Scan Config XML Breakout

Scan Config XML Breakout

Below is a sample of an XML config as well as a breakout of all XML elements contained in a scan config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.

- Contains all elements of the config to be submitted.

Caution

All elements must be submitted for the XML to be considered a "well-formed" request. Failure to include any element will result in the request being dropped

</<Name - Sets the name for the config - Identifies which version of AppSpider the config was written for (defaults to 6.0) - Binary field to tell the engine to enable or disable logging (defaults to "1") 1 - Enables Logging 2 - Disables Logging Binary field to tell the engine to enable or disable

xml
1
<ScanConfig>
2
<Name>Webscantest</Name>
3
<AppVersion>6.0</AppVersion>
4
<Log>1</Log>
5
<DetailedLogging>0</DetailedLogging>
6
<IncludeTraffic>0</IncludeTraffic>
7
<WindowsErrors>0</WindowsErrors>
8
<UseSystemDsn>0</UseSystemDsn>
9
<Recrawl>0</Recrawl>
10
<PauseOnRecoverableError>1</PauseOnRecoverableError>
11
<ExecuteCommandLineURL></ExecuteCommandLineURL>
12
<NotifyScanDoneURL></NotifyScanDoneURL>
13
<JavaScriptEngine>Internet Explorer</JavaScriptEngine>
14
<MaxDatabaseSize>1073741824</MaxDatabaseSize>
15
<MaxTrafficFiles>0</MaxTrafficFiles>
16
<ScanModuleParametersList />
17
<DomainNameList />
18
<CrawlConfig>
19
<MaxDomain>100</MaxDomain>
20
<MaxCrawlResults>5000</MaxCrawlResults>
21
<MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
22
<MaxPerDirCrawlResults>500</MaxPerDirCrawlResults>
23
<MaxPerLinkCrawlResults>50</MaxPerLinkCrawlResults>
24
<MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
25
<MaxPerDirChildNodes>300</MaxPerDirChildNodes>
26
<MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
27
<MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
28
<MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
29
<RecursionDepth>2</RecursionDepth>
30
<MaxDirDepth>10</MaxDirDepth>
31
<DiscoveryDepth>-1</DiscoveryDepth>
32
<UrlRepetitionTolerance>25</UrlRepetitionTolerance>
33
<SequenceRepetitionTolerance>5</SequenceRepetitionTolerance>
34
<MaxReportedImages>500</MaxReportedImages>
35
<MaxReportedLinks>2500</MaxReportedLinks>
36
<MaxReportedComments>500</MaxReportedComments>
37
<MaxReportedScripts>500</MaxReportedScripts>
38
<MaxReportedEmails>500</MaxReportedEmails>
39
<MaxReportedForms>500</MaxReportedForms>
40
<MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
41
<MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
42
<MaxBrowserDOMDepth>4</MaxBrowserDOMDepth>
43
<MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
44
<MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
45
<MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
46
<MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
47
<NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
48
<MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
49
<CrawlPrioritization>Smart</CrawlPrioritization>
50
<FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
51
<ServerErrorRegex></ServerErrorRegex>
52
<InvalidURLRegexAttack>
53
<![CDATA[['\"\\(\\)<>]|\\d([-+]|%2[bd])\\d|repeat\\(|alert\\(|/x\\w{7}\\.txt]]>
54
</InvalidURLRegexAttack>
55
<InvalidURLRegexCrawl>
56
<![CDATA[((\\s|%20)(OR|AND|MOD|ASC|DESC)(\\s|%20)|(<|%3c)(a|div|script|style|iframe|img)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\\?C=M)]]>
57
</InvalidURLRegexCrawl>
58
<LockCookies>0</LockCookies>
59
<CaseSensitivity>Case Sensitive</CaseSensitivity>
60
<UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
61
<SaveReferences>0</SaveReferences>
62
<UseBrowser>1</UseBrowser>
63
<ShowBrowser>0</ShowBrowser>
64
<StayOnPort>0</StayOnPort>
65
<RestrictToMacro>0</RestrictToMacro>
66
<RestrictToManualCrawling>0</RestrictToManualCrawling>
67
<RestrictToSeedList>0</RestrictToSeedList>
68
<RestrictToWebService>0</RestrictToWebService>
69
<RestrictToSelenium>0</RestrictToSelenium>
70
<ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
71
<PageEqualThreshhold>0.95</PageEqualThreshhold>
72
<PageSimilarThreshhold>0.8</PageSimilarThreshhold>
73
<ExperimentalCrawling>Disabled</ExperimentalCrawling>
74
<Flash>1</Flash>
75
<EnableAdvancedParsers>1</EnableAdvancedParsers>
76
<SearchForUrls>1</SearchForUrls>
77
<CookieCommaSeparator>1</CookieCommaSeparator>
78
<MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
79
<SeedUrlList>
80
<SeedUrl>
81
<Value>http://webscantest.com:80/</Value>
82
</SeedUrl>
83
</SeedUrlList>
84
<ScopeConstraintList>
85
<ScopeConstraint>
86
<URL>http://webscantest.com:80/*</URL>
87
<Method>All</Method>
88
<MatchCriteria>Wildcard</MatchCriteria>
89
<Exclusion>Include</Exclusion>
90
<HttpParameterList />
91
</ScopeConstraint>
92
<ScopeConstraint>
93
<URL>http://*.webscantest.com:80/*</URL>
94
<Method>All</Method>
95
<MatchCriteria>Wildcard</MatchCriteria>
96
<Exclusion>Include</Exclusion>
97
<HttpParameterList />
98
</ScopeConstraint>
99
</ScopeConstraintList>
100
<BlackListExtensionList>
101
<BlackListExtension>
102
<Value>css</Value>
103
</BlackListExtension>
104
<BlackListExtension>
105
<Value>axd</Value>
106
</BlackListExtension>
107
</BlackListExtensionList>
108
<GrayListExtensionList>
109
<GrayListExtension>
110
<Value>pdf</Value>
111
</GrayListExtension>
112
<GrayListExtension>
113
<Value>doc</Value>
114
</GrayListExtension>
115
<GrayListExtension>
116
<Value>jpg</Value>
117
</GrayListExtension>
118
<GrayListExtension>
119
<Value>jpeg</Value>
120
</GrayListExtension>
121
<GrayListExtension>
122
<Value>gif</Value>
123
</GrayListExtension>
124
<GrayListExtension>
125
<Value>png</Value>
126
</GrayListExtension>
127
<GrayListExtension>
128
<Value>bmp</Value>
129
</GrayListExtension>
130
<GrayListExtension>
131
<Value>ico</Value>
132
</GrayListExtension>
133
<GrayListExtension>
134
<Value>js</Value>
135
</GrayListExtension>
136
</GrayListExtensionList>
137
<BinaryExtensionList>
138
<BinaryExtension>
139
<Value>fla</Value>
140
</BinaryExtension>
141
<BinaryExtension>
142
<Value>swf</Value>
143
</BinaryExtension>
144
<BinaryExtension>
145
<Value>pdf</Value>
146
</BinaryExtension>
147
<BinaryExtension>
148
<Value>doc</Value>
149
</BinaryExtension>
150
<BinaryExtension>
151
<Value>jpg</Value>
152
</BinaryExtension>
153
<BinaryExtension>
154
<Value>jpeg</Value>
155
</BinaryExtension>
156
<BinaryExtension>
157
<Value>gif</Value>
158
</BinaryExtension>
159
<BinaryExtension>
160
<Value>png</Value>
161
</BinaryExtension>
162
<BinaryExtension>
163
<Value>bmp</Value>
164
</BinaryExtension>
165
<BinaryExtension>
166
<Value>ico</Value>
167
</BinaryExtension>
168
<BinaryExtension>
169
<Value>dll</Value>
170
</BinaryExtension>
171
<BinaryExtension>
172
<Value>exe</Value>
173
</BinaryExtension>
174
<BinaryExtension>
175
<Value>eot</Value>
176
</BinaryExtension>
177
<BinaryExtension>
178
<Value>ttf</Value>
179
</BinaryExtension>
180
<BinaryExtension>
181
<Value>mp3</Value>
182
</BinaryExtension>
183
<BinaryExtension>
184
<Value>mp4</Value>
185
</BinaryExtension>
186
<BinaryExtension>
187
<Value>wav</Value>
188
</BinaryExtension>
189
<BinaryExtension>
190
<Value>woff</Value>
191
</BinaryExtension>
192
<BinaryExtension>
193
<Value>svg</Value>
194
</BinaryExtension>
195
</BinaryExtensionList>
196
<TextExtensionList>
197
<TextExtension>
198
<Value>txt</Value>
199
</TextExtension>
200
<TextExtension>
201
<Value>js</Value>
202
</TextExtension>
203
<TextExtension>
204
<Value>css</Value>
205
</TextExtension>
206
<TextExtension>
207
<Value>json</Value>
208
</TextExtension>
209
</TextExtensionList>
210
<BinaryContentTypeList>
211
<BinaryContentType>
212
<Value>audio/*</Value>
213
</BinaryContentType>
214
<BinaryContentType>
215
<Value>image/*</Value>
216
</BinaryContentType>
217
<BinaryContentType>
218
<Value>video/*</Value>
219
</BinaryContentType>
220
<BinaryContentType>
221
<Value>application/pdf</Value>
222
</BinaryContentType>
223
<BinaryContentType>
224
<Value>application/zip</Value>
225
</BinaryContentType>
226
<BinaryContentType>
227
<Value>application/x-rar-compressed</Value>
228
</BinaryContentType>
229
<BinaryContentType>
230
<Value>application/x-dvi</Value>
231
</BinaryContentType>
232
<BinaryContentType>
233
<Value>application/x-shockwave-flash</Value>
234
</BinaryContentType>
235
<BinaryContentType>
236
<Value>application/msword</Value>
237
</BinaryContentType>
238
<BinaryContentType>
239
<Value>application/ogg</Value>
240
</BinaryContentType>
241
<BinaryContentType>
242
<Value>application/x-tar</Value>
243
</BinaryContentType>
244
<BinaryContentType>
245
<Value>application/octet-stream</Value>
246
</BinaryContentType>
247
</BinaryContentTypeList>
248
<HTMLContentTypeList>
249
<HTMLContentType>
250
<Value>text/html</Value>
251
</HTMLContentType>
252
<HTMLContentType>
253
<Value>html/*</Value>
254
</HTMLContentType>
255
<HTMLContentType>
256
<Value>application/xhtml+xml</Value>
257
</HTMLContentType>
258
</HTMLContentTypeList>
259
<TextContentTypeList>
260
<TextContentType>
261
<Value>text/plain</Value>
262
</TextContentType>
263
<TextContentType>
264
<Value>text/csv</Value>
265
</TextContentType>
266
<TextContentType>
267
<Value>text/css</Value>
268
</TextContentType>
269
<TextContentType>
270
<Value>text/javascript</Value>
271
</TextContentType>
272
<TextContentType>
273
<Value>application/javascript</Value>
274
</TextContentType>
275
<TextContentType>
276
<Value>application/x-javascript</Value>
277
</TextContentType>
278
<TextContentType>
279
<Value>application/json</Value>
280
</TextContentType>
281
<TextContentType>
282
<Value>application/x-httpd-php-source</Value>
283
</TextContentType>
284
</TextContentTypeList>
285
<XMLContentTypeList>
286
<XMLContentType>
287
<Value>application/xml-dtd</Value>
288
</XMLContentType>
289
<XMLContentType>
290
<Value>text/xml</Value>
291
</XMLContentType>
292
<XMLContentType>
293
<Value>application/soap+xml</Value>
294
</XMLContentType>
295
<XMLContentType>
296
<Value>application/xml</Value>
297
</XMLContentType>
298
</XMLContentTypeList>
299
<BrowserDownloadWhitelistList>
300
<BrowserDownloadWhitelist>
301
<Value>*.css</Value>
302
</BrowserDownloadWhitelist>
303
<BrowserDownloadWhitelist>
304
<Value>*.js</Value>
305
</BrowserDownloadWhitelist>
306
<BrowserDownloadWhitelist>
307
<Value>*.xml</Value>
308
</BrowserDownloadWhitelist>
309
<BrowserDownloadWhitelist>
310
<Value>*.dtd</Value>
311
</BrowserDownloadWhitelist>
312
<BrowserDownloadWhitelist>
313
<Value>*.axd</Value>
314
</BrowserDownloadWhitelist>
315
<BrowserDownloadWhitelist>
316
<Value>*.json</Value>
317
</BrowserDownloadWhitelist>
318
<BrowserDownloadWhitelist>
319
<Value>*/js/*</Value>
320
</BrowserDownloadWhitelist>
321
<BrowserDownloadWhitelist>
322
<Value>*/css/*</Value>
323
</BrowserDownloadWhitelist>
324
</BrowserDownloadWhitelistList>
325
<BrowserDoNotDownloadExtensionList>
326
<BrowserDoNotDownloadExtension>
327
<Value>pdf</Value>
328
</BrowserDoNotDownloadExtension>
329
<BrowserDoNotDownloadExtension>
330
<Value>doc</Value>
331
</BrowserDoNotDownloadExtension>
332
<BrowserDoNotDownloadExtension>
333
<Value>jpg</Value>
334
</BrowserDoNotDownloadExtension>
335
<BrowserDoNotDownloadExtension>
336
<Value>jpeg</Value>
337
</BrowserDoNotDownloadExtension>
338
<BrowserDoNotDownloadExtension>
339
<Value>gif</Value>
340
</BrowserDoNotDownloadExtension>
341
<BrowserDoNotDownloadExtension>
342
<Value>png</Value>
343
</BrowserDoNotDownloadExtension>
344
<BrowserDoNotDownloadExtension>
345
<Value>bmp</Value>
346
</BrowserDoNotDownloadExtension>
347
<BrowserDoNotDownloadExtension>
348
<Value>ico</Value>
349
</BrowserDoNotDownloadExtension>
350
<BrowserDoNotDownloadExtension>
351
<Value>exe</Value>
352
</BrowserDoNotDownloadExtension>
353
<BrowserDoNotDownloadExtension>
354
<Value>swf</Value>
355
</BrowserDoNotDownloadExtension>
356
<BrowserDoNotDownloadExtension>
357
<Value>mp3</Value>
358
</BrowserDoNotDownloadExtension>
359
<BrowserDoNotDownloadExtension>
360
<Value>mp4</Value>
361
</BrowserDoNotDownloadExtension>
362
<BrowserDoNotDownloadExtension>
363
<Value>wav</Value>
364
</BrowserDoNotDownloadExtension>
365
<BrowserDoNotDownloadExtension>
366
<Value>eot</Value>
367
</BrowserDoNotDownloadExtension>
368
<BrowserDoNotDownloadExtension>
369
<Value>ttf</Value>
370
</BrowserDoNotDownloadExtension>
371
<BrowserDoNotDownloadExtension>
372
<Value>woff</Value>
373
</BrowserDoNotDownloadExtension>
374
<BrowserDoNotDownloadExtension>
375
<Value>ico</Value>
376
</BrowserDoNotDownloadExtension>
377
<BrowserDoNotDownloadExtension>
378
<Value>svg</Value>
379
</BrowserDoNotDownloadExtension>
380
</BrowserDoNotDownloadExtensionList>
381
<BrowserDoNotDownloadContentTypeList>
382
<BrowserDoNotDownloadContentType>
383
<Value>audio/*</Value>
384
</BrowserDoNotDownloadContentType>
385
<BrowserDoNotDownloadContentType>
386
<Value>image/*</Value>
387
</BrowserDoNotDownloadContentType>
388
<BrowserDoNotDownloadContentType>
389
<Value>video/*</Value>
390
</BrowserDoNotDownloadContentType>
391
<BrowserDoNotDownloadContentType>
392
<Value>application/pdf</Value>
393
</BrowserDoNotDownloadContentType>
394
<BrowserDoNotDownloadContentType>
395
<Value>application/zip</Value>
396
</BrowserDoNotDownloadContentType>
397
<BrowserDoNotDownloadContentType>
398
<Value>application/x-rar-compressed</Value>
399
</BrowserDoNotDownloadContentType>
400
<BrowserDoNotDownloadContentType>
401
<Value>application/x-dvi</Value>
402
</BrowserDoNotDownloadContentType>
403
<BrowserDoNotDownloadContentType>
404
<Value>application/x-shockwave-flash</Value>
405
</BrowserDoNotDownloadContentType>
406
<BrowserDoNotDownloadContentType>
407
<Value>application/msword</Value>
408
</BrowserDoNotDownloadContentType>
409
<BrowserDoNotDownloadContentType>
410
<Value>application/ogg</Value>
411
</BrowserDoNotDownloadContentType>
412
<BrowserDoNotDownloadContentType>
413
<Value>application/x-tar</Value>
414
</BrowserDoNotDownloadContentType>
415
<BrowserDoNotDownloadContentType>
416
<Value>application/octet-stream</Value>
417
</BrowserDoNotDownloadContentType>
418
</BrowserDoNotDownloadContentTypeList>
419
<LockedCookieList />
420
</CrawlConfig>
421
<AttackerConfig>
422
<ParametersToAttackBeforeLimitingAttacks>400</ParametersToAttackBeforeLimitingAttacks>
423
<LinksToAttackBeforeLimitingAttacks>200</LinksToAttackBeforeLimitingAttacks>
424
<MaxSameNameParameterAttackPoints>25</MaxSameNameParameterAttackPoints>
425
<MaxSameCookieParameterAttackPoints>15</MaxSameCookieParameterAttackPoints>
426
<MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
427
<MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
428
<MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
429
<ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
430
<ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
431
<ScopeConstraintList />
432
<DefaultDoNotAttackParamList>
433
<DefaultDoNotAttackParam>
434
<ParameterName>^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y])$</ParameterName>
435
<MatchCriteria>Regex</MatchCriteria>
436
</DefaultDoNotAttackParam>
437
</DefaultDoNotAttackParamList>
438
<UserDoNotAttackParamList />
439
</AttackerConfig>
440
<AttackPolicyConfig>
441
<Policy></Policy>
442
<AttackPrioritization>Smart</AttackPrioritization>
443
<AttackDepth>Smart</AttackDepth>
444
<EnableAdvancedAttacks>0</EnableAdvancedAttacks>
445
<FalsePositiveRegex>This web browser does not support JavaScript or JavaScript in this web browser is not enabled.</FalsePositiveRegex>
446
<FalsePositiveFindingRegex></FalsePositiveFindingRegex>
447
<RootCauseIdExcludeList></RootCauseIdExcludeList>
448
<AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
449
<EnforceEncoding>0</EnforceEncoding>
450
<AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
451
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
452
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
453
<AttackModulePolicyList>
454
<AttackModulePolicy>
455
<Enabled>1</Enabled>
456
<ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
457
<ModulePriority>High</ModulePriority>
458
<Severity>High</Severity>
459
<MaxVulnLimit>100</MaxVulnLimit>
460
<MaxVarianceLimit>3</MaxVarianceLimit>
461
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
462
<EnforceEncoding>0</EnforceEncoding>
463
<ApplyPolicySeverity>0</ApplyPolicySeverity>
464
<AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
465
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
466
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
467
</AttackModulePolicy>
468
<AttackModulePolicy>
469
<Enabled>1</Enabled>
470
<ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
471
<ModulePriority>High</ModulePriority>
472
<Severity>Informational</Severity>
473
<MaxVulnLimit>100</MaxVulnLimit>
474
<MaxVarianceLimit>3</MaxVarianceLimit>
475
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
476
<EnforceEncoding>0</EnforceEncoding>
477
<ApplyPolicySeverity>0</ApplyPolicySeverity>
478
<AttackPoints>Response Analysis</AttackPoints>
479
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
480
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
481
</AttackModulePolicy>
482
<AttackModulePolicy>
483
<Enabled>1</Enabled>
484
<ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
485
<ModulePriority>High</ModulePriority>
486
<Severity>High</Severity>
487
<MaxVulnLimit>100</MaxVulnLimit>
488
<MaxVarianceLimit>4</MaxVarianceLimit>
489
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
490
<EnforceEncoding>0</EnforceEncoding>
491
<ApplyPolicySeverity>0</ApplyPolicySeverity>
492
<AttackPoints>Parameter</AttackPoints>
493
<ParameterLocations>Post</ParameterLocations>
494
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
495
</AttackModulePolicy>
496
<AttackModulePolicy>
497
<Enabled>1</Enabled>
498
<ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
499
<ModulePriority>Medium</ModulePriority>
500
<Severity>Low</Severity>
501
<MaxVulnLimit>20</MaxVulnLimit>
502
<MaxVarianceLimit>2</MaxVarianceLimit>
503
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
504
<EnforceEncoding>0</EnforceEncoding>
505
<ApplyPolicySeverity>0</ApplyPolicySeverity>
506
<AttackPoints>Directory</AttackPoints>
507
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
508
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
509
</AttackModulePolicy>
510
<AttackModulePolicy>
511
<Enabled>1</Enabled>
512
<ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
513
<ModulePriority>Medium</ModulePriority>
514
<Severity>Low</Severity>
515
<MaxVulnLimit>100</MaxVulnLimit>
516
<MaxVarianceLimit>2</MaxVarianceLimit>
517
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
518
<EnforceEncoding>0</EnforceEncoding>
519
<ApplyPolicySeverity>0</ApplyPolicySeverity>
520
<AttackPoints>Response Analysis</AttackPoints>
521
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
522
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
523
</AttackModulePolicy>
524
<AttackModulePolicy>
525
<Enabled>1</Enabled>
526
<ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
527
<ModulePriority>Medium</ModulePriority>
528
<Severity>Informational</Severity>
529
<MaxVulnLimit>100</MaxVulnLimit>
530
<MaxVarianceLimit>1</MaxVarianceLimit>
531
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
532
<EnforceEncoding>0</EnforceEncoding>
533
<ApplyPolicySeverity>0</ApplyPolicySeverity>
534
<AttackPoints>Response Analysis</AttackPoints>
535
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
536
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
537
</AttackModulePolicy>
538
<AttackModulePolicy>
539
<Enabled>1</Enabled>
540
<ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
541
<ModulePriority>Medium</ModulePriority>
542
<Severity>Low</Severity>
543
<MaxVulnLimit>100</MaxVulnLimit>
544
<MaxVarianceLimit>4</MaxVarianceLimit>
545
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
546
<EnforceEncoding>0</EnforceEncoding>
547
<ApplyPolicySeverity>0</ApplyPolicySeverity>
548
<AttackPoints>Response Analysis</AttackPoints>
549
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
550
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
551
</AttackModulePolicy>
552
<AttackModulePolicy>
553
<Enabled>1</Enabled>
554
<ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
555
<ModulePriority>High</ModulePriority>
556
<Severity>High</Severity>
557
<MaxVulnLimit>2</MaxVulnLimit>
558
<MaxVarianceLimit>2</MaxVarianceLimit>
559
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
560
<EnforceEncoding>0</EnforceEncoding>
561
<ApplyPolicySeverity>0</ApplyPolicySeverity>
562
<AttackPoints>Web Resource</AttackPoints>
563
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
564
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
565
</AttackModulePolicy>
566
<AttackModulePolicy>
567
<Enabled>1</Enabled>
568
<ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
569
<ModulePriority>High</ModulePriority>
570
<Severity>High</Severity>
571
<MaxVulnLimit>2</MaxVulnLimit>
572
<MaxVarianceLimit>2</MaxVarianceLimit>
573
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
574
<EnforceEncoding>0</EnforceEncoding>
575
<ApplyPolicySeverity>0</ApplyPolicySeverity>
576
<AttackPoints>Parameter</AttackPoints>
577
<ParameterLocations>Query|Post</ParameterLocations>
578
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
579
</AttackModulePolicy>
580
<AttackModulePolicy>
581
<Enabled>1</Enabled>
582
<ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
583
<ModulePriority>High</ModulePriority>
584
<Severity>High</Severity>
585
<MaxVulnLimit>200</MaxVulnLimit>
586
<MaxVarianceLimit>4</MaxVarianceLimit>
587
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
588
<EnforceEncoding>0</EnforceEncoding>
589
<ApplyPolicySeverity>0</ApplyPolicySeverity>
590
<AttackPoints>Parameter</AttackPoints>
591
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
592
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
593
</AttackModulePolicy>
594
<AttackModulePolicy>
595
<Enabled>1</Enabled>
596
<ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
597
<ModulePriority>Low</ModulePriority>
598
<Severity>Low</Severity>
599
<MaxVulnLimit>100</MaxVulnLimit>
600
<MaxVarianceLimit>4</MaxVarianceLimit>
601
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
602
<EnforceEncoding>0</EnforceEncoding>
603
<ApplyPolicySeverity>0</ApplyPolicySeverity>
604
<AttackPoints>Directory</AttackPoints>
605
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
606
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
607
</AttackModulePolicy>
608
<AttackModulePolicy>
609
<Enabled>1</Enabled>
610
<ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
611
<ModulePriority>Low</ModulePriority>
612
<Severity>Informational</Severity>
613
<MaxVulnLimit>100</MaxVulnLimit>
614
<MaxVarianceLimit>4</MaxVarianceLimit>
615
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
616
<EnforceEncoding>0</EnforceEncoding>
617
<ApplyPolicySeverity>0</ApplyPolicySeverity>
618
<AttackPoints>Response Analysis</AttackPoints>
619
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
620
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
621
</AttackModulePolicy>
622
<AttackModulePolicy>
623
<Enabled>1</Enabled>
624
<ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
625
<ModulePriority>Medium</ModulePriority>
626
<Severity>Low</Severity>
627
<MaxVulnLimit>20</MaxVulnLimit>
628
<MaxVarianceLimit>10</MaxVarianceLimit>
629
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
630
<EnforceEncoding>0</EnforceEncoding>
631
<ApplyPolicySeverity>0</ApplyPolicySeverity>
632
<AttackPoints>Response Analysis</AttackPoints>
633
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
634
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
635
</AttackModulePolicy>
636
<AttackModulePolicy>
637
<Enabled>1</Enabled>
638
<ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
639
<ModulePriority>Low</ModulePriority>
640
<Severity>Low</Severity>
641
<MaxVulnLimit>100</MaxVulnLimit>
642
<MaxVarianceLimit>5</MaxVarianceLimit>
643
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
644
<EnforceEncoding>0</EnforceEncoding>
645
<ApplyPolicySeverity>0</ApplyPolicySeverity>
646
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
647
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
648
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
649
</AttackModulePolicy>
650
<AttackModulePolicy>
651
<Enabled>1</Enabled>
652
<ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
653
<ModulePriority>Low</ModulePriority>
654
<Severity>Medium</Severity>
655
<MaxVulnLimit>10</MaxVulnLimit>
656
<MaxVarianceLimit>2</MaxVarianceLimit>
657
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
658
<EnforceEncoding>0</EnforceEncoding>
659
<ApplyPolicySeverity>0</ApplyPolicySeverity>
660
<AttackPoints>Response Analysis</AttackPoints>
661
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
662
<RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
663
</AttackModulePolicy>
664
<AttackModulePolicy>
665
<Enabled>1</Enabled>
666
<ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
667
<ModulePriority>Low</ModulePriority>
668
<Severity>Low</Severity>
669
<MaxVulnLimit>100</MaxVulnLimit>
670
<MaxVarianceLimit>2</MaxVarianceLimit>
671
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
672
<EnforceEncoding>0</EnforceEncoding>
673
<ApplyPolicySeverity>0</ApplyPolicySeverity>
674
<AttackPoints>Web Resource</AttackPoints>
675
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
676
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
677
</AttackModulePolicy>
678
<AttackModulePolicy>
679
<Enabled>1</Enabled>
680
<ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
681
<ModulePriority>Medium</ModulePriority>
682
<Severity>Informational</Severity>
683
<MaxVulnLimit>10</MaxVulnLimit>
684
<MaxVarianceLimit>1</MaxVarianceLimit>
685
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
686
<EnforceEncoding>0</EnforceEncoding>
687
<ApplyPolicySeverity>0</ApplyPolicySeverity>
688
<AttackPoints>Directory</AttackPoints>
689
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
690
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
691
</AttackModulePolicy>
692
<AttackModulePolicy>
693
<Enabled>1</Enabled>
694
<ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
695
<ModulePriority>Medium</ModulePriority>
696
<Severity>Informational</Severity>
697
<MaxVulnLimit>10</MaxVulnLimit>
698
<MaxVarianceLimit>1</MaxVarianceLimit>
699
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
700
<EnforceEncoding>0</EnforceEncoding>
701
<ApplyPolicySeverity>0</ApplyPolicySeverity>
702
<AttackPoints>Parameter</AttackPoints>
703
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
704
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
705
</AttackModulePolicy>
706
<AttackModulePolicy>
707
<Enabled>1</Enabled>
708
<ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
709
<ModulePriority>Medium</ModulePriority>
710
<Severity>Informational</Severity>
711
<MaxVulnLimit>100</MaxVulnLimit>
712
<MaxVarianceLimit>1</MaxVarianceLimit>
713
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
714
<EnforceEncoding>0</EnforceEncoding>
715
<ApplyPolicySeverity>0</ApplyPolicySeverity>
716
<AttackPoints>Response Analysis</AttackPoints>
717
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
718
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
719
</AttackModulePolicy>
720
<AttackModulePolicy>
721
<Enabled>1</Enabled>
722
<ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
723
<ModulePriority>Medium</ModulePriority>
724
<Severity>Low</Severity>
725
<MaxVulnLimit>100</MaxVulnLimit>
726
<MaxVarianceLimit>1</MaxVarianceLimit>
727
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
728
<EnforceEncoding>0</EnforceEncoding>
729
<ApplyPolicySeverity>0</ApplyPolicySeverity>
730
<AttackPoints>Directory</AttackPoints>
731
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
732
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
733
</AttackModulePolicy>
734
<AttackModulePolicy>
735
<Enabled>1</Enabled>
736
<ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
737
<ModulePriority>Low</ModulePriority>
738
<Severity>Informational</Severity>
739
<MaxVulnLimit>100</MaxVulnLimit>
740
<MaxVarianceLimit>4</MaxVarianceLimit>
741
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
742
<EnforceEncoding>0</EnforceEncoding>
743
<ApplyPolicySeverity>0</ApplyPolicySeverity>
744
<AttackPoints>Response Analysis</AttackPoints>
745
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
746
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
747
</AttackModulePolicy>
748
<AttackModulePolicy>
749
<Enabled>1</Enabled>
750
<ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
751
<ModulePriority>High</ModulePriority>
752
<Severity>High</Severity>
753
<MaxVulnLimit>100</MaxVulnLimit>
754
<MaxVarianceLimit>4</MaxVarianceLimit>
755
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
756
<EnforceEncoding>0</EnforceEncoding>
757
<ApplyPolicySeverity>0</ApplyPolicySeverity>
758
<AttackPoints>Parameter</AttackPoints>
759
<ParameterLocations>Query|Post</ParameterLocations>
760
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
761
</AttackModulePolicy>
762
<AttackModulePolicy>
763
<Enabled>1</Enabled>
764
<ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
765
<ModulePriority>Low</ModulePriority>
766
<Severity>Low</Severity>
767
<MaxVulnLimit>50</MaxVulnLimit>
768
<MaxVarianceLimit>2</MaxVarianceLimit>
769
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
770
<EnforceEncoding>0</EnforceEncoding>
771
<ApplyPolicySeverity>0</ApplyPolicySeverity>
772
<AttackPoints>Parameter</AttackPoints>
773
<ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
774
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
775
</AttackModulePolicy>
776
<AttackModulePolicy>
777
<Enabled>1</Enabled>
778
<ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
779
<ModulePriority>Medium</ModulePriority>
780
<Severity>Low</Severity>
781
<MaxVulnLimit>100</MaxVulnLimit>
782
<MaxVarianceLimit>2</MaxVarianceLimit>
783
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
784
<EnforceEncoding>0</EnforceEncoding>
785
<ApplyPolicySeverity>0</ApplyPolicySeverity>
786
<AttackPoints>Response Analysis</AttackPoints>
787
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
788
<RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
789
</AttackModulePolicy>
790
<AttackModulePolicy>
791
<Enabled>1</Enabled>
792
<ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
793
<ModulePriority>High</ModulePriority>
794
<Severity>Low</Severity>
795
<MaxVulnLimit>2</MaxVulnLimit>
796
<MaxVarianceLimit>4</MaxVarianceLimit>
797
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
798
<EnforceEncoding>0</EnforceEncoding>
799
<ApplyPolicySeverity>0</ApplyPolicySeverity>
800
<AttackPoints>Web Resource</AttackPoints>
801
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
802
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
803
</AttackModulePolicy>
804
<AttackModulePolicy>
805
<Enabled>1</Enabled>
806
<ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
807
<ModulePriority>High</ModulePriority>
808
<Severity>High</Severity>
809
<MaxVulnLimit>10</MaxVulnLimit>
810
<MaxVarianceLimit>50</MaxVarianceLimit>
811
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
812
<EnforceEncoding>0</EnforceEncoding>
813
<ApplyPolicySeverity>0</ApplyPolicySeverity>
814
<AttackPoints>Web Site</AttackPoints>
815
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
816
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
817
</AttackModulePolicy>
818
<AttackModulePolicy>
819
<Enabled>1</Enabled>
820
<ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
821
<ModulePriority>High</ModulePriority>
822
<Severity>High</Severity>
823
<MaxVulnLimit>10</MaxVulnLimit>
824
<MaxVarianceLimit>1</MaxVarianceLimit>
825
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
826
<EnforceEncoding>0</EnforceEncoding>
827
<ApplyPolicySeverity>0</ApplyPolicySeverity>
828
<AttackPoints>Web Site</AttackPoints>
829
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
830
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
831
</AttackModulePolicy>
832
<AttackModulePolicy>
833
<Enabled>1</Enabled>
834
<ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
835
<ModulePriority>Low</ModulePriority>
836
<Severity>Informational</Severity>
837
<MaxVulnLimit>1</MaxVulnLimit>
838
<MaxVarianceLimit>2</MaxVarianceLimit>
839
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
840
<EnforceEncoding>0</EnforceEncoding>
841
<ApplyPolicySeverity>0</ApplyPolicySeverity>
842
<AttackPoints>Response Analysis</AttackPoints>
843
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
844
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
845
</AttackModulePolicy>
846
<AttackModulePolicy>
847
<Enabled>1</Enabled>
848
<ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
849
<ModulePriority>Low</ModulePriority>
850
<Severity>Low</Severity>
851
<MaxVulnLimit>2</MaxVulnLimit>
852
<MaxVarianceLimit>4</MaxVarianceLimit>
853
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
854
<EnforceEncoding>0</EnforceEncoding>
855
<ApplyPolicySeverity>0</ApplyPolicySeverity>
856
<AttackPoints>Response Analysis</AttackPoints>
857
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
858
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
859
</AttackModulePolicy>
860
<AttackModulePolicy>
861
<Enabled>1</Enabled>
862
<ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
863
<ModulePriority>Low</ModulePriority>
864
<Severity>Low</Severity>
865
<MaxVulnLimit>100</MaxVulnLimit>
866
<MaxVarianceLimit>1</MaxVarianceLimit>
867
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
868
<EnforceEncoding>0</EnforceEncoding>
869
<ApplyPolicySeverity>0</ApplyPolicySeverity>
870
<AttackPoints>Web Resource</AttackPoints>
871
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
872
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
873
</AttackModulePolicy>
874
<AttackModulePolicy>
875
<Enabled>1</Enabled>
876
<ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
877
<ModulePriority>Medium</ModulePriority>
878
<Severity>Informational</Severity>
879
<MaxVulnLimit>100</MaxVulnLimit>
880
<MaxVarianceLimit>4</MaxVarianceLimit>
881
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
882
<EnforceEncoding>0</EnforceEncoding>
883
<ApplyPolicySeverity>0</ApplyPolicySeverity>
884
<AttackPoints>Response Analysis</AttackPoints>
885
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
886
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
887
</AttackModulePolicy>
888
<AttackModulePolicy>
889
<Enabled>1</Enabled>
890
<ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
891
<ModulePriority>High</ModulePriority>
892
<Severity>High</Severity>
893
<MaxVulnLimit>200</MaxVulnLimit>
894
<MaxVarianceLimit>4</MaxVarianceLimit>
895
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
896
<EnforceEncoding>0</EnforceEncoding>
897
<ApplyPolicySeverity>0</ApplyPolicySeverity>
898
<AttackPoints>Parameter</AttackPoints>
899
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
900
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
901
</AttackModulePolicy>
902
<AttackModulePolicy>
903
<Enabled>1</Enabled>
904
<ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
905
<ModulePriority>Low</ModulePriority>
906
<Severity>Informational</Severity>
907
<MaxVulnLimit>500</MaxVulnLimit>
908
<MaxVarianceLimit>4</MaxVarianceLimit>
909
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
910
<EnforceEncoding>0</EnforceEncoding>
911
<ApplyPolicySeverity>0</ApplyPolicySeverity>
912
<AttackPoints>Response Analysis</AttackPoints>
913
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
914
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
915
</AttackModulePolicy>
916
<AttackModulePolicy>
917
<Enabled>1</Enabled>
918
<ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
919
<ModulePriority>High</ModulePriority>
920
<Severity>Low</Severity>
921
<MaxVulnLimit>250</MaxVulnLimit>
922
<MaxVarianceLimit>4</MaxVarianceLimit>
923
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
924
<EnforceEncoding>0</EnforceEncoding>
925
<ApplyPolicySeverity>0</ApplyPolicySeverity>
926
<AttackPoints>Response Analysis</AttackPoints>
927
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
928
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
929
</AttackModulePolicy>
930
<AttackModulePolicy>
931
<Enabled>1</Enabled>
932
<ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
933
<ModulePriority>Low</ModulePriority>
934
<Severity>Low</Severity>
935
<MaxVulnLimit>100</MaxVulnLimit>
936
<MaxVarianceLimit>4</MaxVarianceLimit>
937
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
938
<EnforceEncoding>0</EnforceEncoding>
939
<ApplyPolicySeverity>0</ApplyPolicySeverity>
940
<AttackPoints>Web Resource</AttackPoints>
941
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
942
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
943
</AttackModulePolicy>
944
<AttackModulePolicy>
945
<Enabled>1</Enabled>
946
<ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
947
<ModulePriority>High</ModulePriority>
948
<Severity>High</Severity>
949
<MaxVulnLimit>100</MaxVulnLimit>
950
<MaxVarianceLimit>4</MaxVarianceLimit>
951
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
952
<EnforceEncoding>0</EnforceEncoding>
953
<ApplyPolicySeverity>0</ApplyPolicySeverity>
954
<AttackPoints>Parameter</AttackPoints>
955
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
956
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
957
</AttackModulePolicy>
958
<AttackModulePolicy>
959
<Enabled>1</Enabled>
960
<ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
961
<ModulePriority>High</ModulePriority>
962
<Severity>Informational</Severity>
963
<MaxVulnLimit>100</MaxVulnLimit>
964
<MaxVarianceLimit>4</MaxVarianceLimit>
965
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
966
<EnforceEncoding>0</EnforceEncoding>
967
<ApplyPolicySeverity>0</ApplyPolicySeverity>
968
<AttackPoints>Response Analysis</AttackPoints>
969
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
970
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
971
</AttackModulePolicy>
972
<AttackModulePolicy>
973
<Enabled>1</Enabled>
974
<ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
975
<ModulePriority>Medium</ModulePriority>
976
<Severity>Low</Severity>
977
<MaxVulnLimit>100</MaxVulnLimit>
978
<MaxVarianceLimit>4</MaxVarianceLimit>
979
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
980
<EnforceEncoding>0</EnforceEncoding>
981
<ApplyPolicySeverity>0</ApplyPolicySeverity>
982
<AttackPoints>Parameter|Response Analysis</AttackPoints>
983
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
984
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
985
</AttackModulePolicy>
986
<AttackModulePolicy>
987
<Enabled>1</Enabled>
988
<ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
989
<ModulePriority>High</ModulePriority>
990
<Severity>High</Severity>
991
<MaxVulnLimit>1</MaxVulnLimit>
992
<MaxVarianceLimit>1</MaxVarianceLimit>
993
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
994
<EnforceEncoding>0</EnforceEncoding>
995
<ApplyPolicySeverity>0</ApplyPolicySeverity>
996
<AttackPoints>Parameter</AttackPoints>
997
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
998
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
999
</AttackModulePolicy>
1000
<AttackModulePolicy>
1001
<Enabled>1</Enabled>
1002
<ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
1003
<ModulePriority>Medium</ModulePriority>
1004
<Severity>High</Severity>
1005
<MaxVulnLimit>200</MaxVulnLimit>
1006
<MaxVarianceLimit>4</MaxVarianceLimit>
1007
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1008
<EnforceEncoding>0</EnforceEncoding>
1009
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1010
<AttackPoints>Parameter</AttackPoints>
1011
<ParameterLocations>File|Path|Query|Post</ParameterLocations>
1012
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1013
</AttackModulePolicy>
1014
<AttackModulePolicy>
1015
<Enabled>1</Enabled>
1016
<ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
1017
<ModulePriority>High</ModulePriority>
1018
<Severity>High</Severity>
1019
<MaxVulnLimit>250</MaxVulnLimit>
1020
<MaxVarianceLimit>5</MaxVarianceLimit>
1021
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1022
<EnforceEncoding>0</EnforceEncoding>
1023
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1024
<AttackPoints>Parameter</AttackPoints>
1025
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
1026
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1027
</AttackModulePolicy>
1028
<AttackModulePolicy>
1029
<Enabled>1</Enabled>
1030
<ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
1031
<ModulePriority>High</ModulePriority>
1032
<Severity>Medium</Severity>
1033
<MaxVulnLimit>250</MaxVulnLimit>
1034
<MaxVarianceLimit>5</MaxVarianceLimit>
1035
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1036
<EnforceEncoding>0</EnforceEncoding>
1037
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1038
<AttackPoints>Parameter</AttackPoints>
1039
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
1040
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1041
</AttackModulePolicy>
1042
<AttackModulePolicy>
1043
<Enabled>1</Enabled>
1044
<ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
1045
<ModulePriority>High</ModulePriority>
1046
<Severity>Medium</Severity>
1047
<MaxVulnLimit>500</MaxVulnLimit>
1048
<MaxVarianceLimit>4</MaxVarianceLimit>
1049
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1050
<EnforceEncoding>0</EnforceEncoding>
1051
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1052
<AttackPoints>Parameter</AttackPoints>
1053
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1054
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1055
</AttackModulePolicy>
1056
<AttackModulePolicy>
1057
<Enabled>1</Enabled>
1058
<ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
1059
<ModulePriority>High</ModulePriority>
1060
<Severity>Low</Severity>
1061
<MaxVulnLimit>2</MaxVulnLimit>
1062
<MaxVarianceLimit>2</MaxVarianceLimit>
1063
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1064
<EnforceEncoding>0</EnforceEncoding>
1065
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1066
<AttackPoints>Response Analysis</AttackPoints>
1067
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1068
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1069
</AttackModulePolicy>
1070
<AttackModulePolicy>
1071
<Enabled>1</Enabled>
1072
<ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
1073
<ModulePriority>Medium</ModulePriority>
1074
<Severity>Informational</Severity>
1075
<MaxVulnLimit>200</MaxVulnLimit>
1076
<MaxVarianceLimit>10</MaxVarianceLimit>
1077
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1078
<EnforceEncoding>0</EnforceEncoding>
1079
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1080
<AttackPoints>Response Analysis</AttackPoints>
1081
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1082
<RequestOriginations>HTML|Form|Silverlight</RequestOriginations>
1083
</AttackModulePolicy>
1084
<AttackModulePolicy>
1085
<Enabled>1</Enabled>
1086
<ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
1087
<ModulePriority>High</ModulePriority>
1088
<Severity>Medium</Severity>
1089
<MaxVulnLimit>100</MaxVulnLimit>
1090
<MaxVarianceLimit>4</MaxVarianceLimit>
1091
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1092
<EnforceEncoding>0</EnforceEncoding>
1093
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1094
<AttackPoints>Parameter</AttackPoints>
1095
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1096
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1097
</AttackModulePolicy>
1098
<AttackModulePolicy>
1099
<Enabled>1</Enabled>
1100
<ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
1101
<ModulePriority>Low</ModulePriority>
1102
<Severity>Informational</Severity>
1103
<MaxVulnLimit>250</MaxVulnLimit>
1104
<MaxVarianceLimit>10</MaxVarianceLimit>
1105
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1106
<EnforceEncoding>0</EnforceEncoding>
1107
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1108
<AttackPoints>Response Analysis</AttackPoints>
1109
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1110
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1111
</AttackModulePolicy>
1112
<AttackModulePolicy>
1113
<Enabled>1</Enabled>
1114
<ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
1115
<ModulePriority>Medium</ModulePriority>
1116
<Severity>Low</Severity>
1117
<MaxVulnLimit>2</MaxVulnLimit>
1118
<MaxVarianceLimit>4</MaxVarianceLimit>
1119
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1120
<EnforceEncoding>0</EnforceEncoding>
1121
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1122
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
1123
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1124
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1125
</AttackModulePolicy>
1126
<AttackModulePolicy>
1127
<Enabled>1</Enabled>
1128
<ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
1129
<ModulePriority>Low</ModulePriority>
1130
<Severity>Informational</Severity>
1131
<MaxVulnLimit>100</MaxVulnLimit>
1132
<MaxVarianceLimit>4</MaxVarianceLimit>
1133
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1134
<EnforceEncoding>0</EnforceEncoding>
1135
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1136
<AttackPoints>Response Analysis</AttackPoints>
1137
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1138
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1139
</AttackModulePolicy>
1140
<AttackModulePolicy>
1141
<Enabled>1</Enabled>
1142
<ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
1143
<ModulePriority>Low</ModulePriority>
1144
<Severity>Safe</Severity>
1145
<MaxVulnLimit>500</MaxVulnLimit>
1146
<MaxVarianceLimit>4</MaxVarianceLimit>
1147
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1148
<EnforceEncoding>0</EnforceEncoding>
1149
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1150
<AttackPoints>Parameter</AttackPoints>
1151
<ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
1152
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1153
</AttackModulePolicy>
1154
<AttackModulePolicy>
1155
<Enabled>1</Enabled>
1156
<ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
1157
<ModulePriority>Medium</ModulePriority>
1158
<Severity>Medium</Severity>
1159
<MaxVulnLimit>1000</MaxVulnLimit>
1160
<MaxVarianceLimit>4</MaxVarianceLimit>
1161
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1162
<EnforceEncoding>0</EnforceEncoding>
1163
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1164
<AttackPoints>Directory|File|Parameter</AttackPoints>
1165
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1166
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1167
</AttackModulePolicy>
1168
<AttackModulePolicy>
1169
<Enabled>1</Enabled>
1170
<ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
1171
<ModulePriority>Low</ModulePriority>
1172
<Severity>Informational</Severity>
1173
<MaxVulnLimit>10</MaxVulnLimit>
1174
<MaxVarianceLimit>2</MaxVarianceLimit>
1175
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1176
<EnforceEncoding>0</EnforceEncoding>
1177
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1178
<AttackPoints>Web Resource</AttackPoints>
1179
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1180
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1181
</AttackModulePolicy>
1182
<AttackModulePolicy>
1183
<Enabled>1</Enabled>
1184
<ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
1185
<ModulePriority>Low</ModulePriority>
1186
<Severity>Low</Severity>
1187
<MaxVulnLimit>100</MaxVulnLimit>
1188
<MaxVarianceLimit>10</MaxVarianceLimit>
1189
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1190
<EnforceEncoding>0</EnforceEncoding>
1191
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1192
<AttackPoints>Web Site|Directory|File</AttackPoints>
1193
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1194
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1195
</AttackModulePolicy>
1196
<AttackModulePolicy>
1197
<Enabled>1</Enabled>
1198
<ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
1199
<ModulePriority>Medium</ModulePriority>
1200
<Severity>Medium</Severity>
1201
<MaxVulnLimit>250</MaxVulnLimit>
1202
<MaxVarianceLimit>4</MaxVarianceLimit>
1203
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1204
<EnforceEncoding>0</EnforceEncoding>
1205
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1206
<AttackPoints>Parameter</AttackPoints>
1207
<ParameterLocations>Query</ParameterLocations>
1208
<RequestOriginations>HTML|Form</RequestOriginations>
1209
</AttackModulePolicy>
1210
<AttackModulePolicy>
1211
<Enabled>1</Enabled>
1212
<ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
1213
<ModulePriority>High</ModulePriority>
1214
<Severity>Low</Severity>
1215
<MaxVulnLimit>10</MaxVulnLimit>
1216
<MaxVarianceLimit>1</MaxVarianceLimit>
1217
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1218
<EnforceEncoding>0</EnforceEncoding>
1219
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1220
<AttackPoints>Web Site</AttackPoints>
1221
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1222
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1223
</AttackModulePolicy>
1224
<AttackModulePolicy>
1225
<Enabled>1</Enabled>
1226
<ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
1227
<ModulePriority>Low</ModulePriority>
1228
<Severity>Low</Severity>
1229
<MaxVulnLimit>100</MaxVulnLimit>
1230
<MaxVarianceLimit>4</MaxVarianceLimit>
1231
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1232
<EnforceEncoding>0</EnforceEncoding>
1233
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1234
<AttackPoints>Response Analysis</AttackPoints>
1235
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1236
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1237
</AttackModulePolicy>
1238
<AttackModulePolicy>
1239
<Enabled>1</Enabled>
1240
<ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
1241
<ModulePriority>Low</ModulePriority>
1242
<Severity>Informational</Severity>
1243
<MaxVulnLimit>100</MaxVulnLimit>
1244
<MaxVarianceLimit>4</MaxVarianceLimit>
1245
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1246
<EnforceEncoding>0</EnforceEncoding>
1247
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1248
<AttackPoints>Response Analysis</AttackPoints>
1249
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1250
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1251
</AttackModulePolicy>
1252
<AttackModulePolicy>
1253
<Enabled>1</Enabled>
1254
<ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
1255
<ModulePriority>Low</ModulePriority>
1256
<Severity>Low</Severity>
1257
<MaxVulnLimit>100</MaxVulnLimit>
1258
<MaxVarianceLimit>4</MaxVarianceLimit>
1259
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1260
<EnforceEncoding>0</EnforceEncoding>
1261
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1262
<AttackPoints>Response Analysis</AttackPoints>
1263
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1264
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1265
</AttackModulePolicy>
1266
<AttackModulePolicy>
1267
<Enabled>1</Enabled>
1268
<ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
1269
<ModulePriority>High</ModulePriority>
1270
<Severity>Informational</Severity>
1271
<MaxVulnLimit>10</MaxVulnLimit>
1272
<MaxVarianceLimit>1</MaxVarianceLimit>
1273
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1274
<EnforceEncoding>0</EnforceEncoding>
1275
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1276
<AttackPoints>Web Site|Response Analysis</AttackPoints>
1277
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1278
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1279
</AttackModulePolicy>
1280
<AttackModulePolicy>
1281
<Enabled>1</Enabled>
1282
<ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
1283
<ModulePriority>Medium</ModulePriority>
1284
<Severity>Medium</Severity>
1285
<MaxVulnLimit>100</MaxVulnLimit>
1286
<MaxVarianceLimit>4</MaxVarianceLimit>
1287
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1288
<EnforceEncoding>0</EnforceEncoding>
1289
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1290
<AttackPoints>Parameter</AttackPoints>
1291
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1292
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1293
</AttackModulePolicy>
1294
<AttackModulePolicy>
1295
<Enabled>1</Enabled>
1296
<ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
1297
<ModulePriority>High</ModulePriority>
1298
<Severity>Medium</Severity>
1299
<MaxVulnLimit>10</MaxVulnLimit>
1300
<MaxVarianceLimit>2</MaxVarianceLimit>
1301
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1302
<EnforceEncoding>0</EnforceEncoding>
1303
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1304
<AttackPoints>Web Resource</AttackPoints>
1305
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1306
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1307
</AttackModulePolicy>
1308
<AttackModulePolicy>
1309
<Enabled>1</Enabled>
1310
<ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
1311
<ModulePriority>Medium</ModulePriority>
1312
<Severity>Low</Severity>
1313
<MaxVulnLimit>2</MaxVulnLimit>
1314
<MaxVarianceLimit>4</MaxVarianceLimit>
1315
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1316
<EnforceEncoding>0</EnforceEncoding>
1317
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1318
<AttackPoints>Web Resource</AttackPoints>
1319
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1320
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1321
</AttackModulePolicy>
1322
<AttackModulePolicy>
1323
<Enabled>1</Enabled>
1324
<ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
1325
<ModulePriority>Low</ModulePriority>
1326
<Severity>Medium</Severity>
1327
<MaxVulnLimit>100</MaxVulnLimit>
1328
<MaxVarianceLimit>4</MaxVarianceLimit>
1329
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1330
<EnforceEncoding>0</EnforceEncoding>
1331
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1332
<AttackPoints>File</AttackPoints>
1333
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1334
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1335
</AttackModulePolicy>
1336
<AttackModulePolicy>
1337
<Enabled>1</Enabled>
1338
<ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
1339
<ModulePriority>High</ModulePriority>
1340
<Severity>Low</Severity>
1341
<MaxVulnLimit>100</MaxVulnLimit>
1342
<MaxVarianceLimit>4</MaxVarianceLimit>
1343
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1344
<EnforceEncoding>0</EnforceEncoding>
1345
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1346
<AttackPoints>Response Analysis</AttackPoints>
1347
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1348
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1349
</AttackModulePolicy>
1350
<AttackModulePolicy>
1351
<Enabled>1</Enabled>
1352
<ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
1353
<ModulePriority>High</ModulePriority>
1354
<Severity>High</Severity>
1355
<MaxVulnLimit>250</MaxVulnLimit>
1356
<MaxVarianceLimit>4</MaxVarianceLimit>
1357
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1358
<EnforceEncoding>0</EnforceEncoding>
1359
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1360
<AttackPoints>Parameter</AttackPoints>
1361
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1362
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1363
</AttackModulePolicy>
1364
<AttackModulePolicy>
1365
<Enabled>1</Enabled>
1366
<ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
1367
<ModulePriority>High</ModulePriority>
1368
<Severity>High</Severity>
1369
<MaxVulnLimit>10</MaxVulnLimit>
1370
<MaxVarianceLimit>4</MaxVarianceLimit>
1371
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1372
<EnforceEncoding>0</EnforceEncoding>
1373
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1374
<AttackPoints>Parameter</AttackPoints>
1375
<ParameterLocations>Path|Query|Post</ParameterLocations>
1376
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1377
</AttackModulePolicy>
1378
<AttackModulePolicy>
1379
<Enabled>1</Enabled>
1380
<ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
1381
<ModulePriority>Medium</ModulePriority>
1382
<Severity>Medium</Severity>
1383
<MaxVulnLimit>100</MaxVulnLimit>
1384
<MaxVarianceLimit>4</MaxVarianceLimit>
1385
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1386
<EnforceEncoding>0</EnforceEncoding>
1387
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1388
<AttackPoints>Response Analysis</AttackPoints>
1389
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1390
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1391
</AttackModulePolicy>
1392
<AttackModulePolicy>
1393
<Enabled>1</Enabled>
1394
<ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
1395
<ModulePriority>Medium</ModulePriority>
1396
<Severity>Informational</Severity>
1397
<MaxVulnLimit>10</MaxVulnLimit>
1398
<MaxVarianceLimit>1</MaxVarianceLimit>
1399
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1400
<EnforceEncoding>0</EnforceEncoding>
1401
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1402
<AttackPoints>Web Site</AttackPoints>
1403
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1404
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1405
</AttackModulePolicy>
1406
<AttackModulePolicy>
1407
<Enabled>1</Enabled>
1408
<ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
1409
<ModulePriority>Medium</ModulePriority>
1410
<Severity>Informational</Severity>
1411
<MaxVulnLimit>20</MaxVulnLimit>
1412
<MaxVarianceLimit>20</MaxVarianceLimit>
1413
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1414
<EnforceEncoding>0</EnforceEncoding>
1415
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1416
<AttackPoints>Web Site</AttackPoints>
1417
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1418
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1419
</AttackModulePolicy>
1420
<AttackModulePolicy>
1421
<Enabled>1</Enabled>
1422
<ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
1423
<ModulePriority>High</ModulePriority>
1424
<Severity>Low</Severity>
1425
<MaxVulnLimit>10</MaxVulnLimit>
1426
<MaxVarianceLimit>4</MaxVarianceLimit>
1427
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1428
<EnforceEncoding>0</EnforceEncoding>
1429
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1430
<AttackPoints>Parameter</AttackPoints>
1431
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1432
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1433
</AttackModulePolicy>
1434
<AttackModulePolicy>
1435
<Enabled>1</Enabled>
1436
<ModuleId>B69E83831D26496BB2CC0C0D70181EC3</ModuleId>
1437
<ModulePriority>High</ModulePriority>
1438
<Severity>Low</Severity>
1439
<MaxVulnLimit>10</MaxVulnLimit>
1440
<MaxVarianceLimit>4</MaxVarianceLimit>
1441
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1442
<EnforceEncoding>0</EnforceEncoding>
1443
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1444
<AttackPoints>Response Analysis</AttackPoints>
1445
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1446
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1447
</AttackModulePolicy>
1448
<AttackModulePolicy>
1449
<Enabled>1</Enabled>
1450
<ModuleId>4DE84100F31849A7B845FE5F62D2FD7A</ModuleId>
1451
<ModulePriority>Medium</ModulePriority>
1452
<Severity>Medium</Severity>
1453
<MaxVulnLimit>10</MaxVulnLimit>
1454
<MaxVarianceLimit>2</MaxVarianceLimit>
1455
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1456
<EnforceEncoding>0</EnforceEncoding>
1457
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1458
<AttackPoints>Response Analysis</AttackPoints>
1459
<ParameterLocations>Post</ParameterLocations>
1460
<RequestOriginations>HTML|Form</RequestOriginations>
1461
</AttackModulePolicy>
1462
<AttackModulePolicy>
1463
<Enabled>1</Enabled>
1464
<ModuleId>0BE4C251F44C4CF1924104ADFD86289C</ModuleId>
1465
<ModulePriority>Low</ModulePriority>
1466
<Severity>Informational</Severity>
1467
<MaxVulnLimit>100</MaxVulnLimit>
1468
<MaxVarianceLimit>4</MaxVarianceLimit>
1469
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1470
<EnforceEncoding>0</EnforceEncoding>
1471
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1472
<AttackPoints>Web Resource</AttackPoints>
1473
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1474
<RequestOriginations>HTML|Form|Flash|Silverlight</RequestOriginations>
1475
</AttackModulePolicy>
1476
<AttackModulePolicy>
1477
<Enabled>1</Enabled>
1478
<ModuleId>74FB936F2BBA499F8D0AF3B7A29B4F9E</ModuleId>
1479
<ModulePriority>High</ModulePriority>
1480
<Severity>Low</Severity>
1481
<MaxVulnLimit>10</MaxVulnLimit>
1482
<MaxVarianceLimit>4</MaxVarianceLimit>
1483
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1484
<EnforceEncoding>0</EnforceEncoding>
1485
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1486
<AttackPoints>Web Site</AttackPoints>
1487
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1488
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1489
</AttackModulePolicy>
1490
<AttackModulePolicy>
1491
<Enabled>1</Enabled>
1492
<ModuleId>377030BFE58A4F01A112295D32A0744C</ModuleId>
1493
<ModulePriority>High</ModulePriority>
1494
<Severity>Medium</Severity>
1495
<MaxVulnLimit>250</MaxVulnLimit>
1496
<MaxVarianceLimit>4</MaxVarianceLimit>
1497
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1498
<EnforceEncoding>0</EnforceEncoding>
1499
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1500
<AttackPoints>Parameter</AttackPoints>
1501
<ParameterLocations>Post</ParameterLocations>
1502
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1503
</AttackModulePolicy>
1504
<AttackModulePolicy>
1505
<Enabled>1</Enabled>
1506
<ModuleId>8399FA8EDF5C41BC9D3CF85DC23DC26B</ModuleId>
1507
<ModulePriority>Low</ModulePriority>
1508
<Severity>Informational</Severity>
1509
<MaxVulnLimit>1</MaxVulnLimit>
1510
<MaxVarianceLimit>2</MaxVarianceLimit>
1511
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1512
<EnforceEncoding>0</EnforceEncoding>
1513
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1514
<AttackPoints>Response Analysis</AttackPoints>
1515
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1516
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1517
</AttackModulePolicy>
1518
<AttackModulePolicy>
1519
<Enabled>1</Enabled>
1520
<ModuleId>3E2E60F7D0E04D8596918C2D1F639064</ModuleId>
1521
<ModulePriority>Low</ModulePriority>
1522
<Severity>Informational</Severity>
1523
<MaxVulnLimit>20</MaxVulnLimit>
1524
<MaxVarianceLimit>2</MaxVarianceLimit>
1525
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1526
<EnforceEncoding>0</EnforceEncoding>
1527
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1528
<AttackPoints>Response Analysis</AttackPoints>
1529
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1530
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1531
</AttackModulePolicy>
1532
<AttackModulePolicy>
1533
<Enabled>1</Enabled>
1534
<ModuleId>615D72F401BC447AB4A2139654BC9945</ModuleId>
1535
<ModulePriority>Low</ModulePriority>
1536
<Severity>Informational</Severity>
1537
<MaxVulnLimit>1</MaxVulnLimit>
1538
<MaxVarianceLimit>2</MaxVarianceLimit>
1539
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1540
<EnforceEncoding>0</EnforceEncoding>
1541
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1542
<AttackPoints>Response Analysis</AttackPoints>
1543
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1544
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1545
</AttackModulePolicy>
1546
<AttackModulePolicy>
1547
<Enabled>1</Enabled>
1548
<ModuleId>ABFA075919804435A25A22A8CAC191DF</ModuleId>
1549
<ModulePriority>High</ModulePriority>
1550
<Severity>Medium</Severity>
1551
<MaxVulnLimit>100</MaxVulnLimit>
1552
<MaxVarianceLimit>4</MaxVarianceLimit>
1553
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1554
<EnforceEncoding>0</EnforceEncoding>
1555
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1556
<AttackPoints>Parameter</AttackPoints>
1557
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1558
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1559
</AttackModulePolicy>
1560
<AttackModulePolicy>
1561
<Enabled>1</Enabled>
1562
<ModuleId>BBE9F36A88A944ECB837D5193D356E4C</ModuleId>
1563
<ModulePriority>Medium</ModulePriority>
1564
<Severity>High</Severity>
1565
<MaxVulnLimit>100</MaxVulnLimit>
1566
<MaxVarianceLimit>4</MaxVarianceLimit>
1567
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1568
<EnforceEncoding>0</EnforceEncoding>
1569
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1570
<AttackPoints>Parameter</AttackPoints>
1571
<ParameterLocations>Path|Query|Post</ParameterLocations>
1572
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1573
</AttackModulePolicy>
1574
<AttackModulePolicy>
1575
<Enabled>1</Enabled>
1576
<ModuleId>6CEF426D33514825B50741616DB2120B</ModuleId>
1577
<ModulePriority>Low</ModulePriority>
1578
<Severity>Informational</Severity>
1579
<MaxVulnLimit>1</MaxVulnLimit>
1580
<MaxVarianceLimit>2</MaxVarianceLimit>
1581
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1582
<EnforceEncoding>0</EnforceEncoding>
1583
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1584
<AttackPoints>Response Analysis</AttackPoints>
1585
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1586
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1587
</AttackModulePolicy>
1588
<AttackModulePolicy>
1589
<Enabled>1</Enabled>
1590
<ModuleId>46A8FE469F6C44BFB9946C021A2BCDC8</ModuleId>
1591
<ModulePriority>High</ModulePriority>
1592
<Severity>Medium</Severity>
1593
<MaxVulnLimit>100</MaxVulnLimit>
1594
<MaxVarianceLimit>4</MaxVarianceLimit>
1595
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1596
<EnforceEncoding>0</EnforceEncoding>
1597
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1598
<AttackPoints>Response Analysis</AttackPoints>
1599
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1600
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1601
</AttackModulePolicy>
1602
<AttackModulePolicy>
1603
<Enabled>1</Enabled>
1604
<ModuleId>62AA6A08FA764E209551B4A4C479F08D</ModuleId>
1605
<ModulePriority>High</ModulePriority>
1606
<Severity>High</Severity>
1607
<MaxVulnLimit>100</MaxVulnLimit>
1608
<MaxVarianceLimit>4</MaxVarianceLimit>
1609
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1610
<EnforceEncoding>0</EnforceEncoding>
1611
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1612
<AttackPoints>Response Analysis</AttackPoints>
1613
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
1614
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1615
</AttackModulePolicy>
1616
<AttackModulePolicy>
1617
<Enabled>1</Enabled>
1618
<ModuleId>050ABD8CF99F4EE4AA18C12F06FA3051</ModuleId>
1619
<ModulePriority>High</ModulePriority>
1620
<Severity>High</Severity>
1621
<MaxVulnLimit>250</MaxVulnLimit>
1622
<MaxVarianceLimit>5</MaxVarianceLimit>
1623
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1624
<EnforceEncoding>0</EnforceEncoding>
1625
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1626
<AttackPoints>Parameter</AttackPoints>
1627
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
1628
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1629
</AttackModulePolicy>
1630
<AttackModulePolicy>
1631
<Enabled>1</Enabled>
1632
<ModuleId>ABEB2E590AA24A39BB6FE7DBD6338277</ModuleId>
1633
<ModulePriority>High</ModulePriority>
1634
<Severity>Medium</Severity>
1635
<MaxVulnLimit>250</MaxVulnLimit>
1636
<MaxVarianceLimit>5</MaxVarianceLimit>
1637
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1638
<EnforceEncoding>0</EnforceEncoding>
1639
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1640
<AttackPoints>Parameter</AttackPoints>
1641
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
1642
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
1643
</AttackModulePolicy>
1644
<AttackModulePolicy>
1645
<Enabled>1</Enabled>
1646
<ModuleId>FFBF4640C8A4475E93E099018951B409</ModuleId>
1647
<ModulePriority>Medium</ModulePriority>
1648
<Severity>Medium</Severity>
1649
<MaxVulnLimit>250</MaxVulnLimit>
1650
<MaxVarianceLimit>4</MaxVarianceLimit>
1651
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1652
<EnforceEncoding>0</EnforceEncoding>
1653
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1654
<AttackPoints>Parameter</AttackPoints>
1655
<ParameterLocations>Query|Post</ParameterLocations>
1656
<RequestOriginations>HTML|Form|AJAX</RequestOriginations>
1657
</AttackModulePolicy>
1658
</AttackModulePolicyList>
1659
</AttackPolicyConfig>
1660
<AnalyzerConfig>
1661
<Enabled>0</Enabled>
1662
<NotExistingFilePath>/aaaaaaaa.aaa</NotExistingFilePath>
1663
<NotExistingDirPath>/aaaaaaaa/</NotExistingDirPath>
1664
<AppendToOriginalValue>1</AppendToOriginalValue>
1665
<ReplaceOriginalValue>0</ReplaceOriginalValue>
1666
</AnalyzerConfig>
1667
<AuthConfig>
1668
<Type>Form</Type>
1669
<HttpAuth>0</HttpAuth>
1670
<OAuth>0</OAuth>
1671
<ReloginAfterSessionLoss>1</ReloginAfterSessionLoss>
1672
<LogoutDetection>1</LogoutDetection>
1673
<UserAssistance>0</UserAssistance>
1674
<AssumeSuccessfulLogin>0</AssumeSuccessfulLogin>
1675
<VerifyNotLoggedin>1</VerifyNotLoggedin>
1676
<PostponeLoginAction>1</PostponeLoginAction>
1677
<CreateNonAuthenticatedSession>0</CreateNonAuthenticatedSession>
1678
<TreatFailedReloginAsError>1</TreatFailedReloginAsError>
1679
<BlacklistSinglePasswordForms>0</BlacklistSinglePasswordForms>
1680
<BlacklistMultiPasswordForms>1</BlacklistMultiPasswordForms>
1681
<ResetCookies>1</ResetCookies>
1682
<AccountType>Restricted</AccountType>
1683
<UsernameForm>testuser</UsernameForm>
1684
<PasswordForm>FFB1F95E08EC846832FF2E6E141C380A0AA6FF163AB2F1B37417FAFF3BFAF4E0A317599CFF75D5D6AE606D1756FF699080340887AC3E00FEFDEEFF200F320F0407FA298A3C</PasswordForm>
1685
<UsernameHttp />
1686
<PasswordHttp />
1687
<AutoLogonSecurity>Medium</AutoLogonSecurity>
1688
<LoginLinkRegex>((log|sign)[ -]?(in|on))|auth</LoginLinkRegex>
1689
<LoggedInRegex>(sign|log)[ -]?(out|off)</LoggedInRegex>
1690
<LoggedInHeaderRegex></LoggedInHeaderRegex>
1691
<SessionLossRegex>please (re)?login|have been logged out|session has expired</SessionLossRegex>
1692
<SessionLossHeaderRegex>Location: [^\\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\\b</SessionLossHeaderRegex>
1693
<LogoutLinkRegex>(sign|log|time)[ -]?(in|on|out|off)|password</LogoutLinkRegex>
1694
<LogoutPostBodyRegex>(sign|log|time)[ -]?(in|on|out|off)</LogoutPostBodyRegex>
1695
<CanaryPage></CanaryPage>
1696
<SessionLossOnCanaryPageRegex></SessionLossOnCanaryPageRegex>
1697
<FormSubmissionScript></FormSubmissionScript>
1698
<SessionCookieRegex>\\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\\b</SessionCookieRegex>
1699
<SessionCookieLifespan>32</SessionCookieLifespan>
1700
<URLSessionTokenRegex></URLSessionTokenRegex>
1701
<PostSessionTokenRegex></PostSessionTokenRegex>
1702
<LogoutDetectionFrequency>60</LogoutDetectionFrequency>
1703
<DiscoveryMaxLinks>100</DiscoveryMaxLinks>
1704
<LoginMaxLinks>50</LoginMaxLinks>
1705
<DiscoveryDepth>10</DiscoveryDepth>
1706
<LoginDepth>10</LoginDepth>
1707
<MaxMacroReloginAttempts>3</MaxMacroReloginAttempts>
1708
<DiscoveryPrioritization>Login Form Discovery</DiscoveryPrioritization>
1709
<LoginPrioritization>Login</LoginPrioritization>
1710
<BootstrapDelay>60000</BootstrapDelay>
1711
<SeedLink></SeedLink>
1712
<DiscoverLoginForm>1</DiscoverLoginForm>
1713
<UseBrowserFormLogin>1</UseBrowserFormLogin>
1714
<ScopeConstraintList />
1715
<HmacConfig>
1716
<HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
1717
<HMACUsername></HMACUsername>
1718
<HMACApiKey></HMACApiKey>
1719
<HMACHashAlgorithm>32780</HMACHashAlgorithm>
1720
</HmacConfig>
1721
<OauthConfig>
1722
<ResourceServerURL></ResourceServerURL>
1723
<AuthorizationServerURL>/authorize</AuthorizationServerURL>
1724
<ClientId></ClientId>
1725
<ClientScope></ClientScope>
1726
<ClientState></ClientState>
1727
<ClientSecret></ClientSecret>
1728
<RedirectURI></RedirectURI>
1729
<Username></Username>
1730
<Password></Password>
1731
<ExtensionGrant></ExtensionGrant>
1732
<AuthorizationGrantType>Null</AuthorizationGrantType>
1733
</OauthConfig>
1734
<MacroFile>
1735
<MacroFileName></MacroFileName>
1736
<ShowInBrowser>0</ShowInBrowser>
1737
<ReplaySpeed>1</ReplaySpeed>
1738
<ASAPMode>1</ASAPMode>
1739
<ASAPModeMinDelay>3000</ASAPModeMinDelay>
1740
<ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro>
1741
<AttackAsSequence>0</AttackAsSequence>
1742
<SequenceConfig>
1743
<ResetSession>1</ResetSession>
1744
<AutoSequenceConfig>1</AutoSequenceConfig>
1745
<ManualSequenceConfig>
1746
<SequenceRequestList />
1747
</ManualSequenceConfig>
1748
</SequenceConfig>
1749
</MacroFile>
1750
<WebServiceAuthConfig>
1751
<Enabled>0</Enabled>
1752
<AuthWSDL></AuthWSDL>
1753
<AuthWebMethod></AuthWebMethod>
1754
<GetAuthTokenXPath></GetAuthTokenXPath>
1755
<PutAuthTokenXPath></PutAuthTokenXPath>
1756
<ExtractAuthToken>1</ExtractAuthToken>
1757
<WebServiceParameterList />
1758
</WebServiceAuthConfig>
1759
<SeleniumFile>
1760
<SeleniumFileName></SeleniumFileName>
1761
</SeleniumFile>
1762
<TrafficFile>
1763
<TrafficFileName></TrafficFileName>
1764
<TrafficFilePassword></TrafficFilePassword>
1765
<AttackAsSequence>0</AttackAsSequence>
1766
<BeginAttackRequest>0</BeginAttackRequest>
1767
<EndAttackRequest>-1</EndAttackRequest>
1768
</TrafficFile>
1769
<BrowserFormLoginConfig>
1770
<ShowInBrowser>0</ShowInBrowser>
1771
<InitialNavigateEventDuration>10000</InitialNavigateEventDuration>
1772
<FinalDelayEventDuration>20000</FinalDelayEventDuration>
1773
</BrowserFormLoginConfig>
1774
</AuthConfig>
1775
<ProxyConfig>
1776
<Type>Internet Explorer Settings</Type>
1777
<HttpHost></HttpHost>
1778
<HttpPort>0</HttpPort>
1779
<HttpsHost></HttpsHost>
1780
<HttpsPort>0</HttpsPort>
1781
<PACFile></PACFile>
1782
<Username />
1783
<Password />
1784
</ProxyConfig>
1785
<RemediationConfig>
1786
<DollarsPerHourAppDev>250</DollarsPerHourAppDev>
1787
<DollarsPerHourServerAdmin>250</DollarsPerHourServerAdmin>
1788
<DollarsPerHourDatabaseAdmin>250</DollarsPerHourDatabaseAdmin>
1789
<SetupHoursAppDev>8</SetupHoursAppDev>
1790
<SetupHoursServerAdmin>2</SetupHoursServerAdmin>
1791
<SetupHoursDatabaseAdmin>8</SetupHoursDatabaseAdmin>
1792
<MinHoursPerIssueAppDev>0.75</MinHoursPerIssueAppDev>
1793
<MaxHoursPerIssueAppDev>1.25</MaxHoursPerIssueAppDev>
1794
<MinHoursPerIssueServerAdmin>0.25</MinHoursPerIssueServerAdmin>
1795
<MaxHoursPerIssueServerAdmin>1</MaxHoursPerIssueServerAdmin>
1796
<MinHoursPerIssueDatabaseAdmin>0.75</MinHoursPerIssueDatabaseAdmin>
1797
<MaxHoursPerIssueDatabaseAdmin>1.25</MaxHoursPerIssueDatabaseAdmin>
1798
</RemediationConfig>
1799
<SSLCertConfig>
1800
<Type>NoCert</Type>
1801
<File></File>
1802
<Password></Password>
1803
<Name></Name>
1804
<SerialNumber></SerialNumber>
1805
<IssuerNameBase64></IssuerNameBase64>
1806
<Pin></Pin>
1807
<RequestPinAtStartup>0</RequestPinAtStartup>
1808
<SetPinInterval>180</SetPinInterval>
1809
</SSLCertConfig>
1810
<NetworkSettingsConfig>
1811
<CloseConnection>0</CloseConnection>
1812
<MaxRetries>2</MaxRetries>
1813
<MaxResponseSize>7000000</MaxResponseSize>
1814
<ResolveTimeout>30000</ResolveTimeout>
1815
<ConnectTimeout>30000</ConnectTimeout>
1816
<WriteTimeout>30000</WriteTimeout>
1817
<ReadTimeout>30000</ReadTimeout>
1818
<AssumeDisconnectedTimeout>7200000</AssumeDisconnectedTimeout>
1819
<DripDelayMilliSeconds>25</DripDelayMilliSeconds>
1820
<MaxConsecutiveFailures>500</MaxConsecutiveFailures>
1821
<CustomNetworkLib>0</CustomNetworkLib>
1822
<SecureProtocols>SSL3|TLS1</SecureProtocols>
1823
<NameToIPMapList />
1824
</NetworkSettingsConfig>
1825
<PerformanceConfig>
1826
<MaxConcurrentRequests>16</MaxConcurrentRequests>
1827
<MaxBandwidthKB>1200</MaxBandwidthKB>
1828
<MaxBrowserLimit>10</MaxBrowserLimit>
1829
<MaxBrowserReuseCount>100</MaxBrowserReuseCount>
1830
<MaxBrowserMemorySize>209715200</MaxBrowserMemorySize>
1831
<MaxCPUUsage>80</MaxCPUUsage>
1832
<MemoryCeiling>3400</MemoryCeiling>
1833
<AntiDoS>0</AntiDoS>
1834
<MonitorPerformanceUsage>1</MonitorPerformanceUsage>
1835
<SingleThreadedScan>0</SingleThreadedScan>
1836
<MinFreeDiskSpace>524288000</MinFreeDiskSpace>
1837
<MaxMemoryUsagePercent>70</MaxMemoryUsagePercent>
1838
<MaxThreadCount>400</MaxThreadCount>
1839
<MaxBrowserProcessLifetime>240000</MaxBrowserProcessLifetime>
1840
</PerformanceConfig>
1841
<SystemRecommendationsConfig>
1842
<Enabled>1</Enabled>
1843
<MinLogicalProcessors>2</MinLogicalProcessors>
1844
<MinTotalPhysicalMemoryFor64Bit>4187593113</MinTotalPhysicalMemoryFor64Bit>
1845
<MinAvailablePhysicalMemoryFor64Bit>2147483648</MinAvailablePhysicalMemoryFor64Bit>
1846
<MinTotalPhysicalMemoryFor32Bit>2147483648</MinTotalPhysicalMemoryFor32Bit>
1847
<MinAvailablePhysicalMemoryFor32Bit>1073741824</MinAvailablePhysicalMemoryFor32Bit>
1848
<MinFreeDiskSpace>10737418240</MinFreeDiskSpace>
1849
</SystemRecommendationsConfig>
1850
<HTTPHeadersConfig>
1851
<HttpProtocol>HTTP/1.1</HttpProtocol>
1852
<Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept>
1853
<AcceptCharset>*</AcceptCharset>
1854
<AcceptEncoding>gzip, deflate</AcceptEncoding>
1855
<AcceptLanguage>en-US</AcceptLanguage>
1856
<Cookie></Cookie>
1857
<UserAgent>Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko</UserAgent>
1858
<OverwriteWithDefaultHeaders>0</OverwriteWithDefaultHeaders>
1859
<CustomHeadersList />
1860
</HTTPHeadersConfig>
1861
<ManualCrawlingConfig>
1862
<TrafficFileList />
1863
</ManualCrawlingConfig>
1864
<ParameterTrainingConfig>
1865
<FormPopulation>Smart</FormPopulation>
1866
<TrainingParameterList>
1867
<TrainingParameter>
1868
<PatternName>Username</PatternName>
1869
<Types>text,textarea</Types>
1870
<Language>en</Language>
1871
<Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match>
1872
<Value>%RANDALPHANUM%</Value>
1873
<ValueMatch></ValueMatch>
1874
<MatchCriteria>Regex</MatchCriteria>
1875
</TrainingParameter>
1876
<TrainingParameter>
1877
<PatternName>Password</PatternName>
1878
<Types>password</Types>
1879
<Language>en</Language>
1880
<Match>password|passwd|pw|pwd</Match>
1881
<Value>%RANDALPHANUM%$</Value>
1882
<ValueMatch></ValueMatch>
1883
<MatchCriteria>Regex</MatchCriteria>
1884
</TrainingParameter>
1885
<TrainingParameter>
1886
<PatternName>Social Security Number</PatternName>
1887
<Types>text,textarea,password</Types>
1888
<Language>en</Language>
1889
<Match>SSN|social|security</Match>
1890
<Value>987-65-4320</Value>
1891
<ValueMatch></ValueMatch>
1892
<MatchCriteria>Regex</MatchCriteria>
1893
</TrainingParameter>
1894
<TrainingParameter>
1895
<PatternName>Address</PatternName>
1896
<Types>text,textarea</Types>
1897
<Language>en</Language>
1898
<Match>income</Match>
1899
<Value>100000</Value>
1900
<ValueMatch></ValueMatch>
1901
<MatchCriteria>Regex</MatchCriteria>
1902
</TrainingParameter>
1903
<TrainingParameter>
1904
<PatternName>Address</PatternName>
1905
<Types>text,textarea</Types>
1906
<Language>en</Language>
1907
<Match>address|street</Match>
1908
<Value>600 Fairy Land Drive</Value>
1909
<ValueMatch></ValueMatch>
1910
<MatchCriteria>Regex</MatchCriteria>
1911
</TrainingParameter>
1912
<TrainingParameter>
1913
<PatternName>Apartment number</PatternName>
1914
<Types>text,textarea</Types>
1915
<Language>en</Language>
1916
<Match>address|apartment|house</Match>
1917
<Value>123</Value>
1918
<ValueMatch></ValueMatch>
1919
<MatchCriteria>Regex</MatchCriteria>
1920
</TrainingParameter>
1921
<TrainingParameter>
1922
<PatternName>First name</PatternName>
1923
<Types>text,textarea</Types>
1924
<Language>en</Language>
1925
<Match>name</Match>
1926
<Value>John</Value>
1927
<ValueMatch></ValueMatch>
1928
<MatchCriteria>Regex</MatchCriteria>
1929
</TrainingParameter>
1930
<TrainingParameter>
1931
<PatternName>Last name</PatternName>
1932
<Types>text,textarea</Types>
1933
<Language>en</Language>
1934
<Match>last[:space:]*name|surname</Match>
1935
<Value>Johnson</Value>
1936
<ValueMatch></ValueMatch>
1937
<MatchCriteria>Regex</MatchCriteria>
1938
</TrainingParameter>
1939
<TrainingParameter>
1940
<PatternName>Full name</PatternName>
1941
<Types>text,textarea</Types>
1942
<Language>en</Language>
1943
<Match>(your|full)[:space:]+name|name</Match>
1944
<Value>John Johnson</Value>
1945
<ValueMatch></ValueMatch>
1946
<MatchCriteria>Regex</MatchCriteria>
1947
</TrainingParameter>
1948
<TrainingParameter>
1949
<PatternName>User Signature</PatternName>
1950
<Types>text,textarea</Types>
1951
<Language>en</Language>
1952
<Match>signature</Match>
1953
<Value>John Johnson</Value>
1954
<ValueMatch></ValueMatch>
1955
<MatchCriteria>Regex</MatchCriteria>
1956
</TrainingParameter>
1957
<TrainingParameter>
1958
<PatternName>Middle name</PatternName>
1959
<Types>text,textarea</Types>
1960
<Language>en</Language>
1961
<Match>middle[:space:]+name</Match>
1962
<Value>L</Value>
1963
<ValueMatch></ValueMatch>
1964
<MatchCriteria>Regex</MatchCriteria>
1965
</TrainingParameter>
1966
<TrainingParameter>
1967
<PatternName>City</PatternName>
1968
<Types>text,textarea</Types>
1969
<Language>en</Language>
1970
<Match>city|town</Match>
1971
<Value>Costa Mesa</Value>
1972
<ValueMatch></ValueMatch>
1973
<MatchCriteria>Regex</MatchCriteria>
1974
</TrainingParameter>
1975
<TrainingParameter>
1976
<PatternName>County</PatternName>
1977
<Types>text,textarea</Types>
1978
<Language>en</Language>
1979
<Match>county</Match>
1980
<Value>Orange</Value>
1981
<ValueMatch></ValueMatch>
1982
<MatchCriteria>Regex</MatchCriteria>
1983
</TrainingParameter>
1984
<TrainingParameter>
1985
<PatternName>State</PatternName>
1986
<Types>text,textarea</Types>
1987
<Language>en</Language>
1988
<Match>state</Match>
1989
<Value>CA</Value>
1990
<ValueMatch></ValueMatch>
1991
<MatchCriteria>Regex</MatchCriteria>
1992
</TrainingParameter>
1993
<TrainingParameter>
1994
<PatternName>Zip code</PatternName>
1995
<Types>text,textarea</Types>
1996
<Language>en</Language>
1997
<Match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</Match>
1998
<Value>92626</Value>
1999
<ValueMatch></ValueMatch>
2000
<MatchCriteria>Regex</MatchCriteria>
2001
</TrainingParameter>
2002
<TrainingParameter>
2003
<PatternName>Country</PatternName>
2004
<Types>text,textarea</Types>
2005
<Language>en</Language>
2006
<Match>united[:space:]*states|country</Match>
2007
<Value>US</Value>
2008
<ValueMatch>us</ValueMatch>
2009
<MatchCriteria>Regex</MatchCriteria>
2010
</TrainingParameter>
2011
<TrainingParameter>
2012
<PatternName>Phone number</PatternName>
2013
<Types>text,textarea</Types>
2014
<Language>en</Language>
2015
<Match>tele[:space:]*phone|fax|phone</Match>
2016
<Value>123-456-7890</Value>
2017
<ValueMatch></ValueMatch>
2018
<MatchCriteria>Regex</MatchCriteria>
2019
</TrainingParameter>
2020
<TrainingParameter>
2021
<PatternName>Phone area code</PatternName>
2022
<Types>text,textarea</Types>
2023
<Language>en</Language>
2024
<Match>area[:space:]+code</Match>
2025
<Value>123</Value>
2026
<ValueMatch></ValueMatch>
2027
<MatchCriteria>Regex</MatchCriteria>
2028
</TrainingParameter>
2029
<TrainingParameter>
2030
<PatternName>Company name</PatternName>
2031
<Types>text,textarea</Types>
2032
<Language>en</Language>
2033
<Match>company|employer|organization</Match>
2034
<Value>Example</Value>
2035
<ValueMatch></ValueMatch>
2036
<MatchCriteria>Regex</MatchCriteria>
2037
</TrainingParameter>
2038
<TrainingParameter>
2039
<PatternName>Email</PatternName>
2040
<Types>text,textarea</Types>
2041
<Language>en</Language>
2042
<Match>e-?mail</Match>
2043
<Value>a%RANDALPHANUM%@example.com</Value>
2044
<ValueMatch></ValueMatch>
2045
<MatchCriteria>Regex</MatchCriteria>
2046
</TrainingParameter>
2047
<TrainingParameter>
2048
<PatternName>Birthday</PatternName>
2049
<Types>text,textarea</Types>
2050
<Language>en</Language>
2051
<Match>birth[:space:]day|birth</Match>
2052
<Value>12/25/1975</Value>
2053
<ValueMatch></ValueMatch>
2054
<MatchCriteria>Regex</MatchCriteria>
2055
</TrainingParameter>
2056
<TrainingParameter>
2057
<PatternName>Day</PatternName>
2058
<Types>text,textarea,select</Types>
2059
<Language>en</Language>
2060
<Match>dd|day</Match>
2061
<Value>25</Value>
2062
<ValueMatch>25</ValueMatch>
2063
<MatchCriteria>Regex</MatchCriteria>
2064
</TrainingParameter>
2065
<TrainingParameter>
2066
<PatternName>Month</PatternName>
2067
<Types>text,textarea,select</Types>
2068
<Language>en</Language>
2069
<Match>mm|month</Match>
2070
<Value>12</Value>
2071
<ValueMatch>12|dec|d</ValueMatch>
2072
<MatchCriteria>Regex</MatchCriteria>
2073
</TrainingParameter>
2074
<TrainingParameter>
2075
<PatternName>FutureYear</PatternName>
2076
<Types>text,textarea,select</Types>
2077
<Language>en</Language>
2078
<Match>2015|2016|2017</Match>
2079
<Value>2016</Value>
2080
<ValueMatch>2015|2016|2017</ValueMatch>
2081
<MatchCriteria>Regex</MatchCriteria>
2082
</TrainingParameter>
2083
<TrainingParameter>
2084
<PatternName>BirthYear</PatternName>
2085
<Types>text,textarea,select</Types>
2086
<Language>en</Language>
2087
<Match>yyyy|year|1975|1970|1960|1950</Match>
2088
<Value></Value>
2089
<ValueMatch>1975|1970|1960|1950</ValueMatch>
2090
<MatchCriteria>Regex</MatchCriteria>
2091
</TrainingParameter>
2092
<TrainingParameter>
2093
<PatternName>Past Date mm/dd/yyyy</PatternName>
2094
<Types>text,textarea</Types>
2095
<Language>en</Language>
2096
<Match>(start|from)[\\s-_]*date</Match>
2097
<Value>02/02/2003</Value>
2098
<ValueMatch></ValueMatch>
2099
<MatchCriteria>Regex</MatchCriteria>
2100
</TrainingParameter>
2101
<TrainingParameter>
2102
<PatternName>Future Date mm/dd/yy</PatternName>
2103
<Types>text,textarea</Types>
2104
<Language>en</Language>
2105
<Match>mm/dd/yy</Match>
2106
<Value>02/02/15</Value>
2107
<ValueMatch></ValueMatch>
2108
<MatchCriteria>Regex</MatchCriteria>
2109
</TrainingParameter>
2110
<TrainingParameter>
2111
<PatternName>Future Date mm/dd/yyyy</PatternName>
2112
<Types>text,textarea</Types>
2113
<Language>en</Language>
2114
<Match>mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[\\s-_]*date</Match>
2115
<Value>02/02/2015</Value>
2116
<ValueMatch></ValueMatch>
2117
<MatchCriteria>Regex</MatchCriteria>
2118
</TrainingParameter>
2119
<TrainingParameter>
2120
<PatternName>Old password</PatternName>
2121
<Types>password</Types>
2122
<Language>en</Language>
2123
<Match>old[:space:]+password</Match>
2124
<Value>%RANDALPHANUM%1'</Value>
2125
<ValueMatch></ValueMatch>
2126
<MatchCriteria>Regex</MatchCriteria>
2127
</TrainingParameter>
2128
<TrainingParameter>
2129
<PatternName>Accept terms</PatternName>
2130
<Types>checkbox,radio</Types>
2131
<Language>en</Language>
2132
<Match>
2133
<![CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]>
2134
</Match>
2135
<Value></Value>
2136
<ValueMatch>yes|1|on</ValueMatch>
2137
<MatchCriteria>Regex</MatchCriteria>
2138
</TrainingParameter>
2139
<TrainingParameter>
2140
<PatternName>Save login</PatternName>
2141
<Types>checkbox,radio,select</Types>
2142
<Language>en</Language>
2143
<Match>save|remember</Match>
2144
<Value></Value>
2145
<ValueMatch>yes|1|on</ValueMatch>
2146
<MatchCriteria>Regex</MatchCriteria>
2147
</TrainingParameter>
2148
<TrainingParameter>
2149
<PatternName>Remove item</PatternName>
2150
<Types>checkbox,radio</Types>
2151
<Language>en</Language>
2152
<Match>remove|delete</Match>
2153
<Value></Value>
2154
<ValueMatch></ValueMatch>
2155
<MatchCriteria>Regex</MatchCriteria>
2156
</TrainingParameter>
2157
<TrainingParameter>
2158
<PatternName>Search</PatternName>
2159
<Types>text,textarea</Types>
2160
<Language>en</Language>
2161
<Match>keyword|search|query</Match>
2162
<Value>water</Value>
2163
<ValueMatch></ValueMatch>
2164
<MatchCriteria>Regex</MatchCriteria>
2165
</TrainingParameter>
2166
<TrainingParameter>
2167
<PatternName>Quantity</PatternName>
2168
<Types>text,textarea,select</Types>
2169
<Language>en</Language>
2170
<Match>quantity|amount|number|qty|num</Match>
2171
<Value>3</Value>
2172
<ValueMatch></ValueMatch>
2173
<MatchCriteria>Regex</MatchCriteria>
2174
</TrainingParameter>
2175
<TrainingParameter>
2176
<PatternName>Number</PatternName>
2177
<Types>text,textarea</Types>
2178
<Language>en</Language>
2179
<Match>number|count|nmr|cnt|rate|decimal|digit</Match>
2180
<Value>21</Value>
2181
<ValueMatch></ValueMatch>
2182
<MatchCriteria>Regex</MatchCriteria>
2183
</TrainingParameter>
2184
<TrainingParameter>
2185
<PatternName>Account Number</PatternName>
2186
<Types>text,textarea,select,radio,checkbox</Types>
2187
<Language>en</Language>
2188
<Match>account</Match>
2189
<Value>20</Value>
2190
<ValueMatch></ValueMatch>
2191
<MatchCriteria>Regex</MatchCriteria>
2192
</TrainingParameter>
2193
<TrainingParameter>
2194
<PatternName>Shipping method</PatternName>
2195
<Types>select,radio,checkbox</Types>
2196
<Language>en</Language>
2197
<Match>shipping|fedex|standard|ups</Match>
2198
<Value></Value>
2199
<ValueMatch>fedex|standard|ups</ValueMatch>
2200
<MatchCriteria>Regex</MatchCriteria>
2201
</TrainingParameter>
2202
<TrainingParameter>
2203
<PatternName>Gift</PatternName>
2204
<Types>checkbox</Types>
2205
<Language>en</Language>
2206
<Match>gift</Match>
2207
<Value></Value>
2208
<ValueMatch>yes|1|on</ValueMatch>
2209
<MatchCriteria>Regex</MatchCriteria>
2210
</TrainingParameter>
2211
<TrainingParameter>
2212
<PatternName>Credit card number</PatternName>
2213
<Types>text,textarea,password</Types>
2214
<Language>en</Language>
2215
<Match>credit[:space:]*card|card[:space:]*number</Match>
2216
<Value>5105105105105100</Value>
2217
<ValueMatch></ValueMatch>
2218
<MatchCriteria>Regex</MatchCriteria>
2219
</TrainingParameter>
2220
<TrainingParameter>
2221
<PatternName>Credit card type</PatternName>
2222
<Types>select,checkbox,radio</Types>
2223
<Language>en</Language>
2224
<Match>master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex</Match>
2225
<Value></Value>
2226
<ValueMatch></ValueMatch>
2227
<MatchCriteria>Regex</MatchCriteria>
2228
</TrainingParameter>
2229
<TrainingParameter>
2230
<PatternName>Credit card security code</PatternName>
2231
<Types>text,textarea,password</Types>
2232
<Language>en</Language>
2233
<Match>security[:space:]*code|verification[:space:]*number</Match>
2234
<Value>123</Value>
2235
<ValueMatch></ValueMatch>
2236
<MatchCriteria>Regex</MatchCriteria>
2237
</TrainingParameter>
2238
<TrainingParameter>
2239
<PatternName>PIN</PatternName>
2240
<Types>text,textarea,password</Types>
2241
<Language>en</Language>
2242
<Match>PIN</Match>
2243
<Value>1234</Value>
2244
<ValueMatch></ValueMatch>
2245
<MatchCriteria>Regex</MatchCriteria>
2246
</TrainingParameter>
2247
<TrainingParameter>
2248
<PatternName>CAPTCHA</PatternName>
2249
<Types>text,textarea</Types>
2250
<Language>en</Language>
2251
<Match>code[:space:]*shown|captcha</Match>
2252
<Value>%RANDALPHANUM%</Value>
2253
<ValueMatch></ValueMatch>
2254
<MatchCriteria>Regex</MatchCriteria>
2255
</TrainingParameter>
2256
<TrainingParameter>
2257
<PatternName>Size</PatternName>
2258
<Types>select</Types>
2259
<Language>en</Language>
2260
<Match>size|xxl</Match>
2261
<Value></Value>
2262
<ValueMatch>(\\b(m|s|42)\\b</ValueMatch>
2263
<MatchCriteria>Regex</MatchCriteria>
2264
</TrainingParameter>
2265
<TrainingParameter>
2266
<PatternName>Color</PatternName>
2267
<Types>select</Types>
2268
<Language>en</Language>
2269
<Match>\\b(color|red|black)\\b</Match>
2270
<Value>Blue</Value>
2271
<ValueMatch>\\b(blue|red|black)\\b</ValueMatch>
2272
<MatchCriteria>Regex</MatchCriteria>
2273
</TrainingParameter>
2274
<TrainingParameter>
2275
<PatternName>Price</PatternName>
2276
<Types>text,textare</Types>
2277
<Language>en</Language>
2278
<Match>price</Match>
2279
<Value>20</Value>
2280
<ValueMatch></ValueMatch>
2281
<MatchCriteria>Regex</MatchCriteria>
2282
</TrainingParameter>
2283
<TrainingParameter>
2284
<PatternName>Attention</PatternName>
2285
<Types>text,textare</Types>
2286
<Language>en</Language>
2287
<Match>attention</Match>
2288
<Value>John</Value>
2289
<ValueMatch></ValueMatch>
2290
<MatchCriteria>Regex</MatchCriteria>
2291
</TrainingParameter>
2292
<TrainingParameter>
2293
<PatternName>Gender</PatternName>
2294
<Types>select,radio</Types>
2295
<Language>en</Language>
2296
<Match>gender|male|female</Match>
2297
<Value>male</Value>
2298
<ValueMatch>\\b(male|m|f)\\b</ValueMatch>
2299
<MatchCriteria>Regex</MatchCriteria>
2300
</TrainingParameter>
2301
<TrainingParameter>
2302
<PatternName>Legal age</PatternName>
2303
<Types>checkbox,radio</Types>
2304
<Language>en</Language>
2305
<Match>legal|\\d\\d[:space:]*years[:space:]*old</Match>
2306
<Value>yes</Value>
2307
<ValueMatch>\\b(on|1|yes)\\b</ValueMatch>
2308
<MatchCriteria>Regex</MatchCriteria>
2309
</TrainingParameter>
2310
<TrainingParameter>
2311
<PatternName>Coupon code</PatternName>
2312
<Types>text,textarea</Types>
2313
<Language>en</Language>
2314
<Match>promotion|coupon</Match>
2315
<Value>%RANDALPHANUM%</Value>
2316
<ValueMatch></ValueMatch>
2317
<MatchCriteria>Regex</MatchCriteria>
2318
</TrainingParameter>
2319
<TrainingParameter>
2320
<PatternName>Send message</PatternName>
2321
<Types>text,textarea</Types>
2322
<Language>en</Language>
2323
<Match>message|comment|complain|enquiry|review</Match>
2324
<Value>comment</Value>
2325
<ValueMatch></ValueMatch>
2326
<MatchCriteria>Regex</MatchCriteria>
2327
</TrainingParameter>
2328
<TrainingParameter>
2329
<PatternName>Existing user</PatternName>
2330
<Types>checkbox,radio</Types>
2331
<Language>en</Language>
2332
<Match>returning|existing|customer</Match>
2333
<Value></Value>
2334
<ValueMatch>\\b(on|1|yes)\\b</ValueMatch>
2335
<MatchCriteria>Regex</MatchCriteria>
2336
</TrainingParameter>
2337
<TrainingParameter>
2338
<PatternName>Age</PatternName>
2339
<Types>text,textarea</Types>
2340
<Language>en</Language>
2341
<Match>age|under|over</Match>
2342
<Value>40</Value>
2343
<ValueMatch></ValueMatch>
2344
<MatchCriteria>Regex</MatchCriteria>
2345
</TrainingParameter>
2346
<TrainingParameter>
2347
<PatternName>Passphrase Hint</PatternName>
2348
<Types>text,textarea</Types>
2349
<Language>en</Language>
2350
<Match>What make|pet's name|your father|high school|friend</Match>
2351
<Value>What make was your first car?</Value>
2352
<ValueMatch></ValueMatch>
2353
<MatchCriteria>Regex</MatchCriteria>
2354
</TrainingParameter>
2355
<TrainingParameter>
2356
<PatternName>Passphrase Hint Answer</PatternName>
2357
<Types>text,textarea</Types>
2358
<Language>en</Language>
2359
<Match>Answer</Match>
2360
<Value>Ford</Value>
2361
<ValueMatch></ValueMatch>
2362
<MatchCriteria>Regex</MatchCriteria>
2363
</TrainingParameter>
2364
<TrainingParameter>
2365
<PatternName>Doctor name</PatternName>
2366
<Types>text,textarea</Types>
2367
<Language>en</Language>
2368
<Match>doctor</Match>
2369
<Value>John Johnson</Value>
2370
<ValueMatch></ValueMatch>
2371
<MatchCriteria>Regex</MatchCriteria>
2372
</TrainingParameter>
2373
<TrainingParameter>
2374
<PatternName>Website</PatternName>
2375
<Types>text,textarea</Types>
2376
<Language>en</Language>
2377
<Match>website</Match>
2378
<Value>www.example.com</Value>
2379
<ValueMatch></ValueMatch>
2380
<MatchCriteria>Regex</MatchCriteria>
2381
</TrainingParameter>
2382
<TrainingParameter>
2383
<PatternName>Address</PatternName>
2384
<Types>text,textarea</Types>
2385
<Language>de</Language>
2386
<Match>adresse|strasse</Match>
2387
<Value>600 Fairy Land Drive</Value>
2388
<ValueMatch></ValueMatch>
2389
<MatchCriteria>Regex</MatchCriteria>
2390
</TrainingParameter>
2391
<TrainingParameter>
2392
<PatternName>Apartment number</PatternName>
2393
<Types>text,textarea</Types>
2394
<Language>de</Language>
2395
<Match>adresse|wohnung|haus</Match>
2396
<Value>123</Value>
2397
<ValueMatch></ValueMatch>
2398
<MatchCriteria>Regex</MatchCriteria>
2399
</TrainingParameter>
2400
<TrainingParameter>
2401
<PatternName>First name</PatternName>
2402
<Types>text,textarea</Types>
2403
<Language>de</Language>
2404
<Match>name</Match>
2405
<Value>John</Value>
2406
<ValueMatch></ValueMatch>
2407
<MatchCriteria>Regex</MatchCriteria>
2408
</TrainingParameter>
2409
<TrainingParameter>
2410
<PatternName>Last name</PatternName>
2411
<Types>text,textarea</Types>
2412
<Language>de</Language>
2413
<Match>vorname|name</Match>
2414
<Value>Johnson</Value>
2415
<ValueMatch></ValueMatch>
2416
<MatchCriteria>Regex</MatchCriteria>
2417
</TrainingParameter>
2418
<TrainingParameter>
2419
<PatternName>Full name</PatternName>
2420
<Types>text,textarea</Types>
2421
<Language>de</Language>
2422
<Match>ihren namen|name</Match>
2423
<Value>John Johnson</Value>
2424
<ValueMatch></ValueMatch>
2425
<MatchCriteria>Regex</MatchCriteria>
2426
</TrainingParameter>
2427
<TrainingParameter>
2428
<PatternName>User Signature</PatternName>
2429
<Types>text,textarea</Types>
2430
<Language>de</Language>
2431
<Match>unterschrift</Match>
2432
<Value>John Johnson</Value>
2433
<ValueMatch></ValueMatch>
2434
<MatchCriteria>Regex</MatchCriteria>
2435
</TrainingParameter>
2436
<TrainingParameter>
2437
<PatternName>City</PatternName>
2438
<Types>text,textarea</Types>
2439
<Language>de</Language>
2440
<Match>stadt|stadt</Match>
2441
<Value>Berlin</Value>
2442
<ValueMatch></ValueMatch>
2443
<MatchCriteria>Regex</MatchCriteria>
2444
</TrainingParameter>
2445
<TrainingParameter>
2446
<PatternName>Regierungsbezirke</PatternName>
2447
<Types>text,textarea</Types>
2448
<Language>de</Language>
2449
<Match>regierungsbezirke</Match>
2450
<Value>Berlin</Value>
2451
<ValueMatch></ValueMatch>
2452
<MatchCriteria>Regex</MatchCriteria>
2453
</TrainingParameter>
2454
<TrainingParameter>
2455
<PatternName>Zip code</PatternName>
2456
<Types>text,textarea</Types>
2457
<Language>de</Language>
2458
<Match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</Match>
2459
<Value>10115</Value>
2460
<ValueMatch></ValueMatch>
2461
<MatchCriteria>Regex</MatchCriteria>
2462
</TrainingParameter>
2463
<TrainingParameter>
2464
<PatternName>Country</PatternName>
2465
<Types>text,textarea</Types>
2466
<Language>de</Language>
2467
<Match>\\b(deutschland|land)\\b</Match>
2468
<Value>DE</Value>
2469
<ValueMatch>\\bDE\\b</ValueMatch>
2470
<MatchCriteria>Regex</MatchCriteria>
2471
</TrainingParameter>
2472
<TrainingParameter>
2473
<PatternName>Phone number</PatternName>
2474
<Types>text,textarea</Types>
2475
<Language>de</Language>
2476
<Match>telefon|telefon|fax</Match>
2477
<Value>(1234) 567890</Value>
2478
<ValueMatch></ValueMatch>
2479
<MatchCriteria>Regex</MatchCriteria>
2480
</TrainingParameter>
2481
<TrainingParameter>
2482
<PatternName>Phone area code</PatternName>
2483
<Types>text,textarea</Types>
2484
<Language>de</Language>
2485
<Match>vorwahl</Match>
2486
<Value>123</Value>
2487
<ValueMatch></ValueMatch>
2488
<MatchCriteria>Regex</MatchCriteria>
2489
</TrainingParameter>
2490
<TrainingParameter>
2491
<PatternName>Company name</PatternName>
2492
<Types>text,textarea</Types>
2493
<Language>de</Language>
2494
<Match>unternehmen|arbeitgeber|organisation</Match>
2495
<Value>Example</Value>
2496
<ValueMatch></ValueMatch>
2497
<MatchCriteria>Regex</MatchCriteria>
2498
</TrainingParameter>
2499
<TrainingParameter>
2500
<PatternName>Email</PatternName>
2501
<Types>text,textarea</Types>
2502
<Language>de</Language>
2503
<Match>E-Mailadresse|email|E-Mail</Match>
2504
<Value>a%RANDALPHANUM%@example.com</Value>
2505
<ValueMatch></ValueMatch>
2506
<MatchCriteria>Regex</MatchCriteria>
2507
</TrainingParameter>
2508
<TrainingParameter>
2509
<PatternName>Birthday</PatternName>
2510
<Types>text,textarea</Types>
2511
<Language>de</Language>
2512
<Match>geburtstag|geburt</Match>
2513
<Value>12/25/1975</Value>
2514
<ValueMatch></ValueMatch>
2515
<MatchCriteria>Regex</MatchCriteria>
2516
</TrainingParameter>
2517
<TrainingParameter>
2518
<PatternName>Day</PatternName>
2519
<Types>text,textarea</Types>
2520
<Language>de</Language>
2521
<Match>tag</Match>
2522
<Value>25</Value>
2523
<ValueMatch></ValueMatch>
2524
<MatchCriteria>Regex</MatchCriteria>
2525
</TrainingParameter>
2526
<TrainingParameter>
2527
<PatternName>Month</PatternName>
2528
<Types>text,textarea</Types>
2529
<Language>de</Language>
2530
<Match>monat</Match>
2531
<Value>12</Value>
2532
<ValueMatch></ValueMatch>
2533
<MatchCriteria>Regex</MatchCriteria>
2534
</TrainingParameter>
2535
<TrainingParameter>
2536
<PatternName>Year</PatternName>
2537
<Types>text,textarea</Types>
2538
<Language>de</Language>
2539
<Match>Jahr</Match>
2540
<Value>2007</Value>
2541
<ValueMatch></ValueMatch>
2542
<MatchCriteria>Regex</MatchCriteria>
2543
</TrainingParameter>
2544
<TrainingParameter>
2545
<PatternName>BirthYear</PatternName>
2546
<Types>text,textarea</Types>
2547
<Language>de</Language>
2548
<Match>Jahr|1975|1970|1960|1950</Match>
2549
<Value>1975</Value>
2550
<ValueMatch></ValueMatch>
2551
<MatchCriteria>Regex</MatchCriteria>
2552
</TrainingParameter>
2553
<TrainingParameter>
2554
<PatternName>Past Date mm/dd/yy</PatternName>
2555
<Types>text,textarea</Types>
2556
<Language>de</Language>
2557
<Match>Datum|d.m.yyyy|dd.mm.yyyy</Match>
2558
<Value>02.02.03</Value>
2559
<ValueMatch></ValueMatch>
2560
<MatchCriteria>Regex</MatchCriteria>
2561
</TrainingParameter>
2562
<TrainingParameter>
2563
<PatternName>Past Date mm/dd/yyyy</PatternName>
2564
<Types>text,textarea</Types>
2565
<Language>de</Language>
2566
<Match>Datum|mm/dd/yyyy</Match>
2567
<Value>02/02/2003</Value>
2568
<ValueMatch></ValueMatch>
2569
<MatchCriteria>Regex</MatchCriteria>
2570
</TrainingParameter>
2571
<TrainingParameter>
2572
<PatternName>Future Date mm/dd/yy</PatternName>
2573
<Types>text,textarea</Types>
2574
<Language>de</Language>
2575
<Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==</Match>
2576
<Value>02/02/11</Value>
2577
<ValueMatch></ValueMatch>
2578
<MatchCriteria>Regex</MatchCriteria>
2579
</TrainingParameter>
2580
<TrainingParameter>
2581
<PatternName>Future Date mm/dd/yyyy</PatternName>
2582
<Types>text,textarea</Types>
2583
<Language>de</Language>
2584
<Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5</Match>
2585
<Value>02/02/2011</Value>
2586
<ValueMatch></ValueMatch>
2587
<MatchCriteria>Regex</MatchCriteria>
2588
</TrainingParameter>
2589
<TrainingParameter>
2590
<PatternName>Username</PatternName>
2591
<Types>text,textarea</Types>
2592
<Language>de</Language>
2593
<Match>Benutzername|Mitgliedsnamen|Benutzer</Match>
2594
<Value>%RANDALPHANUM%</Value>
2595
<ValueMatch></ValueMatch>
2596
<MatchCriteria>Regex</MatchCriteria>
2597
</TrainingParameter>
2598
<TrainingParameter>
2599
<PatternName>Password</PatternName>
2600
<Types>password</Types>
2601
<Language>de</Language>
2602
<Match>password|passwort|passwd</Match>
2603
<Value>%RANDALPHANUM%1'</Value>
2604
<ValueMatch></ValueMatch>
2605
<MatchCriteria>Regex</MatchCriteria>
2606
</TrainingParameter>
2607
<TrainingParameter>
2608
<PatternName>Old password</PatternName>
2609
<Types>password</Types>
2610
<Language>de</Language>
2611
<Match>alte[:space:]passwort</Match>
2612
<Value>%RANDALPHANUM%1'</Value>
2613
<ValueMatch></ValueMatch>
2614
<MatchCriteria>Regex</MatchCriteria>
2615
</TrainingParameter>
2616
<TrainingParameter>
2617
<PatternName>Accept terms</PatternName>
2618
<Types>checkbox,radio</Types>
2619
<Language>de</Language>
2620
<Match>Ich habe gelesen und akzeptiere|Ich habe gelesen und akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</Match>
2621
<Value></Value>
2622
<ValueMatch></ValueMatch>
2623
<MatchCriteria>Regex</MatchCriteria>
2624
</TrainingParameter>
2625
<TrainingParameter>
2626
<PatternName>Remove item</PatternName>
2627
<Types>checkbox,radio</Types>
2628
<Language>de</Language>
2629
<Match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</Match>
2630
<Value></Value>
2631
<ValueMatch></ValueMatch>
2632
<MatchCriteria>Regex</MatchCriteria>
2633
</TrainingParameter>
2634
<TrainingParameter>
2635
<PatternName>Search</PatternName>
2636
<Types>text,textarea</Types>
2637
<Language>de</Language>
2638
<Match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</Match>
2639
<Value>water</Value>
2640
<ValueMatch></ValueMatch>
2641
<MatchCriteria>Regex</MatchCriteria>
2642
</TrainingParameter>
2643
<TrainingParameter>
2644
<PatternName>Quantity</PatternName>
2645
<Types>text,textarea</Types>
2646
<Language>de</Language>
2647
<Match>qty|Menge|Betrag|Anzahl</Match>
2648
<Value>3</Value>
2649
<ValueMatch></ValueMatch>
2650
<MatchCriteria>Regex</MatchCriteria>
2651
</TrainingParameter>
2652
<TrainingParameter>
2653
<PatternName>Number</PatternName>
2654
<Types>text,textarea</Types>
2655
<Language>de</Language>
2656
<Match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</Match>
2657
<Value>21</Value>
2658
<ValueMatch></ValueMatch>
2659
<MatchCriteria>Regex</MatchCriteria>
2660
</TrainingParameter>
2661
<TrainingParameter>
2662
<PatternName>Account Number</PatternName>
2663
<Types>text,textarea</Types>
2664
<Language>de</Language>
2665
<Match>Konto</Match>
2666
<Value>3456</Value>
2667
<ValueMatch></ValueMatch>
2668
<MatchCriteria>Regex</MatchCriteria>
2669
</TrainingParameter>
2670
<TrainingParameter>
2671
<PatternName>Shipping method</PatternName>
2672
<Types>select</Types>
2673
<Language>de</Language>
2674
<Match>Versand</Match>
2675
<Value></Value>
2676
<ValueMatch></ValueMatch>
2677
<MatchCriteria>Regex</MatchCriteria>
2678
</TrainingParameter>
2679
<TrainingParameter>
2680
<PatternName>Gift</PatternName>
2681
<Types>text,textarea</Types>
2682
<Language>de</Language>
2683
<Match>Geschenk</Match>
2684
<Value></Value>
2685
<ValueMatch></ValueMatch>
2686
<MatchCriteria>Regex</MatchCriteria>
2687
</TrainingParameter>
2688
<TrainingParameter>
2689
<PatternName>Credit card number</PatternName>
2690
<Types>text,textarea</Types>
2691
<Language>de</Language>
2692
<Match>Kreditkarte|Kredit|Kartennummer</Match>
2693
<Value>5105105105105100</Value>
2694
<ValueMatch></ValueMatch>
2695
<MatchCriteria>Regex</MatchCriteria>
2696
</TrainingParameter>
2697
<TrainingParameter>
2698
<PatternName>Credit card type</PatternName>
2699
<Types>text,textarea</Types>
2700
<Language>de</Language>
2701
<Match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</Match>
2702
<Value></Value>
2703
<ValueMatch>Master</ValueMatch>
2704
<MatchCriteria>Regex</MatchCriteria>
2705
</TrainingParameter>
2706
<TrainingParameter>
2707
<PatternName>Credit card security code</PatternName>
2708
<Types>text,textarea</Types>
2709
<Language>de</Language>
2710
<Match>MJPYBZHSWwshWRRFSGWAGES3JlZGl0fFNpY2hlcmhlaXRzLUNvZGV8UHLDvGZudW1tZXI=</Match>
2711
<Value>123</Value>
2712
<ValueMatch></ValueMatch>
2713
<MatchCriteria>Regex</MatchCriteria>
2714
</TrainingParameter>
2715
<TrainingParameter>
2716
<PatternName>CAPTCHA</PatternName>
2717
<Types>text,textarea</Types>
2718
<Language>de</Language>
2719
<Match>captcha</Match>
2720
<Value>[%RANDALPHANUM%</Value>
2721
<ValueMatch></ValueMatch>
2722
<MatchCriteria>Regex</MatchCriteria>
2723
</TrainingParameter>
2724
<TrainingParameter>
2725
<PatternName>Back button</PatternName>
2726
<Types>button,image,submit</Types>
2727
<Language>de</Language>
2728
<Match>MJPYBZHSWwshWRRFSGWAGEenVyw7xja3xyZXR1cm58c3Rvcm5pZXJlbnx2b3JoZXJpZ2V8d2VpdGVyIGVpbmthdWZlbg==</Match>
2729
<Value></Value>
2730
<ValueMatch></ValueMatch>
2731
<MatchCriteria>Regex</MatchCriteria>
2732
</TrainingParameter>
2733
<TrainingParameter>
2734
<PatternName>Logout button</PatternName>
2735
<Types>button,image,submi</Types>
2736
<Language>de</Language>
2737
<Match>Abmeldung|Abmeldung|ausloggen|(sign|log)-?(off|out)</Match>
2738
<Value></Value>
2739
<ValueMatch></ValueMatch>
2740
<MatchCriteria>Regex</MatchCriteria>
2741
</TrainingParameter>
2742
<TrainingParameter>
2743
<PatternName>Login button</PatternName>
2744
<Types>button,image,submi</Types>
2745
<Language>de</Language>
2746
<Match>(log|sign)-?in</Match>
2747
<Value></Value>
2748
<ValueMatch></ValueMatch>
2749
<MatchCriteria>Regex</MatchCriteria>
2750
</TrainingParameter>
2751
<TrainingParameter>
2752
<PatternName>Size</PatternName>
2753
<Types>select</Types>
2754
<Language>de</Language>
2755
<Match>MJPYBZHSWwshWRRFSGWAGER3LDtnNzZXxYWEw=</Match>
2756
<Value>m</Value>
2757
<ValueMatch>m|s|42</ValueMatch>
2758
<MatchCriteria>Regex</MatchCriteria>
2759
</TrainingParameter>
2760
<TrainingParameter>
2761
<PatternName>Color</PatternName>
2762
<Types>select</Types>
2763
<Language>de</Language>
2764
<Match>Farbe</Match>
2765
<Value>Blue</Value>
2766
<ValueMatch></ValueMatch>
2767
<MatchCriteria>Regex</MatchCriteria>
2768
</TrainingParameter>
2769
<TrainingParameter>
2770
<PatternName>Enter price</PatternName>
2771
<Types>text,textarea</Types>
2772
<Language>de</Language>
2773
<Match>Preis</Match>
2774
<Value>20</Value>
2775
<ValueMatch></ValueMatch>
2776
<MatchCriteria>Regex</MatchCriteria>
2777
</TrainingParameter>
2778
<TrainingParameter>
2779
<PatternName>Attention</PatternName>
2780
<Types>text,textarea</Types>
2781
<Language>de</Language>
2782
<Match>Aufmerksamkeit</Match>
2783
<Value>John</Value>
2784
<ValueMatch></ValueMatch>
2785
<MatchCriteria>Regex</MatchCriteria>
2786
</TrainingParameter>
2787
<TrainingParameter>
2788
<PatternName>Gender</PatternName>
2789
<Types>select,radio,checkbox</Types>
2790
<Language>de</Language>
2791
<Match>Geschlecht|Herren</Match>
2792
<Value>m</Value>
2793
<ValueMatch>m|h</ValueMatch>
2794
<MatchCriteria>Regex</MatchCriteria>
2795
</TrainingParameter>
2796
<TrainingParameter>
2797
<PatternName>Legal age</PatternName>
2798
<Types>select,radio,checkbox</Types>
2799
<Language>de</Language>
2800
<Match>rechtliche|\\d\\d[:space:]*Jahre</Match>
2801
<Value>ja</Value>
2802
<ValueMatch>ja|yes|1|on</ValueMatch>
2803
<MatchCriteria>Regex</MatchCriteria>
2804
</TrainingParameter>
2805
<TrainingParameter>
2806
<PatternName>Coupon code</PatternName>
2807
<Types>text,textarea</Types>
2808
<Language>de</Language>
2809
<Match>MJPYBZHSWwshWRRFSGWAGERsO2cmRlcnVuZ3xHdXRzY2hlaW4=</Match>
2810
<Value>111</Value>
2811
<ValueMatch></ValueMatch>
2812
<MatchCriteria>Regex</MatchCriteria>
2813
</TrainingParameter>
2814
<TrainingParameter>
2815
<PatternName>Send message</PatternName>
2816
<Types>text,textarea</Types>
2817
<Language>de</Language>
2818
<Match>Nachricht|Kommentar|beschweren|Anfrage|Kritik</Match>
2819
<Value>comment</Value>
2820
<ValueMatch></ValueMatch>
2821
<MatchCriteria>Regex</MatchCriteria>
2822
</TrainingParameter>
2823
<TrainingParameter>
2824
<PatternName>Age</PatternName>
2825
<Types>text,textarea</Types>
2826
<Language>de</Language>
2827
<Match>Alter|unter|mehr</Match>
2828
<Value>40</Value>
2829
<ValueMatch></ValueMatch>
2830
<MatchCriteria>Regex</MatchCriteria>
2831
</TrainingParameter>
2832
<TrainingParameter>
2833
<PatternName>Passphrase Hint</PatternName>
2834
<Types>text,textarea</Types>
2835
<Language>de</Language>
2836
<Match>Was machen|Name des Haustieres|Ihr Vater</Match>
2837
<Value>What make was your first car?</Value>
2838
<ValueMatch></ValueMatch>
2839
<MatchCriteria>Regex</MatchCriteria>
2840
</TrainingParameter>
2841
<TrainingParameter>
2842
<PatternName>Passphrase Hint Answer</PatternName>
2843
<Types>text,textarea</Types>
2844
<Language>de</Language>
2845
<Match>beantworten</Match>
2846
<Value>Ford</Value>
2847
<ValueMatch></ValueMatch>
2848
<MatchCriteria>Regex</MatchCriteria>
2849
</TrainingParameter>
2850
<TrainingParameter>
2851
<PatternName>Doctor name</PatternName>
2852
<Types>text,textarea</Types>
2853
<Language>de</Language>
2854
<Match>Arzt</Match>
2855
<Value>John Johnson</Value>
2856
<ValueMatch></ValueMatch>
2857
<MatchCriteria>Regex</MatchCriteria>
2858
</TrainingParameter>
2859
</TrainingParameterList>
2860
</ParameterTrainingConfig>
2861
<AutoSequenceConfig>
2862
<SequenceIgnoreExtensionList>
2863
<SequenceIgnoreExtension>
2864
<Value>js</Value>
2865
</SequenceIgnoreExtension>
2866
<SequenceIgnoreExtension>
2867
<Value>css</Value>
2868
</SequenceIgnoreExtension>
2869
<SequenceIgnoreExtension>
2870
<Value>doc</Value>
2871
</SequenceIgnoreExtension>
2872
<SequenceIgnoreExtension>
2873
<Value>jpg</Value>
2874
</SequenceIgnoreExtension>
2875
<SequenceIgnoreExtension>
2876
<Value>jpeg</Value>
2877
</SequenceIgnoreExtension>
2878
<SequenceIgnoreExtension>
2879
<Value>gif</Value>
2880
</SequenceIgnoreExtension>
2881
<SequenceIgnoreExtension>
2882
<Value>png</Value>
2883
</SequenceIgnoreExtension>
2884
<SequenceIgnoreExtension>
2885
<Value>bmp</Value>
2886
</SequenceIgnoreExtension>
2887
<SequenceIgnoreExtension>
2888
<Value>ico</Value>
2889
</SequenceIgnoreExtension>
2890
<SequenceIgnoreExtension>
2891
<Value>exe</Value>
2892
</SequenceIgnoreExtension>
2893
<SequenceIgnoreExtension>
2894
<Value>swf</Value>
2895
</SequenceIgnoreExtension>
2896
<SequenceIgnoreExtension>
2897
<Value>mp3</Value>
2898
</SequenceIgnoreExtension>
2899
<SequenceIgnoreExtension>
2900
<Value>wav</Value>
2901
</SequenceIgnoreExtension>
2902
<SequenceIgnoreExtension>
2903
<Value>eot</Value>
2904
</SequenceIgnoreExtension>
2905
</SequenceIgnoreExtensionList>
2906
<SequenceIgnoreContentTypeList>
2907
<SequenceIgnoreContentType>
2908
<Value>*font*</Value>
2909
</SequenceIgnoreContentType>
2910
<SequenceIgnoreContentType>
2911
<Value>audio/*</Value>
2912
</SequenceIgnoreContentType>
2913
<SequenceIgnoreContentType>
2914
<Value>image/*</Value>
2915
</SequenceIgnoreContentType>
2916
<SequenceIgnoreContentType>
2917
<Value>video/*</Value>
2918
</SequenceIgnoreContentType>
2919
<SequenceIgnoreContentType>
2920
<Value>application/pdf</Value>
2921
</SequenceIgnoreContentType>
2922
<SequenceIgnoreContentType>
2923
<Value>application/zip</Value>
2924
</SequenceIgnoreContentType>
2925
<SequenceIgnoreContentType>
2926
<Value>application/x-rar-compressed</Value>
2927
</SequenceIgnoreContentType>
2928
<SequenceIgnoreContentType>
2929
<Value>application/x-dvi</Value>
2930
</SequenceIgnoreContentType>
2931
<SequenceIgnoreContentType>
2932
<Value>application/x-shockwave-flash</Value>
2933
</SequenceIgnoreContentType>
2934
<SequenceIgnoreContentType>
2935
<Value>application/msword</Value>
2936
</SequenceIgnoreContentType>
2937
<SequenceIgnoreContentType>
2938
<Value>application/ogg</Value>
2939
</SequenceIgnoreContentType>
2940
<SequenceIgnoreContentType>
2941
<Value>application/x-tar</Value>
2942
</SequenceIgnoreContentType>
2943
<SequenceIgnoreContentType>
2944
<Value>application/octet-stream</Value>
2945
</SequenceIgnoreContentType>
2946
</SequenceIgnoreContentTypeList>
2947
</AutoSequenceConfig>
2948
<MacroConfig>
2949
<SequentialMacroPlayback>1</SequentialMacroPlayback>
2950
<MacroFileList />
2951
</MacroConfig>
2952
<SeleniumConfig>
2953
<SequentialSeleniumScriptPlayback>1</SequentialSeleniumScriptPlayback>
2954
<SeleniumPort>32768</SeleniumPort>
2955
<FirefoxProfile>RAPID7APPSPIDERSELENIUM</FirefoxProfile>
2956
<SeleniumFileList />
2957
</SeleniumConfig>
2958
<WebServiceConfig>
2959
<Username></Username>
2960
<Password></Password>
2961
<ContentType></ContentType>
2962
<WsdlRegex>([?]wsdl|[.]wsdl)$</WsdlRegex>
2963
<AutoDiscoverWSDL>1</AutoDiscoverWSDL>
2964
<WebServicesEnhancements>0</WebServicesEnhancements>
2965
<PasswordOption>Hashed</PasswordOption>
2966
<WsdlList />
2967
<SwaggerFileList>
2968
<SwaggerFile>
2969
<Value></Value>
2970
<PreferredContentType>application/json</PreferredContentType>
2971
<JSONFileURL>http://webscantest.com/rest/deom/swagger.json</JSONFileURL>
2972
</SwaggerFile>
2973
</SwaggerFileList>
2974
</WebServiceConfig>
2975
<ReportConfig>
2976
<Language>en</Language>
2977
<BrandingDirectory></BrandingDirectory>
2978
<XML>0</XML>
2979
<VulnerabilitiesSummaryXML>1</VulnerabilitiesSummaryXML>
2980
<VulnerabilitiesSummaryJSON>0</VulnerabilitiesSummaryJSON>
2981
<CrawledLinksXML>0</CrawledLinksXML>
2982
<Index>1</Index>
2983
<ExecutiveSummary>1</ExecutiveSummary>
2984
<AllLinks>1</AllLinks>
2985
<AppThreatModeling>1</AppThreatModeling>
2986
<BestPractices>1</BestPractices>
2987
<Reflection>1</Reflection>
2988
<RemediationSummary>1</RemediationSummary>
2989
<Resources>0</Resources>
2990
<ResourceDetails>0</ResourceDetails>
2991
<ResourceSummaryBreakdown>0</ResourceSummaryBreakdown>
2992
<Application>1</Application>
2993
<Server>1</Server>
2994
<Database>1</Database>
2995
<BySite>0</BySite>
2996
<SiteLinks>1</SiteLinks>
2997
<StatusAndConfig>1</StatusAndConfig>
2998
<Vulnerabilities>1</Vulnerabilities>
2999
<VulnerabilitiesByUrlStandAlone>0</VulnerabilitiesByUrlStandAlone>
3000
<DISASTIG>1</DISASTIG>
3001
<FISMA>1</FISMA>
3002
<CWESANS>1</CWESANS>
3003
<GLB>1</GLB>
3004
<HIPAA>1</HIPAA>
3005
<OWASP2007>0</OWASP2007>
3006
<OWASP2010>0</OWASP2010>
3007
<OWASP2013>1</OWASP2013>
3008
<PCI>0</PCI>
3009
<PCI30></PCI30>
3010
<PCI31>1</PCI31>
3011
<SOX>1</SOX>
3012
<Privacy>1</Privacy>
3013
<Comments>1</Comments>
3014
<Cookies>1</Cookies>
3015
<PDF>0</PDF>
3016
<ZipReport>0</ZipReport>
3017
<ValidateApplet>1</ValidateApplet>
3018
<IncludeDbInZip>1</IncludeDbInZip>
3019
<DisableBigReportPagesThreshold>10000</DisableBigReportPagesThreshold>
3020
<AesEncryptPassword></AesEncryptPassword>
3021
<Metadata></Metadata>
3022
</ReportConfig>
3023
<WAFConfig>
3024
<Snort>1</Snort>
3025
<Imperva>1</Imperva>
3026
<ModSec>1</ModSec>
3027
<SnortMode>Alert</SnortMode>
3028
</WAFConfig>
3029
<ScheduleConfig>
3030
<Enabled>0</Enabled>
3031
<PauseTime>2016-07-15 12:40:22</PauseTime>
3032
<ResumeTime>2016-07-15 12:40:22</ResumeTime>
3033
<MaxRunTime>42566 Days, 12:40:22</MaxRunTime>
3034
</ScheduleConfig>
3035
<SiteTechnologyConfig>
3036
<Autodetect>1</Autodetect>
3037
<ServerPerformance>Unknown</ServerPerformance>
3038
<LanguageList />
3039
<RegionList />
3040
<TechnologyTargets>
3041
<OperatingSystemList />
3042
<DatabaseList />
3043
<FrameworkList />
3044
<ClientLanguageList />
3045
<ServerLanguageList />
3046
<WebServerList />
3047
<WebAppServerList />
3048
</TechnologyTargets>
3049
</SiteTechnologyConfig>
3050
<OneTimeTokenConfig>
3051
<AutoDetectCSRF>1</AutoDetectCSRF>
3052
<MaxTokenLifetime>1899-12-30 00:00:00</MaxTokenLifetime>
3053
<ExpirationRegex></ExpirationRegex>
3054
<TokenNameRegex>csrf</TokenNameRegex>
3055
<TokenValueRegex></TokenValueRegex>
3056
</OneTimeTokenConfig>
3057
<CVSSConfig>
3058
<CollateralDamagePotential>Not Defined</CollateralDamagePotential>
3059
<TargetDistribution>Not Defined</TargetDistribution>
3060
<ConfidentialityRequirement>Not Defined</ConfidentialityRequirement>
3061
<IntegrityRequirement>Not Defined</IntegrityRequirement>
3062
<AvailabilityRequirement>Not Defined</AvailabilityRequirement>
3063
<AccessVector>Not Defined</AccessVector>
3064
<AccessComplexity>Not Defined</AccessComplexity>
3065
<CvssAuthentication>Not Defined</CvssAuthentication>
3066
</CVSSConfig>
3067
<ParameterParserConfig>
3068
<EnableBase64ParameterValues>1</EnableBase64ParameterValues>
3069
<MultiRegexURLParserConfigList />
3070
<StandardURLParserConfig>
3071
<PathNameValueDelimiters>=.</PathNameValueDelimiters>
3072
<PathParameterDelimiters>/;</PathParameterDelimiters>
3073
<QueryNameValueDelimiters>=</QueryNameValueDelimiters>
3074
<QueryParameterDelimiters>
3075
<![CDATA[&]]>
3076
</QueryParameterDelimiters>
3077
<PathParamsValueRegex>\\d+</PathParamsValueRegex>
3078
<StartPathParamsPosition>-1</StartPathParamsPosition>
3079
</StandardURLParserConfig>
3080
</ParameterParserConfig>
3081
<ParameterValueConfig>
3082
<ParameterValueList />
3083
</ParameterValueConfig>
3084
</ScanConfig>