModulePolicy>
1821
                <Enabled>1</Enabled>
1822
                <ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>
1823
                <ModulePriority>High</ModulePriority>
1824
                <Severity>High</Severity>
1825
                <MaxVulnLimit>250</MaxVulnLimit>
1826
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1827
                <MaxVarianceLimit>4</MaxVarianceLimit>
1828
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1829
                <EnforceEncoding>0</EnforceEncoding>
1830
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1831
                <AttackPoints>Directory|File|Parameter</AttackPoints>
1832
                <ParameterLocations>Query|Post|Cookie</ParameterLocations>
1833
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1834
                <DisplayName>Server Side Request Forgery</DisplayName>
1835
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1836
            </AttackModulePolicy>
1837
            <AttackModulePolicy>
1838
                <Enabled>1</Enabled>
1839
                <ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>
1840
                <ModulePriority>High</ModulePriority>
1841
                <Severity>High</Severity>
1842
                <MaxVulnLimit>200</MaxVulnLimit>
1843
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1844
                <MaxVarianceLimit>4</MaxVarianceLimit>
1845
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1846
                <EnforceEncoding>0</EnforceEncoding>
1847
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1848
                <AttackPoints>Parameter</AttackPoints>
1849
                <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1850
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1851
                <DisplayName>Server Side Template Injection</DisplayName>
1852
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1853
            </AttackModulePolicy>
1854
            <AttackModulePolicy>
1855
                <Enabled>1</Enabled>
1856
                <ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
1857
                <ModulePriority>High</ModulePriority>
1858
                <Severity>Medium</Severity>
1859
                <MaxVulnLimit>25</MaxVulnLimit>
1860
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1861
                <MaxVarianceLimit>2</MaxVarianceLimit>
1862
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1863
                <EnforceEncoding>0</EnforceEncoding>
1864
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1865
                <AttackPoints>Web Resource</AttackPoints>
1866
                <ParameterLocations></ParameterLocations>
1867
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1868
                <DisplayName>Session Fixation</DisplayName>
1869
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1870
            </AttackModulePolicy>
1871
            <AttackModulePolicy>
1872
                <Enabled>1</Enabled>
1873
                <ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>
1874
                <ModulePriority>Low</ModulePriority>
1875
                <Severity>Low</Severity>
1876
                <MaxVulnLimit>10</MaxVulnLimit>
1877
                <MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1878
                <MaxVarianceLimit>1</MaxVarianceLimit>
1879
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1880
                <EnforceEncoding>0</EnforceEncoding>
1881
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1882
                <AttackPoints>Parameter</AttackPoints>
1883
                <ParameterLocations>Directory|Path|Query</ParameterLocations>
1884
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1885
                <DisplayName>HTTP Query Session Check</DisplayName>
1886
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1887
            </AttackModulePolicy>
1888
            <AttackModulePolicy>
1889
                <Enabled>1</Enabled>
1890
                <ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
1891
                <ModulePriority>Medium</ModulePriority>
1892
                <Severity>Low</Severity>
1893
                <MaxVulnLimit>10</MaxVulnLimit>
1894
                <MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1895
                <MaxVarianceLimit>4</MaxVarianceLimit>
1896
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1897
                <EnforceEncoding>0</EnforceEncoding>
1898
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1899
                <AttackPoints>Web Resource</AttackPoints>
1900
                <ParameterLocations></ParameterLocations>
1901
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1902
                <DisplayName>Session Strength</DisplayName>
1903
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1904
            </AttackModulePolicy>
1905
            <AttackModulePolicy>
1906
                <Enabled>1</Enabled>
1907
                <ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>
1908
                <ModulePriority>Medium</ModulePriority>
1909
                <Severity>Low</Severity>
1910
                <MaxVulnLimit>50</MaxVulnLimit>
1911
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1912
                <MaxVarianceLimit>4</MaxVarianceLimit>
1913
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1914
                <EnforceEncoding>0</EnforceEncoding>
1915
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1916
                <AttackPoints>Response Analysis</AttackPoints>
1917
                <ParameterLocations></ParameterLocations>
1918
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1919
                <DisplayName>Session Upgrade</DisplayName>
1920
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1921
            </AttackModulePolicy>
1922
            <AttackModulePolicy>
1923
                <Enabled>1</Enabled>
1924
                <ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
1925
                <ModulePriority>Low</ModulePriority>
1926
                <Severity>Medium</Severity>
1927
                <MaxVulnLimit>100</MaxVulnLimit>
1928
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1929
                <MaxVarianceLimit>4</MaxVarianceLimit>
1930
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1931
                <EnforceEncoding>0</EnforceEncoding>
1932
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1933
                <AttackPoints>File</AttackPoints>
1934
                <ParameterLocations></ParameterLocations>
1935
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1936
                <DisplayName>Source Code Disclosure</DisplayName>
1937
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1938
            </AttackModulePolicy>
1939
            <AttackModulePolicy>
1940
                <Enabled>1</Enabled>
1941
                <ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
1942
                <ModulePriority>High</ModulePriority>
1943
                <Severity>Low</Severity>
1944
                <MaxVulnLimit>250</MaxVulnLimit>
1945
                <MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1946
                <MaxVarianceLimit>4</MaxVarianceLimit>
1947
                <PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1948
                <EnforceEncoding>0</EnforceEncoding>
1949
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1950
                <AttackPoints>Response Analysis</AttackPoints>
1951
                <ParameterLocations></ParameterLocations>
1952
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1953
                <DisplayName>SQL Information Leakage</DisplayName>
1954
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1955
            </AttackModulePolicy>
1956
            <AttackModulePolicy>
1957
                <Enabled>1</Enabled>
1958
                <ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
1959
                <ModulePriority>High</ModulePriority>
1960
                <Severity>High</Severity>
1961
                <MaxVulnLimit>500</MaxVulnLimit>
1962
                <MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1963
                <MaxVarianceLimit>4</MaxVarianceLimit>
1964
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1965
                <EnforceEncoding>0</EnforceEncoding>
1966
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1967
                <AttackPoints>Parameter</AttackPoints>
1968
                <ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1969
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1970
                <DisplayName>SQL Injection</DisplayName>
1971
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1972
            </AttackModulePolicy>
1973
            <AttackModulePolicy>
1974
                <Enabled>1</Enabled>
1975
                <ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
1976
                <ModulePriority>High</ModulePriority>
1977
                <Severity>High</Severity>
1978
                <MaxVulnLimit>25</MaxVulnLimit>
1979
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1980
                <MaxVarianceLimit>4</MaxVarianceLimit>
1981
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1982
                <EnforceEncoding>0</EnforceEncoding>
1983
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
1984
                <AttackPoints>Parameter</AttackPoints>
1985
                <ParameterLocations>Path|Query|Post</ParameterLocations>
1986
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1987
                <DisplayName>SQL Injection Auth Bypass</DisplayName>
1988
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1989
            </AttackModulePolicy>
1990
            <AttackModulePolicy>
1991
                <Enabled>1</Enabled>
1992
                <ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
1993
                <ModulePriority>Medium</ModulePriority>
1994
                <Severity>Medium</Severity>
1995
                <MaxVulnLimit>100</MaxVulnLimit>
1996
                <MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1997
                <MaxVarianceLimit>4</MaxVarianceLimit>
1998
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1999
                <EnforceEncoding>0</EnforceEncoding>
2000
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2001
                <AttackPoints>Response Analysis</AttackPoints>
2002
                <ParameterLocations></ParameterLocations>
2003
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2004
                <DisplayName>SQL Parameter Check</DisplayName>
2005
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2006
            </AttackModulePolicy>
2007
            <AttackModulePolicy>
2008
                <Enabled>1</Enabled>
2009
                <ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
2010
                <ModulePriority>Medium</ModulePriority>
2011
                <Severity>Informational</Severity>
2012
                <MaxVulnLimit>25</MaxVulnLimit>
2013
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2014
                <MaxVarianceLimit>100</MaxVarianceLimit>
2015
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2016
                <EnforceEncoding>0</EnforceEncoding>
2017
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2018
                <AttackPoints>Web Site</AttackPoints>
2019
                <ParameterLocations></ParameterLocations>
2020
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2021
                <DisplayName>SSL Strength</DisplayName>
2022
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2023
            </AttackModulePolicy>
2024
            <AttackModulePolicy>
2025
                <Enabled>1</Enabled>
2026
                <ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
2027
                <ModulePriority>Medium</ModulePriority>
2028
                <Severity>Informational</Severity>
2029
                <MaxVulnLimit>50</MaxVulnLimit>
2030
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2031
                <MaxVarianceLimit>20</MaxVarianceLimit>
2032
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2033
                <EnforceEncoding>0</EnforceEncoding>
2034
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2035
                <AttackPoints>Web Site</AttackPoints>
2036
                <ParameterLocations></ParameterLocations>
2037
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2038
                <DisplayName>Subdomain discovery</DisplayName>
2039
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2040
            </AttackModulePolicy>
2041
            <AttackModulePolicy>
2042
                <Enabled>1</Enabled>
2043
                <ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>
2044
                <ModulePriority>Low</ModulePriority>
2045
                <Severity>Low</Severity>
2046
                <MaxVulnLimit>100</MaxVulnLimit>
2047
                <MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2048
                <MaxVarianceLimit>4</MaxVarianceLimit>
2049
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2050
                <EnforceEncoding>0</EnforceEncoding>
2051
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2052
                <AttackPoints>Response Analysis</AttackPoints>
2053
                <ParameterLocations></ParameterLocations>
2054
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
2055
                <DisplayName>Subresource Integrity</DisplayName>
2056
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2057
            </AttackModulePolicy>
2058
            <AttackModulePolicy>
2059
                <Enabled>1</Enabled>
2060
                <ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
2061
                <ModulePriority>High</ModulePriority>
2062
                <Severity>Medium</Severity>
2063
                <MaxVulnLimit>40</MaxVulnLimit>
2064
                <MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2065
                <MaxVarianceLimit>4</MaxVarianceLimit>
2066
                <PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2067
                <EnforceEncoding>0</EnforceEncoding>
2068
                <ApplyPolicySeverity>0</ApplyPolicySeverity>
2069
                <AttackPoints>Parameter</AttackPoints>
2070
                <ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2071
                <RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2072
                <DisplayName>Unvalidated Redirect</DisplayName>
2073
                <MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2074
            </AttackModulePolicy>