Scan Config XML Breakout

Scan Config XML Breakout

Below is a sample of an XML config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.

ScanConfig is the top-level structure in the Scan Configuration File and contains all elements of the config to be submitted. For Example:

  • Name sets the name for the config

  • AppVersion identifies which version of AppSpider the config was written for (defaults to the current major version of the Scan Engine)

  • Log is a binary field to tell the engine to enable or disable logging (defaults to "1")

    • 1 - Enables Logging
    • 2 - Disables Logging

A full breakout of all XML elements contained in a scan config can be found at Scan Configuration Parameters

Caution

All elements must be submitted for the XML to be considered a "well-formed" request. Failure to include any element will result in the request being dropped

XML File example
xml
1
<scanconfig>
2
<name>webscantest</name>
3
<appversion>7.0</appversion>
4
<log>1</log>
5
<detailedlogging>0</detailedlogging>
6
<includetraffic>0</includetraffic>
7
<windowserrors>0</windowserrors>
8
<usesystemdsn>0</usesystemdsn>
9
<recrawl>0</recrawl>
10
<pauseonrecoverableerror>1</pauseonrecoverableerror>
11
<displayimminentlicenseexpirymessage>1</displayimminentlicenseexpirymessage>
12
<executecommandlineurl></executecommandlineurl>
13
<notifyscandoneurl></notifyscandoneurl>
14
<javascriptengine>Chrome</javascriptengine>
15
<maxdatabasesize>1073741824</maxdatabasesize>
16
<maxtrafficfiles>0</maxtrafficfiles>
17
<crawlconfig>
18
<maxdomain>100</maxdomain>
19
<maxcrawlresults>5000</maxcrawlresults>
20
<maxperwebsitecrawlresults>-1</maxperwebsitecrawlresults>
21
<maxperdircrawlresults>400</maxperdircrawlresults>
22
<maxperlinkcrawlresults>40</maxperlinkcrawlresults>
23
<maxpernormalizedlinkcrawlresult>100</maxpernormalizedlinkcrawlresult>
24
<maxperdirchildnodes>300</maxperdirchildnodes>
25
<maxblacklistextcrawlresults>100</maxblacklistextcrawlresults>
26
<maxattackfeedbacklinkscount>300</maxattackfeedbacklinkscount>
27
<maxperfilenamecrawlresults>250</maxperfilenamecrawlresults>
28
<maxperquerycrawlresults>100</maxperquerycrawlresults>
29
<recursiondepth>2</recursiondepth>
30
<maxdirdepth>15</maxdirdepth>
31
<discoverydepth>-1</discoverydepth>
32
<urlrepetitiontolerance>15</urlrepetitiontolerance>
33
<sequencerepetitiontolerance>3</sequencerepetitiontolerance>
34
<maxreportedimages>500</maxreportedimages>
35
<maxreportedlinks>2500</maxreportedlinks>
36
<maxreportedcomments>500</maxreportedcomments>
37
<maxreportedscripts>500</maxreportedscripts>
38
<maxreportedemails>500</maxreportedemails>
39
<maxreportedforms>500</maxreportedforms>
40
<maxbrowserpagewaittimeout>60000</maxbrowserpagewaittimeout>
41
<maxbrowserwaittillrequesttimeout>4000</maxbrowserwaittillrequesttimeout>
42
<maxbrowserdomdepth>2</maxbrowserdomdepth>
43
<maxbrowsereventsperlink>600</maxbrowsereventsperlink>
44
<maxbrowsereventspercrawlresult>400</maxbrowsereventspercrawlresult>
45
<maxbrowsereventsperdom>100</maxbrowsereventsperdom>
46
<maxbrowsernonewresourcedomcount>400</maxbrowsernonewresourcedomcount>
47
<notinsertedlinkcountthreshold>2</notinsertedlinkcountthreshold>
48
<maxcookiesfromjavascript>100</maxcookiesfromjavascript>
49
<maxcookiessamenamefromjavascript>10</maxcookiessamenamefromjavascript>
50
<maxdaysthresholdgoodtraffic>7</maxdaysthresholdgoodtraffic>
51
<crawlprioritization>Smart</crawlprioritization>
52
<filenotfoundregex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File
53
(or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</filenotfoundregex>
54
<servererrorregex></servererrorregex>
55
<invalidurlregexattack>
56
<!--[CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]-->
57
</invalidurlregexattack>
58
<invalidurlregexcrawl>
59
<!--[CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]-->
60
</invalidurlregexcrawl>
61
<prioritylinksregex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</prioritylinksregex>
62
<lockcookies>0</lockcookies>
63
<casesensitivity>Case Sensitive</casesensitivity>
64
<uniqueurlsacrosswebsites>0</uniqueurlsacrosswebsites>
65
<savereferences>0</savereferences>
66
<usebrowser>1</usebrowser>
67
<showbrowser>0</showbrowser>
68
<stayonport>0</stayonport>
69
<restricttomacro>0</restricttomacro>
70
<restricttomanualcrawling>0</restricttomanualcrawling>
71
<restricttoseedlist>0</restricttoseedlist>
72
<restricttowebservice>0</restricttowebservice>
73
<restricttoselenium>0</restricttoselenium>
74
<restricttoswagger>0</restricttoswagger>
75
<restricttoagentroutes>0</restricttoagentroutes>
76
<importcookiesfromtraffic>0</importcookiesfromtraffic>
77
<pageequalthreshhold>0.95</pageequalthreshhold>
78
<pagesimilarthreshhold>0.8</pagesimilarthreshhold>
79
<experimentalcrawling>Disabled</experimentalcrawling>
80
<flash>1</flash>
81
<enableadvancedparsers>1</enableadvancedparsers>
82
<searchforurls>1</searchforurls>
83
<cookiecommaseparator>1</cookiecommaseparator>
84
<maxwebresourcesoverhead>1000</maxwebresourcesoverhead>
85
<blacklistcontactforms>0</blacklistcontactforms>
86
<enablerobotstxtsitemapcrawling>0</enablerobotstxtsitemapcrawling>
87
<logdomcontents>0</logdomcontents>
88
<usebrowserresponsecaching>1</usebrowserresponsecaching>
89
<frameworkscrawlconfig>
90
<enableframeworkscrawling>1</enableframeworkscrawling>
91
<frameworkconfiglist>
92
<frameworkconfig>
93
<name>ReactJS</name>
94
<defaultconfigversion>2</defaultconfigversion>
95
<enabled>1</enabled>
96
<head>1</head>
97
<detectionregex>createReactRootIndex</detectionregex>
98
<healthcheckstring>react</healthcheckstring>
99
<filename>fm.react.min.js</filename>
100
<getalleventsscript>window.fm.react.getAllEvents('appspider');</getalleventsscript>
101
<getalleventsdelay>0</getalleventsdelay>
102
<getversionstringscript></getversionstringscript>
103
</frameworkconfig>
104
<frameworkconfig>
105
<name>AngularJS</name>
106
<defaultconfigversion>1</defaultconfigversion>
107
<enabled>1</enabled>
108
<head>0</head>
109
<detectionregex>ng-controller</detectionregex>
110
<healthcheckstring>angular</healthcheckstring>
111
<filename>angular-hook-bundle.min.js</filename>
112
<getalleventsscript>NG_HOOK.getAllNgEvents();</getalleventsscript>
113
<getalleventsdelay>0</getalleventsdelay>
114
<getversionstringscript>NG_HOOK.getVersionString();</getversionstringscript>
115
</frameworkconfig>
116
<frameworkconfig>
117
<name>KnockoutJS</name>
118
<defaultconfigversion>1</defaultconfigversion>
119
<enabled>1</enabled>
120
<head>0</head>
121
<detectionregex>data-bind</detectionregex>
122
<healthcheckstring>ko</healthcheckstring>
123
<filename>ko-hook-bundle.min.js</filename>
124
<getalleventsscript>KO_HOOK.getAllKOEvents();</getalleventsscript>
125
<getalleventsdelay>5000</getalleventsdelay>
126
<getversionstringscript>KO_HOOK.getVersionString();</getversionstringscript>
127
</frameworkconfig>
128
<frameworkconfig>
129
<name>AngularLib</name>
130
<defaultconfigversion>2</defaultconfigversion>
131
<enabled>1</enabled>
132
133
<head>0</head>
134
<detectionregex>(?-i)angular(?!\w)</detectionregex>
135
<healthcheckstring></healthcheckstring>
136
<filename>angular-4-hook-bundle.min.js</filename>
137
<getalleventsscript>NG_HOOK_LIB.getAllAngularFmEvents();</getalleventsscript>
138
<getalleventsdelay>6000</getalleventsdelay>
139
<getversionstringscript>NG_HOOK_LIB.getVersionString();</getversionstringscript>
140
</frameworkconfig>
141
<frameworkconfig>
142
<name>ReactLib</name>
143
<defaultconfigversion>1</defaultconfigversion>
144
<enabled>1</enabled>
145
<head>0</head>
146
<detectionregex>react-text</detectionregex>
147
<healthcheckstring></healthcheckstring>
148
<filename>react-hook-bundle.min.js</filename>
149
<getalleventsscript>REACT_HOOK_LIB.getAllReactEvents();</getalleventsscript>
150
<getalleventsdelay>8000</getalleventsdelay>
151
<getversionstringscript>REACT_HOOK_LIB.getVersionString();</getversionstringscript>
152
</frameworkconfig>
153
<frameworkconfig>
154
<name>ReactTwo</name>
155
<defaultconfigversion>1</defaultconfigversion>
156
<enabled>1</enabled>
157
<head>0</head>
158
<detectionregex>(?-i)"react[.][a-df-z][a-z]+"</detectionregex>
159
<healthcheckstring></healthcheckstring>
160
<filename>react-hook-bundle.min.js</filename>
161
<getalleventsscript>REACT_HOOK_LIB.getAllReactTwoEvents();</getalleventsscript>
162
<getalleventsdelay>8000</getalleventsdelay>
163
<getversionstringscript>REACT_HOOK_LIB.getVersionString();</getversionstringscript>
164
</frameworkconfig>
165
<frameworkconfig>
166
<name>OpenUI5</name>
167
<defaultconfigversion>1</defaultconfigversion>
168
<enabled>1</enabled>
169
<head>0</head>
170
<detectionregex>(?-i)sap-ui-debug</detectionregex>
171
<healthcheckstring></healthcheckstring>
172
<filename>sap-open-ui5-hook-bundle.min.js</filename>
173
<getalleventsscript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</getalleventsscript>
174
<getalleventsdelay>5000</getalleventsdelay>
175
<getversionstringscript>OPEN_UI5_HOOK_LIB.getVersionString();</getversionstringscript>
176
</frameworkconfig>
177
<frameworkconfig>
178
<name>Vue</name>
179
<defaultconfigversion>1</defaultconfigversion>
180
<enabled>1</enabled>
181
<head>0</head>
182
<detectionregex>(?-i)__VUE_SSR_CONTEXT__</detectionregex>
183
<healthcheckstring></healthcheckstring>
184
<filename>vue-hook-bundle.min.js</filename>
185
<getalleventsscript>VUE_HOOK_LIB.getAllVueEvents();</getalleventsscript>
186
<getalleventsdelay>5000</getalleventsdelay>
187
<getversionstringscript>VUE_HOOK_LIB.getVersionString();</getversionstringscript>
188
</frameworkconfig>
189
<frameworkconfig>
190
<name>Ember</name>
191
<defaultconfigversion>1</defaultconfigversion>
192
<enabled>1</enabled>
193
<head>0</head>
194
<detectionregex>(?-i)EMBER_LOAD_HOOKS</detectionregex>
195
<healthcheckstring></healthcheckstring>
196
<filename>ember-hook-bundle.min.js</filename>
197
<getalleventsscript>EMBER_HOOK_LIB.getAllEmberEvents();</getalleventsscript>
198
<getalleventsdelay>5000</getalleventsdelay>
199
<getversionstringscript>EMBER_HOOK_LIB.getVersionString();</getversionstringscript>
200
</frameworkconfig>
201
<frameworkconfig>
202
<name>Backbone</name>
203
<defaultconfigversion>1</defaultconfigversion>
204
<enabled>1</enabled>
205
<head>0</head>
206
<detectionregex>(?-i)Backbone</detectionregex>
207
<healthcheckstring></healthcheckstring>
208
<filename>backbone-hook-bundle.min.js</filename>
209
<getalleventsscript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</getalleventsscript>
210
<getalleventsdelay>5000</getalleventsdelay>
211
<getversionstringscript>BACKBONE_HOOK_LIB.getVersionString();</getversionstringscript>
212
</frameworkconfig>
213
</frameworkconfiglist>
214
</frameworkscrawlconfig>
215
<seedurllist>
216
<seedurl>
217
<value>http://www.webscantest.com/</value>
218
</seedurl>
219
</seedurllist>
220
<scopeconstraintlist>
221
<scopeconstraint>
222
<url>http://www.webscantest.com/*</url>
223
<method>All</method>
224
<matchcriteria>Wildcard</matchcriteria>
225
<exclusion>Include</exclusion>
226
</scopeconstraint>
227
<scopeconstraint>
228
<url>http://*.www.webscantest.com/*</url>
229
<method>All</method>
230
<matchcriteria>Wildcard</matchcriteria>
231
<exclusion>Include</exclusion>
232
</scopeconstraint>
233
</scopeconstraintlist>
234
<blacklistextensionlist>
235
<blacklistextension>
236
<value>css</value>
237
</blacklistextension>
238
<blacklistextension>
239
<value>axd</value>
240
</blacklistextension>
241
</blacklistextensionlist>
242
<graylistextensionlist>
243
<graylistextension>
244
<value>pdf</value>
245
</graylistextension>
246
<graylistextension>
247
<value>doc</value>
248
</graylistextension>
249
<graylistextension>
250
<value>jpg</value>
251
</graylistextension>
252
<graylistextension>
253
<value>jpeg</value>
254
</graylistextension>
255
<graylistextension>
256
<value>gif</value>
257
</graylistextension>
258
<graylistextension>
259
<value>png</value>
260
</graylistextension>
261
<graylistextension>
262
<value>bmp</value>
263
</graylistextension>
264
<graylistextension>
265
<value>ico</value>
266
</graylistextension>
267
<graylistextension>
268
<value>js</value>
269
</graylistextension>
270
<graylistextension>
271
<value>tiff</value>
272
</graylistextension>
273
<graylistextension>
274
<value>eot</value>
275
</graylistextension>
276
<graylistextension>
277
<value>ttf</value>
278
</graylistextension>
279
<graylistextension>
280
<value>mid</value>
281
</graylistextension>
282
<graylistextension>
283
<value>midi</value>
284
</graylistextension>
285
<graylistextension>
286
<value>mp3</value>
287
</graylistextension>
288
<graylistextension>
289
<value>mpeg</value>
290
</graylistextension>
291
<graylistextension>
292
<value>wav</value>
293
</graylistextension>
294
<graylistextension>
295
<value>avi</value>
296
</graylistextension>
297
<graylistextension>
298
<value>woff</value>
299
</graylistextension>
300
<graylistextension>
301
<value>svg</value>
302
</graylistextension>
303
</graylistextensionlist>
304
<binaryextensionlist>
305
<binaryextension>
306
<value>fla</value>
307
</binaryextension>
308
<binaryextension>
309
<value>swf</value>
310
</binaryextension>
311
<binaryextension>
312
<value>pdf</value>
313
</binaryextension>
314
<binaryextension>
315
<value>doc</value>
316
</binaryextension>
317
<binaryextension>
318
<value>jpg</value>
319
</binaryextension>
320
<binaryextension>
321
<value>jpeg</value>
322
</binaryextension>
323
<binaryextension>
324
<value>gif</value>
325
</binaryextension>
326
<binaryextension>
327
<value>png</value>
328
</binaryextension>
329
<binaryextension>
330
<value>bmp</value>
331
</binaryextension>
332
<binaryextension>
333
<value>ico</value>
334
</binaryextension>
335
<binaryextension>
336
<value>dll</value>
337
</binaryextension>
338
<binaryextension>
339
<value>exe</value>
340
</binaryextension>
341
<binaryextension>
342
<value>eot</value>
343
</binaryextension>
344
<binaryextension>
345
<value>ttf</value>
346
</binaryextension>
347
<binaryextension>
348
<value>mp3</value>
349
</binaryextension>
350
<binaryextension>
351
<value>mp4</value>
352
</binaryextension>
353
<binaryextension>
354
<value>wav</value>
355
</binaryextension>
356
<binaryextension>
357
<value>woff</value>
358
</binaryextension>
359
<binaryextension>
360
<value>svg</value>
361
</binaryextension>
362
</binaryextensionlist>
363
<textextensionlist>
364
<textextension>
365
<value>txt</value>
366
</textextension>
367
<textextension>
368
<value>js</value>
369
</textextension>
370
<textextension>
371
<value>css</value>
372
</textextension>
373
<textextension>
374
<value>json</value>
375
</textextension>
376
</textextensionlist>
377
<binarycontenttypelist>
378
<binarycontenttype>
379
<value>audio/*</value>
380
</binarycontenttype>
381
<binarycontenttype>
382
<value>image/*</value>
383
</binarycontenttype>
384
<binarycontenttype>
385
<value>video/*</value>
386
</binarycontenttype>
387
<binarycontenttype>
388
<value>application/pdf</value>
389
</binarycontenttype>
390
<binarycontenttype>
391
<value>application/zip</value>
392
</binarycontenttype>
393
<binarycontenttype>
394
<value>application/x-rar-compressed</value>
395
</binarycontenttype>
396
<binarycontenttype>
397
<value>application/x-dvi</value>
398
</binarycontenttype>
399
<binarycontenttype>
400
<value>application/x-shockwave-flash</value>
401
</binarycontenttype>
402
<binarycontenttype>
403
<value>application/msword</value>
404
</binarycontenttype>
405
<binarycontenttype>
406
<value>application/ogg</value>
407
</binarycontenttype>
408
<binarycontenttype>
409
<value>application/x-tar</value>
410
</binarycontenttype>
411
<binarycontenttype>
412
<value>application/octet-stream</value>
413
</binarycontenttype>
414
</binarycontenttypelist>
415
<htmlcontenttypelist>
416
<htmlcontenttype>
417
<value>text/html</value>
418
</htmlcontenttype>
419
<htmlcontenttype>
420
<value>html/*</value>
421
</htmlcontenttype>
422
<htmlcontenttype>
423
<value>application/xhtml+xml</value>
424
</htmlcontenttype>
425
</htmlcontenttypelist>
426
<textcontenttypelist>
427
<textcontenttype>
428
<value>text/plain</value>
429
</textcontenttype>
430
<textcontenttype>
431
<value>text/csv</value>
432
</textcontenttype>
433
<textcontenttype>
434
<value>text/css</value>
435
</textcontenttype>
436
<textcontenttype>
437
<value>text/javascript</value>
438
</textcontenttype>
439
<textcontenttype>
440
<value>application/javascript</value>
441
</textcontenttype>
442
<textcontenttype>
443
<value>application/x-javascript</value>
444
</textcontenttype>
445
<textcontenttype>
446
<value>application/json</value>
447
</textcontenttype>
448
<textcontenttype>
449
<value>application/x-httpd-php-source</value>
450
</textcontenttype>
451
</textcontenttypelist>
452
<xmlcontenttypelist>
453
<xmlcontenttype>
454
<value>application/xml-dtd</value>
455
</xmlcontenttype>
456
<xmlcontenttype>
457
<value>text/xml</value>
458
</xmlcontenttype>
459
<xmlcontenttype>
460
<value>application/soap+xml</value>
461
</xmlcontenttype>
462
<xmlcontenttype>
463
<value>application/xml</value>
464
</xmlcontenttype>
465
</xmlcontenttypelist>
466
<browserdownloadwhitelistlist>
467
<browserdownloadwhitelist>
468
<value>*.css</value>
469
</browserdownloadwhitelist>
470
<browserdownloadwhitelist>
471
<value>*.js</value>
472
</browserdownloadwhitelist>
473
<browserdownloadwhitelist>
474
<value>*.xml</value>
475
</browserdownloadwhitelist>
476
<browserdownloadwhitelist>
477
<value>*.dtd</value>
478
</browserdownloadwhitelist>
479
<browserdownloadwhitelist>
480
<value>*.axd</value>
481
</browserdownloadwhitelist>
482
<browserdownloadwhitelist>
483
<value>*.json</value>
484
</browserdownloadwhitelist>
485
<browserdownloadwhitelist>
486
<value>*/js/*</value>
487
</browserdownloadwhitelist>
488
<browserdownloadwhitelist>
489
<value>*/css/*</value>
490
</browserdownloadwhitelist>
491
</browserdownloadwhitelistlist>
492
<browserdonotdownloadextensionlist>
493
<browserdonotdownloadextension>
494
<value>pdf</value>
495
</browserdonotdownloadextension>
496
<browserdonotdownloadextension>
497
<value>doc</value>
498
</browserdonotdownloadextension>
499
<browserdonotdownloadextension>
500
<value>jpg</value>
501
</browserdonotdownloadextension>
502
<browserdonotdownloadextension>
503
<value>jpeg</value>
504
</browserdonotdownloadextension>
505
<browserdonotdownloadextension>
506
<value>gif</value>
507
</browserdonotdownloadextension>
508
<browserdonotdownloadextension>
509
<value>png</value>
510
</browserdonotdownloadextension>
511
<browserdonotdownloadextension>
512
<value>bmp</value>
513
</browserdonotdownloadextension>
514
<browserdonotdownloadextension>
515
<value>ico</value>
516
</browserdonotdownloadextension>
517
<browserdonotdownloadextension>
518
<value>exe</value>
519
</browserdonotdownloadextension>
520
<browserdonotdownloadextension>
521
<value>swf</value>
522
</browserdonotdownloadextension>
523
<browserdonotdownloadextension>
524
<value>mp3</value>
525
</browserdonotdownloadextension>
526
<browserdonotdownloadextension>
527
<value>mp4</value>
528
</browserdonotdownloadextension>
529
<browserdonotdownloadextension>
530
<value>wav</value>
531
</browserdonotdownloadextension>
532
<browserdonotdownloadextension>
533
<value>eot</value>
534
</browserdonotdownloadextension>
535
<browserdonotdownloadextension>
536
<value>ttf</value>
537
</browserdonotdownloadextension>
538
<browserdonotdownloadextension>
539
<value>woff</value>
540
</browserdonotdownloadextension>
541
<browserdonotdownloadextension>
542
<value>ico</value>
543
</browserdonotdownloadextension>
544
<browserdonotdownloadextension>
545
<value>svg</value>
546
</browserdonotdownloadextension>
547
</browserdonotdownloadextensionlist>
548
<browserdonotdownloadcontenttypelist>
549
<browserdonotdownloadcontenttype>
550
<value>audio/*</value>
551
</browserdonotdownloadcontenttype>
552
<browserdonotdownloadcontenttype>
553
<value>image/*</value>
554
</browserdonotdownloadcontenttype>
555
<browserdonotdownloadcontenttype>
556
<value>video/*</value>
557
</browserdonotdownloadcontenttype>
558
<browserdonotdownloadcontenttype>
559
<value>application/pdf</value>
560
</browserdonotdownloadcontenttype>
561
<browserdonotdownloadcontenttype>
562
<value>application/zip</value>
563
</browserdonotdownloadcontenttype>
564
<browserdonotdownloadcontenttype>
565
<value>application/x-rar-compressed</value>
566
</browserdonotdownloadcontenttype>
567
<browserdonotdownloadcontenttype>
568
<value>application/x-dvi</value>
569
</browserdonotdownloadcontenttype>
570
<browserdonotdownloadcontenttype>
571
<value>application/x-shockwave-flash</value>
572
</browserdonotdownloadcontenttype>
573
<browserdonotdownloadcontenttype>
574
<value>application/msword</value>
575
</browserdonotdownloadcontenttype>
576
<browserdonotdownloadcontenttype>
577
<value>application/ogg</value>
578
</browserdonotdownloadcontenttype>
579
<browserdonotdownloadcontenttype>
580
<value>application/x-tar</value>
581
</browserdonotdownloadcontenttype>
582
<browserdonotdownloadcontenttype>
583
<value>application/octet-stream</value>
584
</browserdonotdownloadcontenttype>
585
</browserdonotdownloadcontenttypelist>
586
</crawlconfig>
587
<attackerconfig>
588
<parameterstoattackbeforelimitingattacks>100</parameterstoattackbeforelimitingattacks>
589
<linkstoattackbeforelimitingattacks>20</linkstoattackbeforelimitingattacks>
590
<maxsamenameparameterattackpoints>10</maxsamenameparameterattackpoints>
591
<maxsamecookieparameterattackpoints>5</maxsamecookieparameterattackpoints>
592
<maxsamenameparameterattackpointsperlink>2</maxsamenameparameterattackpointsperlink>
593
<maxparameterattackpointsperlink>50</maxparameterattackpointsperlink>
594
<maxnormalizedsamenameparameterattackpointsperlink>4</maxnormalizedsamenameparameterattackpointsperlink>
595
<applyglobalfindingssettings>1</applyglobalfindingssettings>
596
<applycrawlerconstraints>1</applycrawlerconstraints>
597
<maxnumberofscheduledpassiveattacks>1000000</maxnumberofscheduledpassiveattacks>
598
<mincookielifetimeforattacks>3600</mincookielifetimeforattacks>
599
<excludelowconfidencefindings>0</excludelowconfidencefindings>
600
<outofbandhost></outofbandhost>
601
<maxseverityfortrafficreduction>Low</maxseverityfortrafficreduction>
602
<minresponsesizefortrafficreduction>204800</minresponsesizefortrafficreduction>
603
<defaultdonotattackparamlist>
604
<defaultdonotattackparam>
605
<parametername>
606
^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$
607
</parametername>
608
<matchcriteria>Regex</matchcriteria>
609
</defaultdonotattackparam>
610
</defaultdonotattackparamlist>
611
</attackerconfig>
612
<attackpolicyconfig>
613
<policy>All Modules</policy>
614
<attackprioritization>Smart</attackprioritization>
615
<attackdepth>Smart</attackdepth>
616
<enableadvancedattacks>0</enableadvancedattacks>
617
<falsepositiveregex></falsepositiveregex>
618
<falsepositivefindingregex></falsepositivefindingregex>
619
<rootcauseidexcludelist></rootcauseidexcludelist>
620
<attackonlycontrollingheaders>1</attackonlycontrollingheaders>
621
<enforceencoding>0</enforceencoding>
622
<attackpoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</attackpoints>
623
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations>
624
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations>
625
<attackmodulepolicylist>
626
<attackmodulepolicy>
627
<enabled>1</enabled>
628
<moduleid>C0B05B9C334341B180D2494235FF8F99</moduleid>
629
<modulepriority>High</modulepriority>
630
<severity>Informational</severity>
631
<maxvulnlimit>10</maxvulnlimit>
632
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
633
<maxvariancelimit>2</maxvariancelimit>
634
<passiveanalysisonattacks>0</passiveanalysisonattacks>
635
<enforceencoding>0</enforceencoding>
636
<applypolicyseverity>0</applypolicyseverity>
637
<attackpoints>Web Site</attackpoints>
638
<parameterlocations></parameterlocations>
639
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
640
<displayname>Anonymous Access</displayname>
641
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
642
</attackmodulepolicy>
643
<attackmodulepolicy>
644
<enabled>1</enabled>
645
<moduleid>59597A25A9504D5AAD20B74A4DCCABB7</moduleid>
646
<modulepriority>High</modulepriority>
647
<severity>High</severity>
648
<maxvulnlimit>100</maxvulnlimit>
649
<maxperwebsitevulnlimit>25</maxperwebsitevulnlimit>
650
<maxvariancelimit>3</maxvariancelimit>
651
<passiveanalysisonattacks>0</passiveanalysisonattacks>
652
<enforceencoding>0</enforceencoding>
653
<applypolicyseverity>0</applypolicyseverity>
654
<attackpoints>Directory|File|Web Resource|Parameter</attackpoints>
655
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
656
</parameterlocations>
657
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
658
<displayname>Apache Struts 2 Framework Checks</displayname>
659
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
660
</attackmodulepolicy>
661
<attackmodulepolicy>
662
<enabled>1</enabled>
663
<moduleid>9F6600FB2E7840E48B156790FEFAC10A</moduleid>
664
<modulepriority>High</modulepriority>
665
<severity>Informational</severity>
666
<maxvulnlimit>100</maxvulnlimit>
667
<maxperwebsitevulnlimit>25</maxperwebsitevulnlimit>
668
<maxvariancelimit>3</maxvariancelimit>
669
<passiveanalysisonattacks>1</passiveanalysisonattacks>
670
<enforceencoding>0</enforceencoding>
671
<applypolicyseverity>0</applypolicyseverity>
672
<attackpoints>Response Analysis</attackpoints>
673
<parameterlocations></parameterlocations>
674
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
675
<displayname>Apache Struts Detection</displayname>
676
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
677
</attackmodulepolicy>
678
<attackmodulepolicy>
679
<enabled>1</enabled>
680
<moduleid>929E08F60E084936B12C984ED0F5F47C</moduleid>
681
<modulepriority>High</modulepriority>
682
<severity>High</severity>
683
<maxvulnlimit>100</maxvulnlimit>
684
<maxperwebsitevulnlimit>25</maxperwebsitevulnlimit>
685
<maxvariancelimit>4</maxvariancelimit>
686
<passiveanalysisonattacks>0</passiveanalysisonattacks>
687
<enforceencoding>0</enforceencoding>
688
<applypolicyseverity>0</applypolicyseverity>
689
<attackpoints>Parameter</attackpoints>
690
<parameterlocations>Post</parameterlocations>
691
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
692
<displayname>Arbitrary File Upload</displayname>
693
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
694
</attackmodulepolicy>
695
<attackmodulepolicy>
696
<enabled>1</enabled>
697
<moduleid>719FF94DEF014D29B16234909941E48E</moduleid>
698
<modulepriority>Medium</modulepriority>
699
<severity>Low</severity>
700
<maxvulnlimit>25</maxvulnlimit>
701
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
702
<maxvariancelimit>2</maxvariancelimit>
703
<passiveanalysisonattacks>0</passiveanalysisonattacks>
704
<enforceencoding>0</enforceencoding>
705
<applypolicyseverity>0</applypolicyseverity>
706
<attackpoints>Directory</attackpoints>
707
<parameterlocations></parameterlocations>
708
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
709
<displayname>ASP.NET Misconfiguration</displayname>
710
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
711
</attackmodulepolicy>
712
<attackmodulepolicy>
713
<enabled>1</enabled>
714
<moduleid>B7CEE386C7C64618A510F3F8FED5400B</moduleid>
715
<modulepriority>Medium</modulepriority>
716
<severity>High</severity>
717
<maxvulnlimit>25</maxvulnlimit>
718
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
719
<maxvariancelimit>4</maxvariancelimit>
720
<passiveanalysisonattacks>0</passiveanalysisonattacks>
721
<enforceencoding>0</enforceencoding>
722
<applypolicyseverity>0</applypolicyseverity>
723
<attackpoints>Parameter</attackpoints>
724
<parameterlocations>Post|Cookie</parameterlocations>
725
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
726
<displayname>ASP.NET Serialization</displayname>
727
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
728
</attackmodulepolicy>
729
<attackmodulepolicy>
730
<enabled>1</enabled>
731
<moduleid>865E5CE0E5144D3E899B825EC8603969</moduleid>
732
<modulepriority>Medium</modulepriority>
733
<severity>Low</severity>
734
<maxvulnlimit>200</maxvulnlimit>
735
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
736
<maxvariancelimit>2</maxvariancelimit>
737
<passiveanalysisonattacks>0</passiveanalysisonattacks>
738
<enforceencoding>0</enforceencoding>
739
<applypolicyseverity>0</applypolicyseverity>
740
<attackpoints>Response Analysis</attackpoints>
741
<parameterlocations></parameterlocations>
742
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
743
<displayname>Autocomplete attribute</displayname>
744
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
745
</attackmodulepolicy>
746
<attackmodulepolicy>
747
<enabled>1</enabled>
748
<moduleid>38354857D10048B68A34CD2E3EBC3B52</moduleid>
749
<modulepriority>High</modulepriority>
750
<severity>High</severity>
751
<maxvulnlimit>75</maxvulnlimit>
752
<maxperwebsitevulnlimit>25</maxperwebsitevulnlimit>
753
<maxvariancelimit>4</maxvariancelimit>
754
<passiveanalysisonattacks>0</passiveanalysisonattacks>
755
<enforceencoding>0</enforceencoding>
756
<applypolicyseverity>0</applypolicyseverity>
757
<attackpoints>Parameter</attackpoints>
758
<parameterlocations>Query|Post</parameterlocations>
759
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
760
<displayname>Blind LDAP Injection</displayname>
761
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
762
</attackmodulepolicy>
763
<attackmodulepolicy>
764
<enabled>1</enabled>
765
<moduleid>13B4C758BA174200885A29CBA7346165</moduleid>
766
<modulepriority>Medium</modulepriority>
767
<severity>Informational</severity>
768
<maxvulnlimit>100</maxvulnlimit>
769
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
770
<maxvariancelimit>1</maxvariancelimit>
771
<passiveanalysisonattacks>0</passiveanalysisonattacks>
772
<enforceencoding>0</enforceencoding>
773
<applypolicyseverity>0</applypolicyseverity>
774
<attackpoints>Response Analysis</attackpoints>
775
<parameterlocations></parameterlocations>
776
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
777
<displayname>Browser Cache directive (web application performance)</displayname>
778
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
779
</attackmodulepolicy>
780
<attackmodulepolicy>
781
<enabled>1</enabled>
782
<moduleid>E33B272027B844D5BBB8EDE541983474</moduleid>
783
<modulepriority>Medium</modulepriority>
784
<severity>Low</severity>
785
<maxvulnlimit>150</maxvulnlimit>
786
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
787
<maxvariancelimit>4</maxvariancelimit>
788
<passiveanalysisonattacks>0</passiveanalysisonattacks>
789
<enforceencoding>0</enforceencoding>
790
<applypolicyseverity>0</applypolicyseverity>
791
<attackpoints>Response Analysis</attackpoints>
792
<parameterlocations></parameterlocations>
793
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
794
<displayname>Browser Cache directive (leaking sensitive information)</displayname>
795
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
796
</attackmodulepolicy>
797
<attackmodulepolicy>
798
<enabled>1</enabled>
799
<moduleid>A8091DB7769C49ED9E844B9F19529AC1</moduleid>
800
<modulepriority>High</modulepriority>
801
<severity>High</severity>
802
<maxvulnlimit>5</maxvulnlimit>
803
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
804
<maxvariancelimit>2</maxvariancelimit>
805
<passiveanalysisonattacks>0</passiveanalysisonattacks>
806
<enforceencoding>0</enforceencoding>
807
<applypolicyseverity>0</applypolicyseverity>
808
<attackpoints>Web Resource</attackpoints>
809
<parameterlocations></parameterlocations>
810
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
811
<displayname>Brute Force (HTTP Auth)</displayname>
812
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
813
</attackmodulepolicy>
814
<attackmodulepolicy>
815
<enabled>1</enabled>
816
<moduleid>7F61DDD522C5439B9EAB4FC17B2F47AA</moduleid>
817
<modulepriority>High</modulepriority>
818
<severity>High</severity>
819
<maxvulnlimit>5</maxvulnlimit>
820
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
821
<maxvariancelimit>2</maxvariancelimit>
822
<passiveanalysisonattacks>0</passiveanalysisonattacks>
823
<enforceencoding>0</enforceencoding>
824
<applypolicyseverity>0</applypolicyseverity>
825
<attackpoints>Parameter</attackpoints>
826
<parameterlocations>Query|Post</parameterlocations>
827
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
828
<displayname>Brute Force (Form Auth)</displayname>
829
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
830
</attackmodulepolicy>
831
<attackmodulepolicy>
832
<enabled>1</enabled>
833
<moduleid>22E85EEA6883403982D8C298AEBC935A</moduleid>
834
<modulepriority>High</modulepriority>
835
<severity>High</severity>
836
<maxvulnlimit>250</maxvulnlimit>
837
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
838
<maxvariancelimit>4</maxvariancelimit>
839
<passiveanalysisonattacks>0</passiveanalysisonattacks>
840
<enforceencoding>0</enforceencoding>
841
<applypolicyseverity>0</applypolicyseverity>
842
<attackpoints>Parameter</attackpoints>
843
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
844
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
845
<displayname>Blind SQL</displayname>
846
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
847
</attackmodulepolicy>
848
<attackmodulepolicy>
849
<enabled>1</enabled>
850
<moduleid>FD1C760270CE493D92F50C347C79218F</moduleid>
851
<modulepriority>Low</modulepriority>
852
<severity>Low</severity>
853
<maxvulnlimit>100</maxvulnlimit>
854
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
855
<maxvariancelimit>4</maxvariancelimit>
856
<passiveanalysisonattacks>0</passiveanalysisonattacks>
857
<enforceencoding>0</enforceencoding>
858
<applypolicyseverity>0</applypolicyseverity>
859
<attackpoints>Directory</attackpoints>
860
<parameterlocations></parameterlocations>
861
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
862
<displayname>Clients Cross-Domain Policy Files</displayname>
863
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
864
</attackmodulepolicy>
865
<attackmodulepolicy>
866
<enabled>1</enabled>
867
<moduleid>A41D5AC842594BF086E9A96DD3353333</moduleid>
868
<modulepriority>Low</modulepriority>
869
<severity>Informational</severity>
870
<maxvulnlimit>100</maxvulnlimit>
871
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
872
<maxvariancelimit>4</maxvariancelimit>
873
<passiveanalysisonattacks>0</passiveanalysisonattacks>
874
<enforceencoding>0</enforceencoding>
875
<applypolicyseverity>0</applypolicyseverity>
876
<attackpoints>Response Analysis</attackpoints>
877
<parameterlocations></parameterlocations>
878
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
879
<displayname>Information Disclosure in comments</displayname>
880
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
881
</attackmodulepolicy>
882
<attackmodulepolicy>
883
<enabled>1</enabled>
884
<moduleid>BBFCB66779ED4E7292C08F19E9BB45DF</moduleid>
885
<modulepriority>Medium</modulepriority>
886
<severity>Low</severity>
887
<maxvulnlimit>50</maxvulnlimit>
888
<maxperwebsitevulnlimit>20</maxperwebsitevulnlimit>
889
<maxvariancelimit>10</maxvariancelimit>
890
<passiveanalysisonattacks>0</passiveanalysisonattacks>
891
<enforceencoding>0</enforceencoding>
892
<applypolicyseverity>0</applypolicyseverity>
893
<attackpoints>Response Analysis</attackpoints>
894
<parameterlocations></parameterlocations>
895
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
896
<displayname>Cookie attributes</displayname>
897
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
898
</attackmodulepolicy>
899
<attackmodulepolicy>
900
<enabled>1</enabled>
901
<moduleid>2227AE47A2AA40A6B6B1328AC13A6F0C</moduleid>
902
<modulepriority>Low</modulepriority>
903
<severity>Low</severity>
904
<maxvulnlimit>100</maxvulnlimit>
905
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
906
<maxvariancelimit>5</maxvariancelimit>
907
<passiveanalysisonattacks>0</passiveanalysisonattacks>
908
<enforceencoding>0</enforceencoding>
909
<applypolicyseverity>0</applypolicyseverity>
910
<attackpoints>Web Resource|Response Analysis</attackpoints>
911
<parameterlocations></parameterlocations>
912
<requestoriginations>AJAX</requestoriginations>
913
<displayname>Cross Origin Resources Sharing (CORS)</displayname>
914
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
915
</attackmodulepolicy>
916
<attackmodulepolicy>
917
<enabled>1</enabled>
918
<moduleid>F8A0814584594965B0AF68B4E190F566</moduleid>
919
<modulepriority>Low</modulepriority>
920
<severity>Medium</severity>
921
<maxvulnlimit>25</maxvulnlimit>
922
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
923
<maxvariancelimit>2</maxvariancelimit>
924
<passiveanalysisonattacks>0</passiveanalysisonattacks>
925
<enforceencoding>0</enforceencoding>
926
<applypolicyseverity>0</applypolicyseverity>
927
<attackpoints>Response Analysis</attackpoints>
928
<parameterlocations></parameterlocations>
929
<requestoriginations>HTML|Form|Silverlight|RecrawlTraffic</requestoriginations>
930
<displayname>Credentials over an insecure channel</displayname>
931
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
932
</attackmodulepolicy>
933
<attackmodulepolicy>
934
<enabled>1</enabled>
935
<moduleid>C35E7D79DD6F4DA489BBF6BC1D9D012B</moduleid>
936
<modulepriority>Medium</modulepriority>
937
<severity>Informational</severity>
938
<maxvulnlimit>100</maxvulnlimit>
939
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
940
<maxvariancelimit>4</maxvariancelimit>
941
<passiveanalysisonattacks>0</passiveanalysisonattacks>
942
<enforceencoding>0</enforceencoding>
943
<applypolicyseverity>0</applypolicyseverity>
944
<attackpoints>Response Analysis</attackpoints>
945
<parameterlocations></parameterlocations>
946
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
947
<displayname>Content Security Policy Header</displayname>
948
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
949
</attackmodulepolicy>
950
<attackmodulepolicy>
951
<enabled>1</enabled>
952
<moduleid>81C9D7ED0E33447899D5CD20B978617B</moduleid>
953
<modulepriority>Low</modulepriority>
954
<severity>Low</severity>
955
<maxvulnlimit>250</maxvulnlimit>
956
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
957
<maxvariancelimit>2</maxvariancelimit>
958
<passiveanalysisonattacks>0</passiveanalysisonattacks>
959
<enforceencoding>0</enforceencoding>
960
<applypolicyseverity>0</applypolicyseverity>
961
<attackpoints>Web Resource</attackpoints>
962
<parameterlocations></parameterlocations>
963
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
964
<displayname>Cross-Site Request Forgery (CSRF)</displayname>
965
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
966
</attackmodulepolicy>
967
<attackmodulepolicy>
968
<enabled>0</enabled>
969
<moduleid>3A586D24C653446196BAAC345FDE8C53</moduleid>
970
<modulepriority>Medium</modulepriority>
971
<severity>Informational</severity>
972
<maxvulnlimit>20</maxvulnlimit>
973
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
974
<maxvariancelimit>1</maxvariancelimit>
975
<passiveanalysisonattacks>0</passiveanalysisonattacks>
976
<enforceencoding>0</enforceencoding>
977
<applypolicyseverity>0</applypolicyseverity>
978
<attackpoints>Directory</attackpoints>
979
<parameterlocations></parameterlocations>
980
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
981
<displayname>Custom Directory Module</displayname>
982
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
983
</attackmodulepolicy>
984
<attackmodulepolicy>
985
<enabled>0</enabled>
986
<moduleid>EE998B281CE840948E90BF2D61E4C5F9</moduleid>
987
<modulepriority>Medium</modulepriority>
988
<severity>Informational</severity>
989
<maxvulnlimit>20</maxvulnlimit>
990
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
991
<maxvariancelimit>1</maxvariancelimit>
992
<passiveanalysisonattacks>0</passiveanalysisonattacks>
993
<enforceencoding>0</enforceencoding>
994
<applypolicyseverity>0</applypolicyseverity>
995
<attackpoints>Parameter</attackpoints>
996
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
997
</parameterlocations>
998
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
999
<displayname>Custom Parameter Module</displayname>
1000
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1001
</attackmodulepolicy>
1002
<attackmodulepolicy>
1003
<enabled>0</enabled>
1004
<moduleid>1DE8C004C53D4B89A41E6B98DC6FD3B4</moduleid>
1005
<modulepriority>Medium</modulepriority>
1006
<severity>Informational</severity>
1007
<maxvulnlimit>20</maxvulnlimit>
1008
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1009
<maxvariancelimit>1</maxvariancelimit>
1010
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1011
<enforceencoding>0</enforceencoding>
1012
<applypolicyseverity>0</applypolicyseverity>
1013
<attackpoints>Response Analysis</attackpoints>
1014
<parameterlocations></parameterlocations>
1015
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1016
<displayname>Custom Passive Module</displayname>
1017
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1018
</attackmodulepolicy>
1019
<attackmodulepolicy>
1020
<enabled>1</enabled>
1021
<moduleid>2CE90A403F704F80961E381BE19CCA2F</moduleid>
1022
<modulepriority>Medium</modulepriority>
1023
<severity>Low</severity>
1024
<maxvulnlimit>250</maxvulnlimit>
1025
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1026
<maxvariancelimit>1</maxvariancelimit>
1027
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1028
<enforceencoding>0</enforceencoding>
1029
<applypolicyseverity>0</applypolicyseverity>
1030
<attackpoints>Directory</attackpoints>
1031
<parameterlocations></parameterlocations>
1032
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1033
<displayname>Directory Indexing</displayname>
1034
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1035
</attackmodulepolicy>
1036
<attackmodulepolicy>
1037
<enabled>1</enabled>
1038
<moduleid>240EBB4A72024BA585833EB1F1AB4EC0</moduleid>
1039
<modulepriority>Low</modulepriority>
1040
<severity>Informational</severity>
1041
<maxvulnlimit>150</maxvulnlimit>
1042
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1043
<maxvariancelimit>4</maxvariancelimit>
1044
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1045
<enforceencoding>0</enforceencoding>
1046
<applypolicyseverity>0</applypolicyseverity>
1047
<attackpoints>Response Analysis</attackpoints>
1048
<parameterlocations></parameterlocations>
1049
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1050
<displayname>Email Disclosure</displayname>
1051
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1052
</attackmodulepolicy>
1053
<attackmodulepolicy>
1054
<enabled>1</enabled>
1055
<moduleid>9B62D146FF00456388F9822A76F95841</moduleid>
1056
<modulepriority>High</modulepriority>
1057
<severity>High</severity>
1058
<maxvulnlimit>100</maxvulnlimit>
1059
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1060
<maxvariancelimit>4</maxvariancelimit>
1061
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1062
<enforceencoding>0</enforceencoding>
1063
<applypolicyseverity>0</applypolicyseverity>
1064
<attackpoints>Parameter</attackpoints>
1065
<parameterlocations>Path|Query|Post</parameterlocations>
1066
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1067
<displayname>Expression Language Injection</displayname>
1068
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1069
</attackmodulepolicy>
1070
<attackmodulepolicy>
1071
<enabled>1</enabled>
1072
<moduleid>D07D5C8EF8664392A0CC1509A6DE5940</moduleid>
1073
<modulepriority>Low</modulepriority>
1074
<severity>Low</severity>
1075
<maxvulnlimit>100</maxvulnlimit>
1076
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1077
<maxvariancelimit>2</maxvariancelimit>
1078
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1079
<enforceencoding>0</enforceencoding>
1080
<applypolicyseverity>0</applypolicyseverity>
1081
<attackpoints>Parameter</attackpoints>
1082
<parameterlocations>Directory|Path|Query|Post|Cookie</parameterlocations>
1083
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1084
<displayname>Forced Browsing</displayname>
1085
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1086
</attackmodulepolicy>
1087
<attackmodulepolicy>
1088
<enabled>1</enabled>
1089
<moduleid>FD28B5D41E064D37B5543CE22BBC6306</moduleid>
1090
<modulepriority>Medium</modulepriority>
1091
<severity>Low</severity>
1092
<maxvulnlimit>200</maxvulnlimit>
1093
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1094
<maxvariancelimit>2</maxvariancelimit>
1095
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1096
<enforceencoding>0</enforceencoding>
1097
<applypolicyseverity>0</applypolicyseverity>
1098
<attackpoints>Response Analysis</attackpoints>
1099
<parameterlocations></parameterlocations>
1100
<requestoriginations>HTML|Form|Silverlight|RecrawlTraffic</requestoriginations>
1101
<displayname>Sensitive Data Exposure</displayname>
1102
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1103
</attackmodulepolicy>
1104
<attackmodulepolicy>
1105
<enabled>1</enabled>
1106
<moduleid>7B61BD81D278490C9B1A7B0568E94E30</moduleid>
1107
<modulepriority>High</modulepriority>
1108
<severity>Low</severity>
1109
<maxvulnlimit>5</maxvulnlimit>
1110
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
1111
<maxvariancelimit>4</maxvariancelimit>
1112
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1113
<enforceencoding>0</enforceencoding>
1114
<applypolicyseverity>0</applypolicyseverity>
1115
<attackpoints>Web Resource</attackpoints>
1116
<parameterlocations></parameterlocations>
1117
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1118
<displayname>Form Session Strength</displayname>
1119
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1120
</attackmodulepolicy>
1121
<attackmodulepolicy>
1122
<enabled>1</enabled>
1123
<moduleid>5032DAF0D8FE4294B23F0D1DAA4C0337</moduleid>
1124
<modulepriority>High</modulepriority>
1125
<severity>High</severity>
1126
<maxvulnlimit>25</maxvulnlimit>
1127
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1128
<maxvariancelimit>50</maxvariancelimit>
1129
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1130
<enforceencoding>0</enforceencoding>
1131
<applypolicyseverity>0</applypolicyseverity>
1132
<attackpoints>Web Site</attackpoints>
1133
<parameterlocations></parameterlocations>
1134
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1135
<displayname>FrontPage Checks</displayname>
1136
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1137
</attackmodulepolicy>
1138
<attackmodulepolicy>
1139
<enabled>1</enabled>
1140
<moduleid>748E90FC47AB4B438C3A49660989B44A</moduleid>
1141
<modulepriority>High</modulepriority>
1142
<severity>High</severity>
1143
<maxvulnlimit>25</maxvulnlimit>
1144
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1145
<maxvariancelimit>1</maxvariancelimit>
1146
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1147
<enforceencoding>0</enforceencoding>
1148
<applypolicyseverity>0</applypolicyseverity>
1149
<attackpoints>Web Site</attackpoints>
1150
<parameterlocations></parameterlocations>
1151
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1152
<displayname>Heartbleed Check</displayname>
1153
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1154
</attackmodulepolicy>
1155
<attackmodulepolicy>
1156
<enabled>1</enabled>
1157
<moduleid>EBEE6CA2515F4FBEB8B7EC0197C5A74F</moduleid>
1158
<modulepriority>Low</modulepriority>
1159
<severity>Informational</severity>
1160
<maxvulnlimit>20</maxvulnlimit>
1161
<maxperwebsitevulnlimit>4</maxperwebsitevulnlimit>
1162
<maxvariancelimit>1</maxvariancelimit>
1163
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1164
<enforceencoding>0</enforceencoding>
1165
<applypolicyseverity>0</applypolicyseverity>
1166
<attackpoints>Response Analysis</attackpoints>
1167
<parameterlocations></parameterlocations>
1168
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1169
<displayname>HTTP Strict Transport Security</displayname>
1170
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1171
</attackmodulepolicy>
1172
<attackmodulepolicy>
1173
<enabled>1</enabled>
1174
<moduleid>F25AF6387E8A429F8E664F31E2974054</moduleid>
1175
<modulepriority>Low</modulepriority>
1176
<severity>Low</severity>
1177
<maxvulnlimit>20</maxvulnlimit>
1178
<maxperwebsitevulnlimit>5</maxperwebsitevulnlimit>
1179
<maxvariancelimit>4</maxvariancelimit>
1180
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1181
<enforceencoding>0</enforceencoding>
1182
<applypolicyseverity>0</applypolicyseverity>
1183
<attackpoints>Response Analysis</attackpoints>
1184
<parameterlocations></parameterlocations>
1185
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1186
<displayname>HTTP Authentication over insecure channel</displayname>
1187
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1188
</attackmodulepolicy>
1189
<attackmodulepolicy>
1190
<enabled>1</enabled>
1191
<moduleid>60B0D57597EF4542A15FCB8D907669B0</moduleid>
1192
<modulepriority>Low</modulepriority>
1193
<severity>Low</severity>
1194
<maxvulnlimit>200</maxvulnlimit>
1195
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1196
<maxvariancelimit>1</maxvariancelimit>
1197
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1198
<enforceencoding>0</enforceencoding>
1199
<applypolicyseverity>0</applypolicyseverity>
1200
<attackpoints>Web Resource</attackpoints>
1201
<parameterlocations></parameterlocations>
1202
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1203
<displayname>HTTPS Downgrade</displayname>
1204
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1205
</attackmodulepolicy>
1206
<attackmodulepolicy>
1207
<enabled>1</enabled>
1208
<moduleid>55D76EB20CE54C01856E43223232E3DD</moduleid>
1209
<modulepriority>Medium</modulepriority>
1210
<severity>Informational</severity>
1211
<maxvulnlimit>200</maxvulnlimit>
1212
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1213
<maxvariancelimit>4</maxvariancelimit>
1214
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1215
<enforceencoding>0</enforceencoding>
1216
<applypolicyseverity>0</applypolicyseverity>
1217
<attackpoints>Response Analysis</attackpoints>
1218
<parameterlocations></parameterlocations>
1219
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1220
<displayname>HTTP Headers</displayname>
1221
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1222
</attackmodulepolicy>
1223
<attackmodulepolicy>
1224
<enabled>1</enabled>
1225
<moduleid>DE08B6DDD872440E91347969D514CFD6</moduleid>
1226
<modulepriority>High</modulepriority>
1227
<severity>High</severity>
1228
<maxvulnlimit>200</maxvulnlimit>
1229
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1230
<maxvariancelimit>4</maxvariancelimit>
1231
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1232
<enforceencoding>0</enforceencoding>
1233
<applypolicyseverity>0</applypolicyseverity>
1234
<attackpoints>Parameter</attackpoints>
1235
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1236
</parameterlocations>
1237
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1238
<displayname>HTTP Response Splitting</displayname>
1239
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1240
</attackmodulepolicy>
1241
<attackmodulepolicy>
1242
<enabled>1</enabled>
1243
<moduleid>1712CD453B074C78A8A561E0ED66DD1F</moduleid>
1244
<modulepriority>Low</modulepriority>
1245
<severity>Low</severity>
1246
<maxvulnlimit>200</maxvulnlimit>
1247
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1248
<maxvariancelimit>1</maxvariancelimit>
1249
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1250
<enforceencoding>0</enforceencoding>
1251
<applypolicyseverity>0</applypolicyseverity>
1252
<attackpoints>Web Site|Web Resource|Response Analysis</attackpoints>
1253
<parameterlocations></parameterlocations>
1254
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1255
<displayname>HTTPS Everywhere</displayname>
1256
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1257
</attackmodulepolicy>
1258
<attackmodulepolicy>
1259
<enabled>1</enabled>
1260
<moduleid>881B35A841414BBAA05084A2A8CE7904</moduleid>
1261
<modulepriority>Low</modulepriority>
1262
<severity>Informational</severity>
1263
<maxvulnlimit>20</maxvulnlimit>
1264
<maxperwebsitevulnlimit>4</maxperwebsitevulnlimit>
1265
<maxvariancelimit>1</maxvariancelimit>
1266
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1267
<enforceencoding>0</enforceencoding>
1268
<applypolicyseverity>0</applypolicyseverity>
1269
<attackpoints>Web Resource</attackpoints>
1270
<parameterlocations></parameterlocations>
1271
<requestoriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</requestoriginations>
1272
<displayname>HTTP User-Agent Check</displayname>
1273
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1274
</attackmodulepolicy>
1275
<attackmodulepolicy>
1276
<enabled>1</enabled>
1277
<moduleid>6A609D0096124619842EE23FA7C989B5</moduleid>
1278
<modulepriority>Low</modulepriority>
1279
<severity>Informational</severity>
1280
<maxvulnlimit>500</maxvulnlimit>
1281
<maxperwebsitevulnlimit>250</maxperwebsitevulnlimit>
1282
<maxvariancelimit>4</maxvariancelimit>
1283
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1284
<enforceencoding>0</enforceencoding>
1285
<applypolicyseverity>0</applypolicyseverity>
1286
<attackpoints>Response Analysis</attackpoints>
1287
<parameterlocations></parameterlocations>
1288
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1289
<displayname>Information Disclosure in response</displayname>
1290
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1291
</attackmodulepolicy>
1292
<attackmodulepolicy>
1293
<enabled>1</enabled>
1294
<moduleid>E617D008F7534C808064D2B1A4BFE81A</moduleid>
1295
<modulepriority>High</modulepriority>
1296
<severity>Low</severity>
1297
<maxvulnlimit>500</maxvulnlimit>
1298
<maxperwebsitevulnlimit>250</maxperwebsitevulnlimit>
1299
<maxvariancelimit>4</maxvariancelimit>
1300
<passiveanalysisonattacks>1</passiveanalysisonattacks>
1301
<enforceencoding>0</enforceencoding>
1302
<applypolicyseverity>0</applypolicyseverity>
1303
<attackpoints>Response Analysis</attackpoints>
1304
<parameterlocations></parameterlocations>
1305
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1306
<displayname>Information Leakage in responses</displayname>
1307
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1308
</attackmodulepolicy>
1309
<attackmodulepolicy>
1310
<enabled>1</enabled>
1311
<moduleid>B86A3A67D710456898A9009DBF6A4989</moduleid>
1312
<modulepriority>Low</modulepriority>
1313
<severity>Low</severity>
1314
<maxvulnlimit>100</maxvulnlimit>
1315
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1316
<maxvariancelimit>4</maxvariancelimit>
1317
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1318
<enforceencoding>0</enforceencoding>
1319
<applypolicyseverity>0</applypolicyseverity>
1320
<attackpoints>Web Resource</attackpoints>
1321
<parameterlocations></parameterlocations>
1322
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1323
<displayname>Java Grinder</displayname>
1324
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1325
</attackmodulepolicy>
1326
<attackmodulepolicy>
1327
<enabled>1</enabled>
1328
<moduleid>F10ACEB0A6804D0F93516428E64B46FD</moduleid>
1329
<modulepriority>Low</modulepriority>
1330
<severity>Informational</severity>
1331
<maxvulnlimit>100</maxvulnlimit>
1332
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
1333
<maxvariancelimit>4</maxvariancelimit>
1334
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1335
<enforceencoding>0</enforceencoding>
1336
<applypolicyseverity>0</applypolicyseverity>
1337
<attackpoints>Response Analysis</attackpoints>
1338
<parameterlocations></parameterlocations>
1339
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</requestoriginations>
1340
<displayname>JavaScript Memory Leaks</displayname>
1341
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1342
</attackmodulepolicy>
1343
<attackmodulepolicy>
1344
<enabled>1</enabled>
1345
<moduleid>B7FD0D454CB246AC85A29AF53C27157F</moduleid>
1346
<modulepriority>High</modulepriority>
1347
<severity>High</severity>
1348
<maxvulnlimit>100</maxvulnlimit>
1349
<maxperwebsitevulnlimit>25</maxperwebsitevulnlimit>
1350
<maxvariancelimit>4</maxvariancelimit>
1351
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1352
<enforceencoding>0</enforceencoding>
1353
<applypolicyseverity>0</applypolicyseverity>
1354
<attackpoints>Parameter</attackpoints>
1355
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
1356
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1357
<displayname>LDAP Injection</displayname>
1358
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1359
</attackmodulepolicy>
1360
<attackmodulepolicy>
1361
<enabled>1</enabled>
1362
<moduleid>FCD9A41AD39247C0B45A8D42FF7A4E5E</moduleid>
1363
<modulepriority>High</modulepriority>
1364
<severity>Informational</severity>
1365
<maxvulnlimit>250</maxvulnlimit>
1366
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1367
<maxvariancelimit>4</maxvariancelimit>
1368
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1369
<enforceencoding>0</enforceencoding>
1370
<applypolicyseverity>0</applypolicyseverity>
1371
<attackpoints>Response Analysis</attackpoints>
1372
<parameterlocations></parameterlocations>
1373
<requestoriginations>HTML|Form|AJAX|RecrawlTraffic</requestoriginations>
1374
<displayname>Local Storage Usage</displayname>
1375
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1376
</attackmodulepolicy>
1377
<attackmodulepolicy>
1378
<enabled>1</enabled>
1379
<moduleid>466E4CC294D94A11AFD50FD01D56261F</moduleid>
1380
<modulepriority>Medium</modulepriority>
1381
<severity>Low</severity>
1382
<maxvulnlimit>100</maxvulnlimit>
1383
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1384
<maxvariancelimit>4</maxvariancelimit>
1385
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1386
<enforceencoding>0</enforceencoding>
1387
<applypolicyseverity>0</applypolicyseverity>
1388
<attackpoints>Parameter|Response Analysis</attackpoints>
1389
<parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations>
1390
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1391
<displayname>Business logic abuse attacks</displayname>
1392
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1393
</attackmodulepolicy>
1394
<attackmodulepolicy>
1395
<enabled>1</enabled>
1396
<moduleid>7D06B46D915644E9870F4A6B903FC09F</moduleid>
1397
<modulepriority>High</modulepriority>
1398
<severity>High</severity>
1399
<maxvulnlimit>10</maxvulnlimit>
1400
<maxperwebsitevulnlimit>1</maxperwebsitevulnlimit>
1401
<maxvariancelimit>1</maxvariancelimit>
1402
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1403
<enforceencoding>0</enforceencoding>
1404
<applypolicyseverity>0</applypolicyseverity>
1405
<attackpoints>Parameter</attackpoints>
1406
<parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations>
1407
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1408
<displayname>Nginx NULL code</displayname>
1409
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1410
</attackmodulepolicy>
1411
<attackmodulepolicy>
1412
<enabled>1</enabled>
1413
<moduleid>0DB5A1594A064363BA729F5E8E50B04B</moduleid>
1414
<modulepriority>High</modulepriority>
1415
<severity>High</severity>
1416
<maxvulnlimit>500</maxvulnlimit>
1417
<maxperwebsitevulnlimit>200</maxperwebsitevulnlimit>
1418
<maxvariancelimit>4</maxvariancelimit>
1419
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1420
<enforceencoding>0</enforceencoding>
1421
<applypolicyseverity>0</applypolicyseverity>
1422
<attackpoints>Parameter</attackpoints>
1423
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
1424
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1425
<displayname>NoSQLi Injection</displayname>
1426
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1427
</attackmodulepolicy>
1428
<attackmodulepolicy>
1429
<enabled>1</enabled>
1430
<moduleid>A00A59F53CEF42AA9320B6CF5E78CA26</moduleid>
1431
<modulepriority>High</modulepriority>
1432
<severity>High</severity>
1433
<maxvulnlimit>250</maxvulnlimit>
1434
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1435
<maxvariancelimit>4</maxvariancelimit>
1436
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1437
<enforceencoding>0</enforceencoding>
1438
<applypolicyseverity>0</applypolicyseverity>
1439
<attackpoints>Parameter</attackpoints>
1440
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
1441
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1442
<displayname>Blind NoSQLi</displayname>
1443
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1444
</attackmodulepolicy>
1445
<attackmodulepolicy>
1446
<enabled>1</enabled>
1447
<moduleid>99E5E4DD1B734047B95402FB7C76BEC3</moduleid>
1448
<modulepriority>Medium</modulepriority>
1449
<severity>High</severity>
1450
<maxvulnlimit>200</maxvulnlimit>
1451
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1452
<maxvariancelimit>4</maxvariancelimit>
1453
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1454
<enforceencoding>0</enforceencoding>
1455
<applypolicyseverity>0</applypolicyseverity>
1456
<attackpoints>Parameter</attackpoints>
1457
<parameterlocations>File|Path|Query|Post</parameterlocations>
1458
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1459
<displayname>OS Commanding</displayname>
1460
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1461
</attackmodulepolicy>
1462
<attackmodulepolicy>
1463
<enabled>1</enabled>
1464
<moduleid>2934BC76771C4016BD3524B432CEBCA8</moduleid>
1465
<modulepriority>High</modulepriority>
1466
<severity>High</severity>
1467
<maxvulnlimit>250</maxvulnlimit>
1468
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1469
<maxvariancelimit>5</maxvariancelimit>
1470
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1471
<enforceencoding>0</enforceencoding>
1472
<applypolicyseverity>0</applypolicyseverity>
1473
<attackpoints>Parameter</attackpoints>
1474
<parameterlocations>Query|Post</parameterlocations>
1475
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1476
<displayname>Out of Band Stored Cross-site scripting (XSS)</displayname>
1477
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1478
</attackmodulepolicy>
1479
<attackmodulepolicy>
1480
<enabled>1</enabled>
1481
<moduleid>A62D1481CB394632B06C0C54FCDD0579</moduleid>
1482
<modulepriority>High</modulepriority>
1483
<severity>Medium</severity>
1484
<maxvulnlimit>250</maxvulnlimit>
1485
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1486
<maxvariancelimit>5</maxvariancelimit>
1487
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1488
<enforceencoding>0</enforceencoding>
1489
<applypolicyseverity>0</applypolicyseverity>
1490
<attackpoints>Parameter</attackpoints>
1491
<parameterlocations>Query|Post</parameterlocations>
1492
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1493
<displayname>Out of Band Cross-site scripting (XSS)</displayname>
1494
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1495
</attackmodulepolicy>
1496
<attackmodulepolicy>
1497
<enabled>1</enabled>
1498
<moduleid>A8AB603EABC04875A5B2320CF6990C24</moduleid>
1499
<modulepriority>High</modulepriority>
1500
<severity>Medium</severity>
1501
<maxvulnlimit>500</maxvulnlimit>
1502
<maxperwebsitevulnlimit>250</maxperwebsitevulnlimit>
1503
<maxvariancelimit>4</maxvariancelimit>
1504
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1505
<enforceencoding>0</enforceencoding>
1506
<applypolicyseverity>0</applypolicyseverity>
1507
<attackpoints>Parameter</attackpoints>
1508
<parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations>
1509
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1510
<displayname>Parameter Fuzzing</displayname>
1511
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1512
</attackmodulepolicy>
1513
<attackmodulepolicy>
1514
<enabled>1</enabled>
1515
<moduleid>FAC53175FF1E4478AA6D3E2DD4D66B6D</moduleid>
1516
<modulepriority>High</modulepriority>
1517
<severity>Low</severity>
1518
<maxvulnlimit>10</maxvulnlimit>
1519
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
1520
<maxvariancelimit>2</maxvariancelimit>
1521
<passiveanalysisonattacks>1</passiveanalysisonattacks>
1522
<enforceencoding>0</enforceencoding>
1523
<applypolicyseverity>0</applypolicyseverity>
1524
<attackpoints>Response Analysis</attackpoints>
1525
<parameterlocations></parameterlocations>
1526
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1527
<displayname>Credentials stored in clear text in a cookie.</displayname>
1528
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1529
</attackmodulepolicy>
1530
<attackmodulepolicy>
1531
<enabled>1</enabled>
1532
<moduleid>243C315A46A14C92A2717A29A4290167</moduleid>
1533
<modulepriority>Medium</modulepriority>
1534
<severity>Informational</severity>
1535
<maxvulnlimit>200</maxvulnlimit>
1536
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1537
<maxvariancelimit>10</maxvariancelimit>
1538
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1539
<enforceencoding>0</enforceencoding>
1540
<applypolicyseverity>0</applypolicyseverity>
1541
<attackpoints>Response Analysis</attackpoints>
1542
<parameterlocations></parameterlocations>
1543
<requestoriginations>HTML|Form|Silverlight|RecrawlTraffic</requestoriginations>
1544
<displayname>Collecting Sensitive Personal Information</displayname>
1545
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1546
</attackmodulepolicy>
1547
<attackmodulepolicy>
1548
<enabled>1</enabled>
1549
<moduleid>B97A29683AEE4AA2B94FC26BFC2694A9</moduleid>
1550
<modulepriority>High</modulepriority>
1551
<severity>Medium</severity>
1552
<maxvulnlimit>100</maxvulnlimit>
1553
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1554
<maxvariancelimit>4</maxvariancelimit>
1555
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1556
<enforceencoding>0</enforceencoding>
1557
<applypolicyseverity>0</applypolicyseverity>
1558
<attackpoints>Parameter</attackpoints>
1559
<parameterlocations>Query|Post|Cookie</parameterlocations>
1560
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1561
<displayname>PHP Code Execution</displayname>
1562
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1563
</attackmodulepolicy>
1564
<attackmodulepolicy>
1565
<enabled>1</enabled>
1566
<moduleid>FF01402DB70848D88ACB0736B6E4BCF5</moduleid>
1567
<modulepriority>High</modulepriority>
1568
<severity>Low</severity>
1569
<maxvulnlimit>4</maxvulnlimit>
1570
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
1571
<maxvariancelimit>4</maxvariancelimit>
1572
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1573
<enforceencoding>0</enforceencoding>
1574
<applypolicyseverity>0</applypolicyseverity>
1575
<attackpoints>Web Resource</attackpoints>
1576
<parameterlocations></parameterlocations>
1577
<requestoriginations>HTML</requestoriginations>
1578
<displayname>Privacy Policy Check</displayname>
1579
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1580
</attackmodulepolicy>
1581
<attackmodulepolicy>
1582
<enabled>1</enabled>
1583
<moduleid>AFF041E38E444889B271CDE1B24378EA</moduleid>
1584
<modulepriority>Low</modulepriority>
1585
<severity>Informational</severity>
1586
<maxvulnlimit>250</maxvulnlimit>
1587
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1588
<maxvariancelimit>10</maxvariancelimit>
1589
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1590
<enforceencoding>0</enforceencoding>
1591
<applypolicyseverity>0</applypolicyseverity>
1592
<attackpoints>Response Analysis</attackpoints>
1593
<parameterlocations></parameterlocations>
1594
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1595
<displayname>Privacy Disclosure</displayname>
1596
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1597
</attackmodulepolicy>
1598
<attackmodulepolicy>
1599
<enabled>1</enabled>
1600
<moduleid>433C43A54C714F08B822B7932D410A78</moduleid>
1601
<modulepriority>Medium</modulepriority>
1602
<severity>Low</severity>
1603
<maxvulnlimit>10</maxvulnlimit>
1604
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
1605
<maxvariancelimit>4</maxvariancelimit>
1606
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1607
<enforceencoding>0</enforceencoding>
1608
<applypolicyseverity>0</applypolicyseverity>
1609
<attackpoints>Web Resource|Response Analysis</attackpoints>
1610
<parameterlocations></parameterlocations>
1611
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1612
<displayname>Privilege Escalation</displayname>
1613
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1614
</attackmodulepolicy>
1615
<attackmodulepolicy>
1616
<enabled>1</enabled>
1617
<moduleid>ED2E98EFF9A14BF7ACA06A7B28FF97BE</moduleid>
1618
<modulepriority>Low</modulepriority>
1619
<severity>Informational</severity>
1620
<maxvulnlimit>200</maxvulnlimit>
1621
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1622
<maxvariancelimit>4</maxvariancelimit>
1623
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1624
<enforceencoding>0</enforceencoding>
1625
<applypolicyseverity>0</applypolicyseverity>
1626
<attackpoints>Response Analysis</attackpoints>
1627
<parameterlocations></parameterlocations>
1628
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1629
<displayname>Profanity</displayname>
1630
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1631
</attackmodulepolicy>
1632
<attackmodulepolicy>
1633
<enabled>1</enabled>
1634
<moduleid>0AE25E41D6F44F29900104EF86B04191</moduleid>
1635
<modulepriority>Low</modulepriority>
1636
<severity>Informational</severity>
1637
<maxvulnlimit>500</maxvulnlimit>
1638
<maxperwebsitevulnlimit>250</maxperwebsitevulnlimit>
1639
<maxvariancelimit>4</maxvariancelimit>
1640
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1641
<enforceencoding>0</enforceencoding>
1642
<applypolicyseverity>0</applypolicyseverity>
1643
<attackpoints>Parameter</attackpoints>
1644
<parameterlocations>Directory|File|Path|Query|Post|Cookie</parameterlocations>
1645
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1646
<displayname>Reflection</displayname>
1647
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1648
</attackmodulepolicy>
1649
<attackmodulepolicy>
1650
<enabled>1</enabled>
1651
<moduleid>8CB2F93CE7F243B98D3C83A9A3E6EA4B</moduleid>
1652
<modulepriority>Medium</modulepriority>
1653
<severity>Medium</severity>
1654
<maxvulnlimit>1000</maxvulnlimit>
1655
<maxperwebsitevulnlimit>250</maxperwebsitevulnlimit>
1656
<maxvariancelimit>4</maxvariancelimit>
1657
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1658
<enforceencoding>0</enforceencoding>
1659
<applypolicyseverity>0</applypolicyseverity>
1660
<attackpoints>Directory|File|Parameter</attackpoints>
1661
<parameterlocations>Query|Post|Cookie</parameterlocations>
1662
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1663
<displayname>File Inclusion</displayname>
1664
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1665
</attackmodulepolicy>
1666
<attackmodulepolicy>
1667
<enabled>1</enabled>
1668
<moduleid>63430695B68941DF99BF242F5AE1674B</moduleid>
1669
<modulepriority>Low</modulepriority>
1670
<severity>Informational</severity>
1671
<maxvulnlimit>50</maxvulnlimit>
1672
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1673
<maxvariancelimit>2</maxvariancelimit>
1674
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1675
<enforceencoding>0</enforceencoding>
1676
<applypolicyseverity>0</applypolicyseverity>
1677
<attackpoints>Web Resource</attackpoints>
1678
<parameterlocations></parameterlocations>
1679
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1680
<displayname>HTTP Verb Tampering</displayname>
1681
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1682
</attackmodulepolicy>
1683
<attackmodulepolicy>
1684
<enabled>1</enabled>
1685
<moduleid>D8741C7560B8431A9AE74E9B4FEB4F45</moduleid>
1686
<modulepriority>Low</modulepriority>
1687
<severity>Low</severity>
1688
<maxvulnlimit>200</maxvulnlimit>
1689
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1690
<maxvariancelimit>10</maxvariancelimit>
1691
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1692
<enforceencoding>0</enforceencoding>
1693
<applypolicyseverity>0</applypolicyseverity>
1694
<attackpoints>Web Site|Directory|File</attackpoints>
1695
<parameterlocations></parameterlocations>
1696
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1697
<displayname>Predictable Resource Location</displayname>
1698
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1699
</attackmodulepolicy>
1700
<attackmodulepolicy>
1701
<enabled>1</enabled>
1702
<moduleid>13623AA162FA4488852116B7EC0DE49E</moduleid>
1703
<modulepriority>Medium</modulepriority>
1704
<severity>Medium</severity>
1705
<maxvulnlimit>250</maxvulnlimit>
1706
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1707
<maxvariancelimit>4</maxvariancelimit>
1708
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1709
<enforceencoding>0</enforceencoding>
1710
<applypolicyseverity>0</applypolicyseverity>
1711
<attackpoints>Parameter</attackpoints>
1712
<parameterlocations>Query</parameterlocations>
1713
<requestoriginations>HTML|Form|RecrawlTraffic</requestoriginations>
1714
<displayname>Reverse Clickjacking</displayname>
1715
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1716
</attackmodulepolicy>
1717
<attackmodulepolicy>
1718
<enabled>1</enabled>
1719
<moduleid>A418163442A54BB9BB0F1E591881A835</moduleid>
1720
<modulepriority>High</modulepriority>
1721
<severity>Low</severity>
1722
<maxvulnlimit>25</maxvulnlimit>
1723
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1724
<maxvariancelimit>1</maxvariancelimit>
1725
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1726
<enforceencoding>0</enforceencoding>
1727
<applypolicyseverity>0</applypolicyseverity>
1728
<attackpoints>Web Site</attackpoints>
1729
<parameterlocations></parameterlocations>
1730
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1731
<displayname>Reverse Proxy</displayname>
1732
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1733
</attackmodulepolicy>
1734
<attackmodulepolicy>
1735
<enabled>1</enabled>
1736
<moduleid>2C7D393BABA44517B0A37DC8ADCF9630</moduleid>
1737
<modulepriority>Low</modulepriority>
1738
<severity>Low</severity>
1739
<maxvulnlimit>200</maxvulnlimit>
1740
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1741
<maxvariancelimit>4</maxvariancelimit>
1742
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1743
<enforceencoding>0</enforceencoding>
1744
<applypolicyseverity>0</applypolicyseverity>
1745
<attackpoints>Response Analysis</attackpoints>
1746
<parameterlocations></parameterlocations>
1747
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1748
<displayname>Information Disclosure in scripts</displayname>
1749
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1750
</attackmodulepolicy>
1751
<attackmodulepolicy>
1752
<enabled>1</enabled>
1753
<moduleid>07BD211A580944E591F78B40FF3F3489</moduleid>
1754
<modulepriority>Low</modulepriority>
1755
<severity>Informational</severity>
1756
<maxvulnlimit>250</maxvulnlimit>
1757
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1758
<maxvariancelimit>3</maxvariancelimit>
1759
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1760
<enforceencoding>0</enforceencoding>
1761
<applypolicyseverity>0</applypolicyseverity>
1762
<attackpoints>Response Analysis</attackpoints>
1763
<parameterlocations></parameterlocations>
1764
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1765
<displayname>Secure and non-secure content mix</displayname>
1766
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1767
</attackmodulepolicy>
1768
<attackmodulepolicy>
1769
<enabled>1</enabled>
1770
<moduleid>1CBEA71A88844A11A4CD6ABAA2FD7F62</moduleid>
1771
<modulepriority>Low</modulepriority>
1772
<severity>Low</severity>
1773
<maxvulnlimit>100</maxvulnlimit>
1774
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1775
<maxvariancelimit>4</maxvariancelimit>
1776
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1777
<enforceencoding>0</enforceencoding>
1778
<applypolicyseverity>0</applypolicyseverity>
1779
<attackpoints>Response Analysis</attackpoints>
1780
<parameterlocations></parameterlocations>
1781
<requestoriginations>HTML|Form|Silverlight|RecrawlTraffic</requestoriginations>
1782
<displayname>Sensitive data over an insecure channel</displayname>
1783
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1784
</attackmodulepolicy>
1785
<attackmodulepolicy>
1786
<enabled>1</enabled>
1787
<moduleid>34A0F038EFA248B594E7F17447F4CF2E</moduleid>
1788
<modulepriority>High</modulepriority>
1789
<severity>Informational</severity>
1790
<maxvulnlimit>10</maxvulnlimit>
1791
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
1792
<maxvariancelimit>1</maxvariancelimit>
1793
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1794
<enforceencoding>0</enforceencoding>
1795
<applypolicyseverity>0</applypolicyseverity>
1796
<attackpoints>Web Site|Response Analysis</attackpoints>
1797
<parameterlocations></parameterlocations>
1798
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1799
<displayname>Server Configuration</displayname>
1800
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1801
</attackmodulepolicy>
1802
<attackmodulepolicy>
1803
<enabled>1</enabled>
1804
<moduleid>DC8E0D09314B44D39915AAF8439B4F53</moduleid>
1805
<modulepriority>Medium</modulepriority>
1806
<severity>Medium</severity>
1807
<maxvulnlimit>150</maxvulnlimit>
1808
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1809
<maxvariancelimit>4</maxvariancelimit>
1810
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1811
<enforceencoding>0</enforceencoding>
1812
<applypolicyseverity>0</applypolicyseverity>
1813
<attackpoints>Parameter</attackpoints>
1814
<parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1815
</parameterlocations>
1816
<requestoriginations>HTML|Form|AJAX|RecrawlTraffic</requestoriginations>
1817
<displayname>Server Side Include (SSI) Injection</displayname>
1818
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1819
</attackmodulepolicy>
1820
<attackmodulepolicy>
1821
<enabled>1</enabled>
1822
<moduleid>F74CCB3314134B21A3B5D5D78BECEADB</moduleid>
1823
<modulepriority>High</modulepriority>
1824
<severity>High</severity>
1825
<maxvulnlimit>250</maxvulnlimit>
1826
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1827
<maxvariancelimit>4</maxvariancelimit>
1828
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1829
<enforceencoding>0</enforceencoding>
1830
<applypolicyseverity>0</applypolicyseverity>
1831
<attackpoints>Directory|File|Parameter</attackpoints>
1832
<parameterlocations>Query|Post|Cookie</parameterlocations>
1833
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1834
<displayname>Server Side Request Forgery</displayname>
1835
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1836
</attackmodulepolicy>
1837
<attackmodulepolicy>
1838
<enabled>1</enabled>
1839
<moduleid>0F5408AB9FF94320AA58FCFE80EDEF59</moduleid>
1840
<modulepriority>High</modulepriority>
1841
<severity>High</severity>
1842
<maxvulnlimit>200</maxvulnlimit>
1843
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1844
<maxvariancelimit>4</maxvariancelimit>
1845
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1846
<enforceencoding>0</enforceencoding>
1847
<applypolicyseverity>0</applypolicyseverity>
1848
<attackpoints>Parameter</attackpoints>
1849
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
1850
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1851
<displayname>Server Side Template Injection</displayname>
1852
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1853
</attackmodulepolicy>
1854
<attackmodulepolicy>
1855
<enabled>1</enabled>
1856
<moduleid>DB1340E1857540219DF84A6A9DC0494C</moduleid>
1857
<modulepriority>High</modulepriority>
1858
<severity>Medium</severity>
1859
<maxvulnlimit>25</maxvulnlimit>
1860
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1861
<maxvariancelimit>2</maxvariancelimit>
1862
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1863
<enforceencoding>0</enforceencoding>
1864
<applypolicyseverity>0</applypolicyseverity>
1865
<attackpoints>Web Resource</attackpoints>
1866
<parameterlocations></parameterlocations>
1867
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1868
<displayname>Session Fixation</displayname>
1869
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1870
</attackmodulepolicy>
1871
<attackmodulepolicy>
1872
<enabled>1</enabled>
1873
<moduleid>6B1B2812012D41249BDEE83FFAEB523D</moduleid>
1874
<modulepriority>Low</modulepriority>
1875
<severity>Low</severity>
1876
<maxvulnlimit>10</maxvulnlimit>
1877
<maxperwebsitevulnlimit>4</maxperwebsitevulnlimit>
1878
<maxvariancelimit>1</maxvariancelimit>
1879
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1880
<enforceencoding>0</enforceencoding>
1881
<applypolicyseverity>0</applypolicyseverity>
1882
<attackpoints>Parameter</attackpoints>
1883
<parameterlocations>Directory|Path|Query</parameterlocations>
1884
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</requestoriginations>
1885
<displayname>HTTP Query Session Check</displayname>
1886
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1887
</attackmodulepolicy>
1888
<attackmodulepolicy>
1889
<enabled>1</enabled>
1890
<moduleid>F729A70998064A1F99A8BEA8512D31AE</moduleid>
1891
<modulepriority>Medium</modulepriority>
1892
<severity>Low</severity>
1893
<maxvulnlimit>10</maxvulnlimit>
1894
<maxperwebsitevulnlimit>2</maxperwebsitevulnlimit>
1895
<maxvariancelimit>4</maxvariancelimit>
1896
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1897
<enforceencoding>0</enforceencoding>
1898
<applypolicyseverity>0</applypolicyseverity>
1899
<attackpoints>Web Resource</attackpoints>
1900
<parameterlocations></parameterlocations>
1901
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1902
<displayname>Session Strength</displayname>
1903
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1904
</attackmodulepolicy>
1905
<attackmodulepolicy>
1906
<enabled>1</enabled>
1907
<moduleid>0DB2C1311DA74B80A153A8733C74D6CC</moduleid>
1908
<modulepriority>Medium</modulepriority>
1909
<severity>Low</severity>
1910
<maxvulnlimit>50</maxvulnlimit>
1911
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1912
<maxvariancelimit>4</maxvariancelimit>
1913
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1914
<enforceencoding>0</enforceencoding>
1915
<applypolicyseverity>0</applypolicyseverity>
1916
<attackpoints>Response Analysis</attackpoints>
1917
<parameterlocations></parameterlocations>
1918
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1919
<displayname>Session Upgrade</displayname>
1920
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1921
</attackmodulepolicy>
1922
<attackmodulepolicy>
1923
<enabled>1</enabled>
1924
<moduleid>7A7B3239AB8146839A8AEF170807ED1E</moduleid>
1925
<modulepriority>Low</modulepriority>
1926
<severity>Medium</severity>
1927
<maxvulnlimit>100</maxvulnlimit>
1928
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1929
<maxvariancelimit>4</maxvariancelimit>
1930
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1931
<enforceencoding>0</enforceencoding>
1932
<applypolicyseverity>0</applypolicyseverity>
1933
<attackpoints>File</attackpoints>
1934
<parameterlocations></parameterlocations>
1935
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1936
<displayname>Source Code Disclosure</displayname>
1937
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1938
</attackmodulepolicy>
1939
<attackmodulepolicy>
1940
<enabled>1</enabled>
1941
<moduleid>59646365E0E44520BE4297C3ABAA7E75</moduleid>
1942
<modulepriority>High</modulepriority>
1943
<severity>Low</severity>
1944
<maxvulnlimit>250</maxvulnlimit>
1945
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
1946
<maxvariancelimit>4</maxvariancelimit>
1947
<passiveanalysisonattacks>1</passiveanalysisonattacks>
1948
<enforceencoding>0</enforceencoding>
1949
<applypolicyseverity>0</applypolicyseverity>
1950
<attackpoints>Response Analysis</attackpoints>
1951
<parameterlocations></parameterlocations>
1952
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1953
<displayname>SQL Information Leakage</displayname>
1954
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1955
</attackmodulepolicy>
1956
<attackmodulepolicy>
1957
<enabled>1</enabled>
1958
<moduleid>B6F559D374B5451EB424A1C1FB264FA6</moduleid>
1959
<modulepriority>High</modulepriority>
1960
<severity>High</severity>
1961
<maxvulnlimit>500</maxvulnlimit>
1962
<maxperwebsitevulnlimit>200</maxperwebsitevulnlimit>
1963
<maxvariancelimit>4</maxvariancelimit>
1964
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1965
<enforceencoding>0</enforceencoding>
1966
<applypolicyseverity>0</applypolicyseverity>
1967
<attackpoints>Parameter</attackpoints>
1968
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations>
1969
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1970
<displayname>SQL Injection</displayname>
1971
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1972
</attackmodulepolicy>
1973
<attackmodulepolicy>
1974
<enabled>1</enabled>
1975
<moduleid>0496353D92704F2E942BFE1B575D9B7C</moduleid>
1976
<modulepriority>High</modulepriority>
1977
<severity>High</severity>
1978
<maxvulnlimit>25</maxvulnlimit>
1979
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
1980
<maxvariancelimit>4</maxvariancelimit>
1981
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1982
<enforceencoding>0</enforceencoding>
1983
<applypolicyseverity>0</applypolicyseverity>
1984
<attackpoints>Parameter</attackpoints>
1985
<parameterlocations>Path|Query|Post</parameterlocations>
1986
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
1987
<displayname>SQL Injection Auth Bypass</displayname>
1988
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
1989
</attackmodulepolicy>
1990
<attackmodulepolicy>
1991
<enabled>1</enabled>
1992
<moduleid>CEB40EE490564D60B4F9B3CE79C009B5</moduleid>
1993
<modulepriority>Medium</modulepriority>
1994
<severity>Medium</severity>
1995
<maxvulnlimit>100</maxvulnlimit>
1996
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
1997
<maxvariancelimit>4</maxvariancelimit>
1998
<passiveanalysisonattacks>0</passiveanalysisonattacks>
1999
<enforceencoding>0</enforceencoding>
2000
<applypolicyseverity>0</applypolicyseverity>
2001
<attackpoints>Response Analysis</attackpoints>
2002
<parameterlocations></parameterlocations>
2003
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2004
<displayname>SQL Parameter Check</displayname>
2005
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2006
</attackmodulepolicy>
2007
<attackmodulepolicy>
2008
<enabled>1</enabled>
2009
<moduleid>C5805272001249A095A48F2E56240C10</moduleid>
2010
<modulepriority>Medium</modulepriority>
2011
<severity>Informational</severity>
2012
<maxvulnlimit>25</maxvulnlimit>
2013
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
2014
<maxvariancelimit>100</maxvariancelimit>
2015
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2016
<enforceencoding>0</enforceencoding>
2017
<applypolicyseverity>0</applypolicyseverity>
2018
<attackpoints>Web Site</attackpoints>
2019
<parameterlocations></parameterlocations>
2020
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2021
<displayname>SSL Strength</displayname>
2022
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2023
</attackmodulepolicy>
2024
<attackmodulepolicy>
2025
<enabled>1</enabled>
2026
<moduleid>5D9A66E5961B4644AAF5EC655E18EE66</moduleid>
2027
<modulepriority>Medium</modulepriority>
2028
<severity>Informational</severity>
2029
<maxvulnlimit>50</maxvulnlimit>
2030
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
2031
<maxvariancelimit>20</maxvariancelimit>
2032
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2033
<enforceencoding>0</enforceencoding>
2034
<applypolicyseverity>0</applypolicyseverity>
2035
<attackpoints>Web Site</attackpoints>
2036
<parameterlocations></parameterlocations>
2037
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2038
<displayname>Subdomain discovery</displayname>
2039
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2040
</attackmodulepolicy>
2041
<attackmodulepolicy>
2042
<enabled>1</enabled>
2043
<moduleid>31E0A650FB944E689DF46B7A98F35A5F</moduleid>
2044
<modulepriority>Low</modulepriority>
2045
<severity>Low</severity>
2046
<maxvulnlimit>100</maxvulnlimit>
2047
<maxperwebsitevulnlimit>500</maxperwebsitevulnlimit>
2048
<maxvariancelimit>4</maxvariancelimit>
2049
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2050
<enforceencoding>0</enforceencoding>
2051
<applypolicyseverity>0</applypolicyseverity>
2052
<attackpoints>Response Analysis</attackpoints>
2053
<parameterlocations></parameterlocations>
2054
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</requestoriginations>
2055
<displayname>Subresource Integrity</displayname>
2056
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2057
</attackmodulepolicy>
2058
<attackmodulepolicy>
2059
<enabled>1</enabled>
2060
<moduleid>9A22444AC7C642ABBC598CBCA4738C3B</moduleid>
2061
<modulepriority>High</modulepriority>
2062
<severity>Medium</severity>
2063
<maxvulnlimit>40</maxvulnlimit>
2064
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
2065
<maxvariancelimit>4</maxvariancelimit>
2066
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2067
<enforceencoding>0</enforceencoding>
2068
<applypolicyseverity>0</applypolicyseverity>
2069
<attackpoints>Parameter</attackpoints>
2070
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
2071
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2072
<displayname>Unvalidated Redirect</displayname>
2073
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2074
</attackmodulepolicy>
2075
<attackmodulepolicy>
2076
<enabled>1</enabled>
2077
<moduleid>B69E83831D26496BB2CC0C0D70181EC3</moduleid>
2078
<modulepriority>High</modulepriority>
2079
<severity>Low</severity>
2080
<maxvulnlimit>40</maxvulnlimit>
2081
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
2082
<maxvariancelimit>4</maxvariancelimit>
2083
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2084
<enforceencoding>0</enforceencoding>
2085
<applypolicyseverity>0</applypolicyseverity>
2086
<attackpoints>Response Analysis</attackpoints>
2087
<parameterlocations></parameterlocations>
2088
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2089
<displayname>URL rewriting</displayname>
2090
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2091
</attackmodulepolicy>
2092
<attackmodulepolicy>
2093
<enabled>1</enabled>
2094
<moduleid>4DE84100F31849A7B845FE5F62D2FD7A</moduleid>
2095
<modulepriority>Medium</modulepriority>
2096
<severity>Medium</severity>
2097
<maxvulnlimit>25</maxvulnlimit>
2098
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
2099
<maxvariancelimit>2</maxvariancelimit>
2100
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2101
<enforceencoding>0</enforceencoding>
2102
<applypolicyseverity>0</applypolicyseverity>
2103
<attackpoints>Response Analysis</attackpoints>
2104
<parameterlocations></parameterlocations>
2105
<requestoriginations>HTML|Form|RecrawlTraffic</requestoriginations>
2106
<displayname>ASP.NET ViewState security</displayname>
2107
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2108
</attackmodulepolicy>
2109
<attackmodulepolicy>
2110
<enabled>1</enabled>
2111
<moduleid>0BE4C251F44C4CF1924104ADFD86289C</moduleid>
2112
<modulepriority>Low</modulepriority>
2113
<severity>Informational</severity>
2114
<maxvulnlimit>100</maxvulnlimit>
2115
<maxperwebsitevulnlimit>25</maxperwebsitevulnlimit>
2116
<maxvariancelimit>4</maxvariancelimit>
2117
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2118
<enforceencoding>0</enforceencoding>
2119
<applypolicyseverity>0</applypolicyseverity>
2120
<attackpoints>Web Resource</attackpoints>
2121
<parameterlocations></parameterlocations>
2122
<requestoriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</requestoriginations>
2123
<displayname>Web Beacon</displayname>
2124
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2125
</attackmodulepolicy>
2126
<attackmodulepolicy>
2127
<enabled>1</enabled>
2128
<moduleid>667629EC1FDC4C6D98B5F4031717BB9B</moduleid>
2129
<modulepriority>Medium</modulepriority>
2130
<severity>Low</severity>
2131
<maxvulnlimit>250</maxvulnlimit>
2132
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2133
<maxvariancelimit>4</maxvariancelimit>
2134
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2135
<enforceencoding>0</enforceencoding>
2136
<applypolicyseverity>0</applypolicyseverity>
2137
<attackpoints>Directory</attackpoints>
2138
<parameterlocations></parameterlocations>
2139
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2140
<displayname>Web DAV Flaws Check</displayname>
2141
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2142
</attackmodulepolicy>
2143
<attackmodulepolicy>
2144
<enabled>1</enabled>
2145
<moduleid>74FB936F2BBA499F8D0AF3B7A29B4F9E</moduleid>
2146
<modulepriority>High</modulepriority>
2147
<severity>Low</severity>
2148
<maxvulnlimit>30</maxvulnlimit>
2149
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
2150
<maxvariancelimit>4</maxvariancelimit>
2151
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2152
<enforceencoding>0</enforceencoding>
2153
<applypolicyseverity>0</applypolicyseverity>
2154
<attackpoints>Web Site</attackpoints>
2155
<parameterlocations></parameterlocations>
2156
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2157
<displayname>Cross-site tracing (XST)</displayname>
2158
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2159
</attackmodulepolicy>
2160
<attackmodulepolicy>
2161
<enabled>1</enabled>
2162
<moduleid>377030BFE58A4F01A112295D32A0744C</moduleid>
2163
<modulepriority>High</modulepriority>
2164
<severity>Medium</severity>
2165
<maxvulnlimit>250</maxvulnlimit>
2166
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
2167
<maxvariancelimit>4</maxvariancelimit>
2168
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2169
<enforceencoding>0</enforceencoding>
2170
<applypolicyseverity>0</applypolicyseverity>
2171
<attackpoints>Parameter</attackpoints>
2172
<parameterlocations>Post</parameterlocations>
2173
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2174
<displayname>Web Service Parameter Fuzzing</displayname>
2175
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2176
</attackmodulepolicy>
2177
<attackmodulepolicy>
2178
<enabled>1</enabled>
2179
<moduleid>8399FA8EDF5C41BC9D3CF85DC23DC26B</moduleid>
2180
<modulepriority>Low</modulepriority>
2181
<severity>Informational</severity>
2182
<maxvulnlimit>20</maxvulnlimit>
2183
<maxperwebsitevulnlimit>5</maxperwebsitevulnlimit>
2184
<maxvariancelimit>2</maxvariancelimit>
2185
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2186
<enforceencoding>0</enforceencoding>
2187
<applypolicyseverity>0</applypolicyseverity>
2188
<attackpoints>Response Analysis</attackpoints>
2189
<parameterlocations></parameterlocations>
2190
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2191
<displayname>X-Content-Type-Options</displayname>
2192
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2193
</attackmodulepolicy>
2194
<attackmodulepolicy>
2195
<enabled>1</enabled>
2196
<moduleid>3E2E60F7D0E04D8596918C2D1F639064</moduleid>
2197
<modulepriority>Low</modulepriority>
2198
<severity>Informational</severity>
2199
<maxvulnlimit>50</maxvulnlimit>
2200
<maxperwebsitevulnlimit>10</maxperwebsitevulnlimit>
2201
<maxvariancelimit>2</maxvariancelimit>
2202
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2203
<enforceencoding>0</enforceencoding>
2204
<applypolicyseverity>0</applypolicyseverity>
2205
<attackpoints>Response Analysis</attackpoints>
2206
<parameterlocations></parameterlocations>
2207
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2208
<displayname>X-Frame-Options</displayname>
2209
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2210
</attackmodulepolicy>
2211
<attackmodulepolicy>
2212
<enabled>1</enabled>
2213
<moduleid>615D72F401BC447AB4A2139654BC9945</moduleid>
2214
<modulepriority>Low</modulepriority>
2215
<severity>Informational</severity>
2216
<maxvulnlimit>25</maxvulnlimit>
2217
<maxperwebsitevulnlimit>5</maxperwebsitevulnlimit>
2218
<maxvariancelimit>2</maxvariancelimit>
2219
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2220
<enforceencoding>0</enforceencoding>
2221
<applypolicyseverity>0</applypolicyseverity>
2222
<attackpoints>Response Analysis</attackpoints>
2223
<parameterlocations></parameterlocations>
2224
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2225
<displayname>X-XSS-Protection</displayname>
2226
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2227
</attackmodulepolicy>
2228
<attackmodulepolicy>
2229
<enabled>1</enabled>
2230
<moduleid>ABFA075919804435A25A22A8CAC191DF</moduleid>
2231
<modulepriority>High</modulepriority>
2232
<severity>Medium</severity>
2233
<maxvulnlimit>100</maxvulnlimit>
2234
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2235
<maxvariancelimit>4</maxvariancelimit>
2236
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2237
<enforceencoding>0</enforceencoding>
2238
<applypolicyseverity>0</applypolicyseverity>
2239
<attackpoints>Parameter</attackpoints>
2240
<parameterlocations>Path|Query|Post|Cookie</parameterlocations>
2241
<requestoriginations>HTML|Form|AJAX|RecrawlTraffic</requestoriginations>
2242
<displayname>XML External Entity Attack</displayname>
2243
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2244
</attackmodulepolicy>
2245
<attackmodulepolicy>
2246
<enabled>1</enabled>
2247
<moduleid>BBE9F36A88A944ECB837D5193D356E4C</moduleid>
2248
<modulepriority>Medium</modulepriority>
2249
<severity>High</severity>
2250
<maxvulnlimit>100</maxvulnlimit>
2251
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2252
<maxvariancelimit>4</maxvariancelimit>
2253
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2254
<enforceencoding>0</enforceencoding>
2255
<applypolicyseverity>0</applypolicyseverity>
2256
<attackpoints>Parameter</attackpoints>
2257
<parameterlocations>Path|Query|Post</parameterlocations>
2258
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2259
<displayname>XPath Injection</displayname>
2260
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2261
</attackmodulepolicy>
2262
<attackmodulepolicy>
2263
<enabled>1</enabled>
2264
<moduleid>6CEF426D33514825B50741616DB2120B</moduleid>
2265
<modulepriority>Low</modulepriority>
2266
<severity>Informational</severity>
2267
<maxvulnlimit>25</maxvulnlimit>
2268
<maxperwebsitevulnlimit>5</maxperwebsitevulnlimit>
2269
<maxvariancelimit>2</maxvariancelimit>
2270
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2271
<enforceencoding>0</enforceencoding>
2272
<applypolicyseverity>0</applypolicyseverity>
2273
<attackpoints>Response Analysis</attackpoints>
2274
<parameterlocations></parameterlocations>
2275
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2276
<displayname>X-Powered-By</displayname>
2277
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2278
</attackmodulepolicy>
2279
<attackmodulepolicy>
2280
<enabled>1</enabled>
2281
<moduleid>46A8FE469F6C44BFB9946C021A2BCDC8</moduleid>
2282
<modulepriority>High</modulepriority>
2283
<severity>Medium</severity>
2284
<maxvulnlimit>250</maxvulnlimit>
2285
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2286
<maxvariancelimit>4</maxvariancelimit>
2287
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2288
<enforceencoding>0</enforceencoding>
2289
<applypolicyseverity>0</applypolicyseverity>
2290
<attackpoints>Response Analysis</attackpoints>
2291
<parameterlocations></parameterlocations>
2292
<requestoriginations>HTML|Form|AJAX|RecrawlTraffic</requestoriginations>
2293
<displayname>Cross-site scripting (XSS), (DOM based)</displayname>
2294
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2295
</attackmodulepolicy>
2296
<attackmodulepolicy>
2297
<enabled>1</enabled>
2298
<moduleid>BD57F92E956A493DA39ADDF215B29D96</moduleid>
2299
<modulepriority>High</modulepriority>
2300
<severity>Medium</severity>
2301
<maxvulnlimit>100</maxvulnlimit>
2302
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2303
<maxvariancelimit>4</maxvariancelimit>
2304
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2305
<enforceencoding>0</enforceencoding>
2306
<applypolicyseverity>0</applypolicyseverity>
2307
<attackpoints>Web Resource</attackpoints>
2308
<parameterlocations></parameterlocations>
2309
<requestoriginations>AJAX</requestoriginations>
2310
<displayname>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</displayname>
2311
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2312
</attackmodulepolicy>
2313
<attackmodulepolicy>
2314
<enabled>1</enabled>
2315
<moduleid>62AA6A08FA764E209551B4A4C479F08D</moduleid>
2316
<modulepriority>High</modulepriority>
2317
<severity>High</severity>
2318
<maxvulnlimit>100</maxvulnlimit>
2319
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2320
<maxvariancelimit>4</maxvariancelimit>
2321
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2322
<enforceencoding>0</enforceencoding>
2323
<applypolicyseverity>0</applypolicyseverity>
2324
<attackpoints>Response Analysis</attackpoints>
2325
<parameterlocations></parameterlocations>
2326
<requestoriginations>HTML|Form|AJAX|RecrawlTraffic</requestoriginations>
2327
<displayname>Persistent Cross-site scripting (XSS) (passive)</displayname>
2328
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2329
</attackmodulepolicy>
2330
<attackmodulepolicy>
2331
<enabled>1</enabled>
2332
<moduleid>050ABD8CF99F4EE4AA18C12F06FA3051</moduleid>
2333
<modulepriority>High</modulepriority>
2334
<severity>High</severity>
2335
<maxvulnlimit>250</maxvulnlimit>
2336
<maxperwebsitevulnlimit>50</maxperwebsitevulnlimit>
2337
<maxvariancelimit>5</maxvariancelimit>
2338
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2339
<enforceencoding>0</enforceencoding>
2340
<applypolicyseverity>0</applypolicyseverity>
2341
<attackpoints>Parameter</attackpoints>
2342
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer</parameterlocations>
2343
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2344
<displayname>Persistent Cross-site scripting (XSS), (active)</displayname>
2345
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2346
</attackmodulepolicy>
2347
<attackmodulepolicy>
2348
<enabled>1</enabled>
2349
<moduleid>ABEB2E590AA24A39BB6FE7DBD6338277</moduleid>
2350
<modulepriority>High</modulepriority>
2351
<severity>Medium</severity>
2352
<maxvulnlimit>400</maxvulnlimit>
2353
<maxperwebsitevulnlimit>150</maxperwebsitevulnlimit>
2354
<maxvariancelimit>5</maxvariancelimit>
2355
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2356
<enforceencoding>0</enforceencoding>
2357
<applypolicyseverity>0</applypolicyseverity>
2358
<attackpoints>Parameter</attackpoints>
2359
<parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer</parameterlocations>
2360
<requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</requestoriginations>
2361
<displayname>Reflected Cross-site scripting (XSS)</displayname>
2362
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2363
</attackmodulepolicy>
2364
<attackmodulepolicy>
2365
<enabled>1</enabled>
2366
<moduleid>FFBF4640C8A4475E93E099018951B409</moduleid>
2367
<modulepriority>Medium</modulepriority>
2368
<severity>Medium</severity>
2369
<maxvulnlimit>250</maxvulnlimit>
2370
<maxperwebsitevulnlimit>100</maxperwebsitevulnlimit>
2371
<maxvariancelimit>4</maxvariancelimit>
2372
<passiveanalysisonattacks>0</passiveanalysisonattacks>
2373
<enforceencoding>0</enforceencoding>
2374
<applypolicyseverity>0</applypolicyseverity>
2375
<attackpoints>Parameter</attackpoints>
2376
<parameterlocations>File|Query|Post</parameterlocations>
2377
<requestoriginations>HTML|Form|AJAX|RecrawlTraffic</requestoriginations>
2378
<displayname>Reflected Cross-site scripting (XSS), (simple)</displayname>
2379
<maximumconcurrentattacktasks>10</maximumconcurrentattacktasks>
2380
</attackmodulepolicy>
2381
</attackmodulepolicylist>
2382
</attackpolicyconfig>
2383
<analyzerconfig>
2384
<enabled>0</enabled>
2385
<notexistingfilepath>/aaaaaaaa.aaa</notexistingfilepath>
2386
<notexistingdirpath>/aaaaaaaa/</notexistingdirpath>
2387
<appendtooriginalvalue>1</appendtooriginalvalue>
2388
<replaceoriginalvalue>0</replaceoriginalvalue>
2389
</analyzerconfig>
2390
<authconfig>
2391
<type>Form</type>
2392
<httpauth>0</httpauth>
2393
<oauth>0</oauth>
2394
<reloginaftersessionloss>1</reloginaftersessionloss>
2395
<logoutdetection>1</logoutdetection>
2396
<userassistance>0</userassistance>
2397
<assumesuccessfullogin>0</assumesuccessfullogin>
2398
<verifynotloggedin>1</verifynotloggedin>
2399
<postponeloginaction>1</postponeloginaction>
2400
<createnonauthenticatedsession>0</createnonauthenticatedsession>
2401
<treatfailedreloginaserror>1</treatfailedreloginaserror>
2402
<restartproxybeforerelogin>0</restartproxybeforerelogin>
2403
<templateloginmacro>0</templateloginmacro>
2404
<blacklistsinglepasswordforms>0</blacklistsinglepasswordforms>
2405
<blacklistmultipasswordforms>1</blacklistmultipasswordforms>
2406
<resetcookies>1</resetcookies>
2407
<accounttype>Restricted</accounttype>
2408
<usernameform>admin</usernameform>
2409
<passwordform>
2410
FF7CF70CAE791A3B49FF16F4F97F566C661AFFA277EAA8DFFBF53AFFCC7554E4D013706DFFEC81A95B2CAEF2E9FF6F76CA0FA1B24DEF00FEFDEEFF200F320F0407445FCCD1
2411
</passwordform>
2412
<usernamehttp></usernamehttp>
2413
<passwordhttp></passwordhttp>
2414
<autologonsecurity>Medium</autologonsecurity>
2415
<loginlinkregex>((log|sign)[ -]?(in|on))|auth</loginlinkregex>
2416
<loggedinregex>(sign|log)[ -]?(out|off)</loggedinregex>
2417
<loggedinheaderregex></loggedinheaderregex>
2418
<sessionlossregex>please (re)?login|have been logged out|session has expired</sessionlossregex>
2419
<sessionlossheaderregex>Location: [^\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\b</sessionlossheaderregex>
2420
<logoutlinkregex>(sign|log|time)[ -]?(in|on|out|off)|password</logoutlinkregex>
2421
<logoutpostbodyregex>(sign|log|time)[ -]?(in|on|out|off)</logoutpostbodyregex>
2422
<canarypage></canarypage>
2423
<sessionlossoncanarypageheaderregex></sessionlossoncanarypageheaderregex>
2424
<sessionlossoncanarypageregex></sessionlossoncanarypageregex>
2425
<formsubmissionscript></formsubmissionscript>
2426
<sessioncookieregex>\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\b
2427
</sessioncookieregex>
2428
<sessioncookielifespan>32</sessioncookielifespan>
2429
<urlsessiontokenregex></urlsessiontokenregex>
2430
<postsessiontokenregex></postsessiontokenregex>
2431
<responsebodytokenregex></responsebodytokenregex>
2432
<secondresponsebodytokenregex></secondresponsebodytokenregex>
2433
<httpheaderwithtokenreplacement></httpheaderwithtokenreplacement>
2434
<secondhttpheaderwithtokenreplacement></secondhttpheaderwithtokenreplacement>
2435
<logoutdetectionfrequency>60</logoutdetectionfrequency>
2436
<discoverymaxlinks>100</discoverymaxlinks>
2437
<loginmaxlinks>50</loginmaxlinks>
2438
<discoverydepth>10</discoverydepth>
2439
<logindepth>10</logindepth>
2440
<maxmacroreloginattempts>3</maxmacroreloginattempts>
2441
<discoveryprioritization>Login Form Discovery</discoveryprioritization>
2442
<loginprioritization>Login</loginprioritization>
2443
<bootstrapdelay>60000</bootstrapdelay>
2444
<remotebootstraptimeoutminutes>60</remotebootstraptimeoutminutes>
2445
<seedlink></seedlink>
2446
<discoverloginform>1</discoverloginform>
2447
<usebrowserformlogin>1</usebrowserformlogin>
2448
<pingfrequency>600</pingfrequency>
2449
<pingurl></pingurl>
2450
<hmacconfig>
2451
<hmacheadergeneratordllfilename></hmacheadergeneratordllfilename>
2452
<hmacusername></hmacusername>
2453
<hmacapikey></hmacapikey>
2454
<hmachashalgorithm>32780</hmachashalgorithm>
2455
</hmacconfig>
2456
<hawkconfig>
2457
<hmacheadergeneratordllfilename></hmacheadergeneratordllfilename>
2458
<hmacusername></hmacusername>
2459
<hmacapikey></hmacapikey>
2460
<hmachashalgorithm>32780</hmachashalgorithm>
2461
<hawkauthkeyid></hawkauthkeyid>
2462
<hawkauthkey></hawkauthkey>
2463
<hawkextappdata></hawkextappdata>
2464
</hawkconfig>
2465
<oauthconfig>
2466
<resourceownerurl></resourceownerurl>
2467
<resourceserverurl></resourceserverurl>
2468
<authorizationserverurl>/authorize</authorizationserverurl>
2469
<clientid></clientid>
2470
<clientscope></clientscope>
2471
<clientstate></clientstate>
2472
<clientsecret></clientsecret>
2473
<redirecturi></redirecturi>
2474
<username></username>
2475
<password></password>
2476
<usernameform></usernameform>
2477
<passwordform></passwordform>
2478
<extensiongrant></extensiongrant>
2479
<authorizationgranttype>Null</authorizationgranttype>
2480
<neverdobasicauth>0</neverdobasicauth>
2481
<jsonpostbodies>0</jsonpostbodies>
2482
<azureresponsemode>NullAzureResponseMode</azureresponsemode>
2483
<azureresourceurl></azureresourceurl>
2484
<azureprompt>NullAzurePrompt</azureprompt>
2485
<azureloginhint></azureloginhint>
2486
<azuredomainhint></azuredomainhint>
2487
</oauthconfig>
2488
<adalconfig>
2489
<resourceid>https://graph.windows.net</resourceid>
2490
<tenant></tenant>
2491
<clientid></clientid>
2492
<authorityurl></authorityurl>
2493
<username></username>
2494
<password></password>
2495
<tokenrefreshperiod>0:10:00</tokenrefreshperiod>
2496
</adalconfig>
2497
<macrofile>
2498
<macrofilename>
2499
<!--[CDATA[]]-->
2500
</macrofilename>
2501
<javascriptengine>Default</javascriptengine>
2502
<showinbrowser>0</showinbrowser>
2503
<replayspeed>1</replayspeed>
2504
<asapmode>1</asapmode>
2505
<asapmodemindelay>3000</asapmodemindelay>
2506
<extradelayaftermacro>2000</extradelayaftermacro>
2507
<attackassequence>0</attackassequence>
2508
<sequenceconfig>
2509
<resetsession>1</resetsession>
2510
<autosequenceconfig>1</autosequenceconfig>
2511
<manualsequenceconfig>
2512
</manualsequenceconfig>
2513
</sequenceconfig>
2514
<webdriverconfig>
2515
<chromedriverport>1235</chromedriverport>
2516
<chromedebugport>1234</chromedebugport>
2517
</webdriverconfig>
2518
</macrofile>
2519
<webserviceauthconfig>
2520
<enabled>0</enabled>
2521
<authwsdl></authwsdl>
2522
<authwebmethod></authwebmethod>
2523
<getauthtokenxpath></getauthtokenxpath>
2524
<putauthtokenxpath></putauthtokenxpath>
2525
<extractauthtoken>1</extractauthtoken>
2526
</webserviceauthconfig>
2527
<seleniumfile>
2528
<seleniumfilename>
2529
<!--[CDATA[]]-->
2530
</seleniumfilename>
2531
</seleniumfile>
2532
<trafficfile>
2533
<trafficfilename></trafficfilename>
2534
<trafficfilepassword></trafficfilepassword>
2535
<attackassequence>0</attackassequence>
2536
<beginattackrequest>0</beginattackrequest>
2537
<endattackrequest>-1</endattackrequest>
2538
</trafficfile>
2539
<browserformloginconfig>
2540
<showinbrowser>0</showinbrowser>
2541
<initialnavigateeventduration>10000</initialnavigateeventduration>
2542
<finaldelayeventduration>20000</finaldelayeventduration>
2543
</browserformloginconfig>
2544
</authconfig>
2545
<proxyconfig>
2546
<type>Internet Explorer Settings</type>
2547
<httphost></httphost>
2548
<httpport>0</httpport>
2549
<httpshost></httpshost>
2550
<httpsport>0</httpsport>
2551
<pacfile></pacfile>
2552
<username></username>
2553
<password></password>
2554
</proxyconfig>
2555
<remediationconfig>
2556
<dollarsperhourappdev>250</dollarsperhourappdev>
2557
<dollarsperhourserveradmin>250</dollarsperhourserveradmin>
2558
<dollarsperhourdatabaseadmin>250</dollarsperhourdatabaseadmin>
2559
<setuphoursappdev>8</setuphoursappdev>
2560
<setuphoursserveradmin>2</setuphoursserveradmin>
2561
<setuphoursdatabaseadmin>8</setuphoursdatabaseadmin>
2562
<minhoursperissueappdev>0.75</minhoursperissueappdev>
2563
<maxhoursperissueappdev>1.25</maxhoursperissueappdev>
2564
<minhoursperissueserveradmin>0.25</minhoursperissueserveradmin>
2565
<maxhoursperissueserveradmin>1</maxhoursperissueserveradmin>
2566
<minhoursperissuedatabaseadmin>0.75</minhoursperissuedatabaseadmin>
2567
<maxhoursperissuedatabaseadmin>1.25</maxhoursperissuedatabaseadmin>
2568
</remediationconfig>
2569
<sslcertconfig>
2570
<type>NoCert</type>
2571
<file></file>
2572
<password></password>
2573
<index>-3</index>
2574
<name></name>
2575
<serialnumber></serialnumber>
2576
<issuernamebase64></issuernamebase64>
2577
<pin></pin>
2578
<requestpinatstartup>0</requestpinatstartup>
2579
<setpininterval>180</setpininterval>
2580
</sslcertconfig>
2581
<networksettingsconfig>
2582
<closeconnection>0</closeconnection>
2583
<sendkeepaliveheader>0</sendkeepaliveheader>
2584
<preauthenticatebasicauth>0</preauthenticatebasicauth>
2585
<maxretries>2</maxretries>
2586
<maxresponsesize>7000000</maxresponsesize>
2587
<maxjavasciptresponsesize>12000000</maxjavasciptresponsesize>
2588
<resolvetimeout>60000</resolvetimeout>
2589
<connecttimeout>60000</connecttimeout>
2590
<writetimeout>60000</writetimeout>
2591
<readtimeout>60000</readtimeout>
2592
<assumedisconnectedtimeout>18000000</assumedisconnectedtimeout>
2593
<dripdelaymilliseconds>25</dripdelaymilliseconds>
2594
<maxconsecutivefailures>500</maxconsecutivefailures>
2595
<customnetworklib>0</customnetworklib>
2596
<networkpreferredauthscheme>npasDefault</networkpreferredauthscheme>
2597
<usesecureprotocols>0</usesecureprotocols>
2598
<secureprotocols>SSL3|TLS1</secureprotocols>
2599
<raspscandatasinkhost></raspscandatasinkhost>
2600
<raspscankickoffresthost></raspscankickoffresthost>
2601
<raspscankickoffrestendpoint>advise_rasp_of_scan</raspscankickoffrestendpoint>
2602
<rasptimeout>0:03:00</rasptimeout>
2603
</networksettingsconfig>
2604
<performanceconfig>
2605
<maxconcurrentrequests>16</maxconcurrentrequests>
2606
<maxbandwidthkb>1200</maxbandwidthkb>
2607
<maxbrowserreusecount>10</maxbrowserreusecount>
2608
<maxbrowsermemorysize>209715200</maxbrowsermemorysize>
2609
<maxcpuusage>50</maxcpuusage>
2610
<memoryceiling>2800</memoryceiling>
2611
<memoryceiling64bit>5600</memoryceiling64bit>
2612
<antidos>0</antidos>
2613
<monitorperformanceusage>1</monitorperformanceusage>
2614
<dumpuserprocessmemoryusage>0</dumpuserprocessmemoryusage>
2615
<singlethreadedscan>0</singlethreadedscan>
2616
<killstrayieinstances>0</killstrayieinstances>
2617
<killstraychromeinstances>0</killstraychromeinstances>
2618
<minfreediskspace>524288000</minfreediskspace>
2619
<maxmemoryusagepercent>70</maxmemoryusagepercent>
2620
<maxthreadcount>400</maxthreadcount>
2621
<maxbrowserprocesslifetime>240000</maxbrowserprocesslifetime>
2622
<mindatabasecompactinterval>900000</mindatabasecompactinterval>
2623
<databasecompactduringscan>0</databasecompactduringscan>
2624
<databasecompactpostscan>0</databasecompactpostscan>
2625
</performanceconfig>
2626
<systemrecommendationsconfig>
2627
<enabled>1</enabled>
2628
<minlogicalprocessors>2</minlogicalprocessors>
2629
<mintotalphysicalmemoryfor64bit>4187593113</mintotalphysicalmemoryfor64bit>
2630
<minavailablephysicalmemoryfor64bit>2147483648</minavailablephysicalmemoryfor64bit>
2631
<mintotalphysicalmemoryfor32bit>2147483648</mintotalphysicalmemoryfor32bit>
2632
<minavailablephysicalmemoryfor32bit>1073741824</minavailablephysicalmemoryfor32bit>
2633
<minfreediskspace>10737418240</minfreediskspace>
2634
</systemrecommendationsconfig>
2635
<httpheadersconfig>
2636
<httpprotocol>HTTP/1.1</httpprotocol>
2637
<accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</accept>
2638
<acceptcharset></acceptcharset>
2639
<acceptencoding>gzip, deflate</acceptencoding>
2640
<acceptlanguage>en-US</acceptlanguage>
2641
<cookie></cookie>
2642
<useragent>Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117
2643
Safari/537.36</useragent>
2644
<overwritewithdefaultheaders>0</overwritewithdefaultheaders>
2645
<trafficheaderlist>
2646
<trafficheader>
2647
<value>Authorization</value>
2648
</trafficheader>
2649
<trafficheader>
2650
<value>X-XSRF-TOKEN</value>
2651
</trafficheader>
2652
<trafficheader>
2653
<value>X-CSRF-Token</value>
2654
</trafficheader>
2655
</trafficheaderlist>
2656
</httpheadersconfig>
2657
<manualcrawlingconfig>
2658
</manualcrawlingconfig>
2659
<parametertrainingconfig>
2660
<formpopulation>Smart</formpopulation>
2661
<trainingparameterlist>
2662
<trainingparameter>
2663
<patternname>Username</patternname>
2664
<types>text,textarea</types>
2665
<language>en</language>
2666
<match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</match>
2667
<value>%RANDALPHANUM%</value>
2668
<valuematch></valuematch>
2669
<matchcriteria>Regex</matchcriteria>
2670
</trainingparameter>
2671
<trainingparameter>
2672
<patternname>Password</patternname>
2673
<types>password</types>
2674
<language>en</language>
2675
<match>password|passwd|pw|pwd</match>
2676
<value>%RANDALPHANUM%$</value>
2677
<valuematch></valuematch>
2678
<matchcriteria>Regex</matchcriteria>
2679
</trainingparameter>
2680
<trainingparameter>
2681
<patternname>Social Security Number</patternname>
2682
<types>text,textarea,password</types>
2683
<language>en</language>
2684
<match>SSN|social|security</match>
2685
<value>987-65-4320</value>
2686
<valuematch></valuematch>
2687
<matchcriteria>Regex</matchcriteria>
2688
</trainingparameter>
2689
<trainingparameter>
2690
<patternname>Address</patternname>
2691
<types>text,textarea</types>
2692
<language>en</language>
2693
<match>income</match>
2694
<value>100000</value>
2695
<valuematch></valuematch>
2696
<matchcriteria>Regex</matchcriteria>
2697
</trainingparameter>
2698
<trainingparameter>
2699
<patternname>Address</patternname>
2700
<types>text,textarea</types>
2701
<language>en</language>
2702
<match>address|street</match>
2703
<value>600 Fairy Land Drive</value>
2704
<valuematch></valuematch>
2705
<matchcriteria>Regex</matchcriteria>
2706
</trainingparameter>
2707
<trainingparameter>
2708
<patternname>Apartment number</patternname>
2709
<types>text,textarea</types>
2710
<language>en</language>
2711
<match>address|apartment|house</match>
2712
<value>123</value>
2713
<valuematch></valuematch>
2714
<matchcriteria>Regex</matchcriteria>
2715
</trainingparameter>
2716
<trainingparameter>
2717
<patternname>First name</patternname>
2718
<types>text,textarea</types>
2719
<language>en</language>
2720
<match>name</match>
2721
<value>John</value>
2722
<valuematch></valuematch>
2723
<matchcriteria>Regex</matchcriteria>
2724
</trainingparameter>
2725
<trainingparameter>
2726
<patternname>Last name</patternname>
2727
<types>text,textarea</types>
2728
<language>en</language>
2729
<match>last[:space:]*name|surname</match>
2730
<value>Johnson</value>
2731
<valuematch></valuematch>
2732
<matchcriteria>Regex</matchcriteria>
2733
</trainingparameter>
2734
<trainingparameter>
2735
<patternname>Full name</patternname>
2736
<types>text,textarea</types>
2737
<language>en</language>
2738
<match>(your|full)[:space:]+name|name</match>
2739
<value>John Johnson</value>
2740
<valuematch></valuematch>
2741
<matchcriteria>Regex</matchcriteria>
2742
</trainingparameter>
2743
<trainingparameter>
2744
<patternname>User Signature</patternname>
2745
<types>text,textarea</types>
2746
<language>en</language>
2747
<match>signature</match>
2748
<value>John Johnson</value>
2749
<valuematch></valuematch>
2750
<matchcriteria>Regex</matchcriteria>
2751
</trainingparameter>
2752
<trainingparameter>
2753
<patternname>Middle name</patternname>
2754
<types>text,textarea</types>
2755
<language>en</language>
2756
<match>middle[:space:]+name</match>
2757
<value>L</value>
2758
<valuematch></valuematch>
2759
<matchcriteria>Regex</matchcriteria>
2760
</trainingparameter>
2761
<trainingparameter>
2762
<patternname>City</patternname>
2763
<types>text,textarea</types>
2764
<language>en</language>
2765
<match>city|town</match>
2766
<value>Costa Mesa</value>
2767
<valuematch></valuematch>
2768
<matchcriteria>Regex</matchcriteria>
2769
</trainingparameter>
2770
<trainingparameter>
2771
<patternname>County</patternname>
2772
<types>text,textarea</types>
2773
<language>en</language>
2774
<match>county</match>
2775
<value>Orange</value>
2776
<valuematch></valuematch>
2777
<matchcriteria>Regex</matchcriteria>
2778
</trainingparameter>
2779
<trainingparameter>
2780
<patternname>State</patternname>
2781
<types>text,textarea</types>
2782
<language>en</language>
2783
<match>state</match>
2784
<value>CA</value>
2785
<valuematch></valuematch>
2786
<matchcriteria>Regex</matchcriteria>
2787
</trainingparameter>
2788
<trainingparameter>
2789
<patternname>Zip code</patternname>
2790
<types>text,textarea</types>
2791
<language>en</language>
2792
<match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</match>
2793
<value>92626</value>
2794
<valuematch></valuematch>
2795
<matchcriteria>Regex</matchcriteria>
2796
</trainingparameter>
2797
<trainingparameter>
2798
<patternname>Country</patternname>
2799
<types>text,textarea,select</types>
2800
<language>en</language>
2801
<match>united[:space:]*states|country</match>
2802
<value>US</value>
2803
<valuematch>us</valuematch>
2804
<matchcriteria>Regex</matchcriteria>
2805
</trainingparameter>
2806
<trainingparameter>
2807
<patternname>Phone number</patternname>
2808
<types>text,textarea</types>
2809
<language>en</language>
2810
<match>tele[:space:]*phone|fax|phone</match>
2811
<value>123-456-7890</value>
2812
<valuematch></valuematch>
2813
<matchcriteria>Regex</matchcriteria>
2814
</trainingparameter>
2815
<trainingparameter>
2816
<patternname>Phone area code</patternname>
2817
<types>text,textarea</types>
2818
<language>en</language>
2819
<match>area[:space:]+code</match>
2820
<value>123</value>
2821
<valuematch></valuematch>
2822
<matchcriteria>Regex</matchcriteria>
2823
</trainingparameter>
2824
<trainingparameter>
2825
<patternname>Company name</patternname>
2826
<types>text,textarea</types>
2827
<language>en</language>
2828
<match>company|employer|organization</match>
2829
<value>Example</value>
2830
<valuematch></valuematch>
2831
<matchcriteria>Regex</matchcriteria>
2832
</trainingparameter>
2833
<trainingparameter>
2834
<patternname>Email</patternname>
2835
<types>text,textarea</types>
2836
<language>en</language>
2837
<match>e[-_]?mail([-_]?address)?</match>
2838
<value>a%RANDALPHANUM%@example.com</value>
2839
<valuematch></valuematch>
2840
<matchcriteria>Regex</matchcriteria>
2841
</trainingparameter>
2842
<trainingparameter>
2843
<patternname>Birthday</patternname>
2844
<types>text,textarea</types>
2845
<language>en</language>
2846
<match>birth[:space:]day|birth</match>
2847
<value>12/25/1975</value>
2848
<valuematch></valuematch>
2849
<matchcriteria>Regex</matchcriteria>
2850
</trainingparameter>
2851
<trainingparameter>
2852
<patternname>Day</patternname>
2853
<types>text,textarea,select</types>
2854
<language>en</language>
2855
<match>dd|day</match>
2856
<value>25</value>
2857
<valuematch>25</valuematch>
2858
<matchcriteria>Regex</matchcriteria>
2859
</trainingparameter>
2860
<trainingparameter>
2861
<patternname>Month</patternname>
2862
<types>text,textarea,select</types>
2863
<language>en</language>
2864
<match>mm|month</match>
2865
<value>12</value>
2866
<valuematch>12|dec|d</valuematch>
2867
<matchcriteria>Regex</matchcriteria>
2868
</trainingparameter>
2869
<trainingparameter>
2870
<patternname>FutureYear</patternname>
2871
<types>text,textarea,select</types>
2872
<language>en</language>
2873
<match>2015|2016|2017</match>
2874
<value>2016</value>
2875
<valuematch>2015|2016|2017</valuematch>
2876
<matchcriteria>Regex</matchcriteria>
2877
</trainingparameter>
2878
<trainingparameter>
2879
<patternname>BirthYear</patternname>
2880
<types>text,textarea,select</types>
2881
<language>en</language>
2882
<match>yyyy|year|1975|1970|1960|1950</match>
2883
<value></value>
2884
<valuematch>1975|1970|1960|1950</valuematch>
2885
<matchcriteria>Regex</matchcriteria>
2886
</trainingparameter>
2887
<trainingparameter>
2888
<patternname>Past Date mm/dd/yyyy</patternname>
2889
<types>text,textarea</types>
2890
<language>en</language>
2891
<match>(start|from)[-\s_]*date</match>
2892
<value>02/02/2003</value>
2893
<valuematch></valuematch>
2894
<matchcriteria>Regex</matchcriteria>
2895
</trainingparameter>
2896
<trainingparameter>
2897
<patternname>Future Date mm/dd/yy</patternname>
2898
<types>text,textarea</types>
2899
<language>en</language>
2900
<match>mm/dd/yy</match>
2901
<value>02/02/15</value>
2902
<valuematch></valuematch>
2903
<matchcriteria>Regex</matchcriteria>
2904
</trainingparameter>
2905
<trainingparameter>
2906
<patternname>Future Date mm/dd/yyyy</patternname>
2907
<types>text,textarea</types>
2908
<language>en</language>
2909
<match>
2910
mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\s_]*date
2911
</match>
2912
<value>02/02/2015</value>
2913
<valuematch></valuematch>
2914
<matchcriteria>Regex</matchcriteria>
2915
</trainingparameter>
2916
<trainingparameter>
2917
<patternname>Old password</patternname>
2918
<types>password</types>
2919
<language>en</language>
2920
<match>old[:space:]+password</match>
2921
<value>%RANDALPHANUM%1'</value>
2922
<valuematch></valuematch>
2923
<matchcriteria>Regex</matchcriteria>
2924
</trainingparameter>
2925
<trainingparameter>
2926
<patternname>Accept terms</patternname>
2927
<types>checkbox,radio</types>
2928
<language>en</language>
2929
<match>
2930
<!--[CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]-->
2931
</match>
2932
<value></value>
2933
<valuematch>yes|1|on|true</valuematch>
2934
<matchcriteria>Regex</matchcriteria>
2935
</trainingparameter>
2936
<trainingparameter>
2937
<patternname>Save login</patternname>
2938
<types>checkbox,radio,select</types>
2939
<language>en</language>
2940
<match>save|remember</match>
2941
<value></value>
2942
<valuematch>yes|1|on|true</valuematch>
2943
<matchcriteria>Regex</matchcriteria>
2944
</trainingparameter>
2945
<trainingparameter>
2946
<patternname>Remove item</patternname>
2947
<types>checkbox,radio</types>
2948
<language>en</language>
2949
<match>remove|delete</match>
2950
<value></value>
2951
<valuematch></valuematch>
2952
<matchcriteria>Regex</matchcriteria>
2953
</trainingparameter>
2954
<trainingparameter>
2955
<patternname>Search</patternname>
2956
<types>text,textarea</types>
2957
<language>en</language>
2958
<match>keyword|search|query</match>
2959
<value>water</value>
2960
<valuematch></valuematch>
2961
<matchcriteria>Regex</matchcriteria>
2962
</trainingparameter>
2963
<trainingparameter>
2964
<patternname>Quantity</patternname>
2965
<types>text,textarea,select</types>
2966
<language>en</language>
2967
<match>quantity|amount|number|qty|num</match>
2968
<value>3</value>
2969
<valuematch></valuematch>
2970
<matchcriteria>Regex</matchcriteria>
2971
</trainingparameter>
2972
<trainingparameter>
2973
<patternname>Number</patternname>
2974
<types>text,textarea</types>
2975
<language>en</language>
2976
<match>number|count|nmr|cnt|rate|decimal|digit</match>
2977
<value>21</value>
2978
<valuematch></valuematch>
2979
<matchcriteria>Regex</matchcriteria>
2980
</trainingparameter>
2981
<trainingparameter>
2982
<patternname>Account Number</patternname>
2983
<types>text,textarea,select,radio,checkbox</types>
2984
<language>en</language>
2985
<match>account</match>
2986
<value>20</value>
2987
<valuematch></valuematch>
2988
<matchcriteria>Regex</matchcriteria>
2989
</trainingparameter>
2990
<trainingparameter>
2991
<patternname>Shipping method</patternname>
2992
<types>select,radio,checkbox</types>
2993
<language>en</language>
2994
<match>shipping|fedex|standard|ups</match>
2995
<value></value>
2996
<valuematch>fedex|standard|ups</valuematch>
2997
<matchcriteria>Regex</matchcriteria>
2998
</trainingparameter>
2999
<trainingparameter>
3000
<patternname>Gift</patternname>
3001
<types>checkbox</types>
3002
<language>en</language>
3003
<match>gift</match>
3004
<value></value>
3005
<valuematch>yes|1|on|true</valuematch>
3006
<matchcriteria>Regex</matchcriteria>
3007
</trainingparameter>
3008
<trainingparameter>
3009
<patternname>Credit card number</patternname>
3010
<types>text,textarea,password</types>
3011
<language>en</language>
3012
<match>credit[:space:]*card|card[:space:]*number</match>
3013
<value>5105105105105100</value>
3014
<valuematch></valuematch>
3015
<matchcriteria>Regex</matchcriteria>
3016
</trainingparameter>
3017
<trainingparameter>
3018
<patternname>Credit card type</patternname>
3019
<types>select,checkbox,radio</types>
3020
<language>en</language>
3021
<match>
3022
master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex
3023
</match>
3024
<value></value>
3025
<valuematch></valuematch>
3026
<matchcriteria>Regex</matchcriteria>
3027
</trainingparameter>
3028
<trainingparameter>
3029
<patternname>Credit card security code</patternname>
3030
<types>text,textarea,password</types>
3031
<language>en</language>
3032
<match>security[:space:]*code|verification[:space:]*number</match>
3033
<value>123</value>
3034
<valuematch></valuematch>
3035
<matchcriteria>Regex</matchcriteria>
3036
</trainingparameter>
3037
<trainingparameter>
3038
<patternname>PIN</patternname>
3039
<types>text,textarea,password</types>
3040
<language>en</language>
3041
<match>PIN</match>
3042
<value>1234</value>
3043
<valuematch></valuematch>
3044
<matchcriteria>Regex</matchcriteria>
3045
</trainingparameter>
3046
<trainingparameter>
3047
<patternname>CAPTCHA</patternname>
3048
<types>text,textarea</types>
3049
<language>en</language>
3050
<match>code[:space:]*shown|captcha</match>
3051
<value>%RANDALPHANUM%</value>
3052
<valuematch></valuematch>
3053
<matchcriteria>Regex</matchcriteria>
3054
</trainingparameter>
3055
<trainingparameter>
3056
<patternname>Size</patternname>
3057
<types>select</types>
3058
<language>en</language>
3059
<match>size|xxl</match>
3060
<value></value>
3061
<valuematch>(\b(m|s|42)\b</valuematch>
3062
<matchcriteria>Regex</matchcriteria>
3063
</trainingparameter>
3064
<trainingparameter>
3065
<patternname>Color</patternname>
3066
<types>select</types>
3067
<language>en</language>
3068
<match>\b(color|red|black)\b</match>
3069
<value>Blue</value>
3070
<valuematch>\b(blue|red|black)\b</valuematch>
3071
<matchcriteria>Regex</matchcriteria>
3072
</trainingparameter>
3073
<trainingparameter>
3074
<patternname>Price</patternname>
3075
<types>text,textare</types>
3076
<language>en</language>
3077
<match>price</match>
3078
<value>20</value>
3079
<valuematch></valuematch>
3080
<matchcriteria>Regex</matchcriteria>
3081
</trainingparameter>
3082
<trainingparameter>
3083
<patternname>Attention</patternname>
3084
<types>text,textare</types>
3085
<language>en</language>
3086
<match>attention</match>
3087
<value>John</value>
3088
<valuematch></valuematch>
3089
<matchcriteria>Regex</matchcriteria>
3090
</trainingparameter>
3091
<trainingparameter>
3092
<patternname>Gender</patternname>
3093
<types>select,radio</types>
3094
<language>en</language>
3095
<match>gender|male|female</match>
3096
<value>male</value>
3097
<valuematch>\b(male|m|f)\b</valuematch>
3098
<matchcriteria>Regex</matchcriteria>
3099
</trainingparameter>
3100
<trainingparameter>
3101
<patternname>Legal age</patternname>
3102
<types>checkbox,radio</types>
3103
<language>en</language>
3104
<match>legal|\d\d[:space:]*years[:space:]*old</match>
3105
<value>yes</value>
3106
<valuematch>\b(on|1|yes|true)\b</valuematch>
3107
<matchcriteria>Regex</matchcriteria>
3108
</trainingparameter>
3109
<trainingparameter>
3110
<patternname>Coupon code</patternname>
3111
<types>text,textarea</types>
3112
<language>en</language>
3113
<match>promotion|coupon</match>
3114
<value>%RANDALPHANUM%</value>
3115
<valuematch></valuematch>
3116
<matchcriteria>Regex</matchcriteria>
3117
</trainingparameter>
3118
<trainingparameter>
3119
<patternname>Send message</patternname>
3120
<types>text,textarea</types>
3121
<language>en</language>
3122
<match>message|comment|complain|enquiry|review</match>
3123
<value>comment</value>
3124
<valuematch></valuematch>
3125
<matchcriteria>Regex</matchcriteria>
3126
</trainingparameter>
3127
<trainingparameter>
3128
<patternname>Existing user</patternname>
3129
<types>checkbox,radio</types>
3130
<language>en</language>
3131
<match>returning|existing|customer</match>
3132
<value></value>
3133
<valuematch>\b(on|1|yes|true)\b</valuematch>
3134
<matchcriteria>Regex</matchcriteria>
3135
</trainingparameter>
3136
<trainingparameter>
3137
<patternname>Age</patternname>
3138
<types>text,textarea</types>
3139
<language>en</language>
3140
<match>age|under|over</match>
3141
<value>40</value>
3142
<valuematch></valuematch>
3143
<matchcriteria>Regex</matchcriteria>
3144
</trainingparameter>
3145
<trainingparameter>
3146
<patternname>Passphrase Hint</patternname>
3147
<types>text,textarea</types>
3148
<language>en</language>
3149
<match>What make|pet's name|your father|high school|friend</match>
3150
<value>What make was your first car?</value>
3151
<valuematch></valuematch>
3152
<matchcriteria>Regex</matchcriteria>
3153
</trainingparameter>
3154
<trainingparameter>
3155
<patternname>Passphrase Hint Answer</patternname>
3156
<types>text,textarea</types>
3157
<language>en</language>
3158
<match>Answer</match>
3159
<value>Ford</value>
3160
<valuematch></valuematch>
3161
<matchcriteria>Regex</matchcriteria>
3162
</trainingparameter>
3163
<trainingparameter>
3164
<patternname>Doctor name</patternname>
3165
<types>text,textarea</types>
3166
<language>en</language>
3167
<match>doctor</match>
3168
<value>John Johnson</value>
3169
<valuematch></valuematch>
3170
<matchcriteria>Regex</matchcriteria>
3171
</trainingparameter>
3172
<trainingparameter>
3173
<patternname>Website</patternname>
3174
<types>text,textarea</types>
3175
<language>en</language>
3176
<match>website</match>
3177
<value>www.example.com</value>
3178
<valuematch></valuematch>
3179
<matchcriteria>Regex</matchcriteria>
3180
</trainingparameter>
3181
<trainingparameter>
3182
<patternname>Address</patternname>
3183
<types>text,textarea</types>
3184
<language>de</language>
3185
<match>adresse|strasse</match>
3186
<value>600 Fairy Land Drive</value>
3187
<valuematch></valuematch>
3188
<matchcriteria>Regex</matchcriteria>
3189
</trainingparameter>
3190
<trainingparameter>
3191
<patternname>Apartment number</patternname>
3192
<types>text,textarea</types>
3193
<language>de</language>
3194
<match>adresse|wohnung|haus</match>
3195
<value>123</value>
3196
<valuematch></valuematch>
3197
<matchcriteria>Regex</matchcriteria>
3198
</trainingparameter>
3199
<trainingparameter>
3200
<patternname>First name</patternname>
3201
<types>text,textarea</types>
3202
<language>de</language>
3203
<match>name</match>
3204
<value>John</value>
3205
<valuematch></valuematch>
3206
<matchcriteria>Regex</matchcriteria>
3207
</trainingparameter>
3208
<trainingparameter>
3209
<patternname>Last name</patternname>
3210
<types>text,textarea</types>
3211
<language>de</language>
3212
<match>vorname|name</match>
3213
<value>Johnson</value>
3214
<valuematch></valuematch>
3215
<matchcriteria>Regex</matchcriteria>
3216
</trainingparameter>
3217
<trainingparameter>
3218
<patternname>Full name</patternname>
3219
<types>text,textarea</types>
3220
<language>de</language>
3221
<match>ihren namen|name</match>
3222
<value>John Johnson</value>
3223
<valuematch></valuematch>
3224
<matchcriteria>Regex</matchcriteria>
3225
</trainingparameter>
3226
<trainingparameter>
3227
<patternname>User Signature</patternname>
3228
<types>text,textarea</types>
3229
<language>de</language>
3230
<match>unterschrift</match>
3231
<value>John Johnson</value>
3232
<valuematch></valuematch>
3233
<matchcriteria>Regex</matchcriteria>
3234
</trainingparameter>
3235
<trainingparameter>
3236
<patternname>City</patternname>
3237
<types>text,textarea</types>
3238
<language>de</language>
3239
<match>stadt|stadt</match>
3240
<value>Berlin</value>
3241
<valuematch></valuematch>
3242
<matchcriteria>Regex</matchcriteria>
3243
</trainingparameter>
3244
<trainingparameter>
3245
<patternname>Regierungsbezirke</patternname>
3246
<types>text,textarea</types>
3247
<language>de</language>
3248
<match>regierungsbezirke</match>
3249
<value>Berlin</value>
3250
<valuematch></valuematch>
3251
<matchcriteria>Regex</matchcriteria>
3252
</trainingparameter>
3253
<trainingparameter>
3254
<patternname>Zip code</patternname>
3255
<types>text,textarea</types>
3256
<language>de</language>
3257
<match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</match>
3258
<value>10115</value>
3259
<valuematch></valuematch>
3260
<matchcriteria>Regex</matchcriteria>
3261
</trainingparameter>
3262
<trainingparameter>
3263
<patternname>Country</patternname>
3264
<types>text,textarea</types>
3265
<language>de</language>
3266
<match>\b(deutschland|land)\b</match>
3267
<value>DE</value>
3268
<valuematch>\bDE\b</valuematch>
3269
<matchcriteria>Regex</matchcriteria>
3270
</trainingparameter>
3271
<trainingparameter>
3272
<patternname>Phone number</patternname>
3273
<types>text,textarea</types>
3274
<language>de</language>
3275
<match>telefon|telefon|fax</match>
3276
<value>(1234) 567890</value>
3277
<valuematch></valuematch>
3278
<matchcriteria>Regex</matchcriteria>
3279
</trainingparameter>
3280
<trainingparameter>
3281
<patternname>Phone area code</patternname>
3282
<types>text,textarea</types>
3283
<language>de</language>
3284
<match>vorwahl</match>
3285
<value>123</value>
3286
<valuematch></valuematch>
3287
<matchcriteria>Regex</matchcriteria>
3288
</trainingparameter>
3289
<trainingparameter>
3290
<patternname>Company name</patternname>
3291
<types>text,textarea</types>
3292
<language>de</language>
3293
<match>unternehmen|arbeitgeber|organisation</match>
3294
<value>Example</value>
3295
<valuematch></valuematch>
3296
<matchcriteria>Regex</matchcriteria>
3297
</trainingparameter>
3298
<trainingparameter>
3299
<patternname>Email</patternname>
3300
<types>text,textarea</types>
3301
<language>de</language>
3302
<match>E[-_]Mailadresse|email|E[-_]Mail</match>
3303
<value>a%RANDALPHANUM%@example.com</value>
3304
<valuematch></valuematch>
3305
<matchcriteria>Regex</matchcriteria>
3306
</trainingparameter>
3307
<trainingparameter>
3308
<patternname>Birthday</patternname>
3309
<types>text,textarea</types>
3310
<language>de</language>
3311
<match>geburtstag|geburt</match>
3312
<value>12/25/1975</value>
3313
<valuematch></valuematch>
3314
<matchcriteria>Regex</matchcriteria>
3315
</trainingparameter>
3316
<trainingparameter>
3317
<patternname>Day</patternname>
3318
<types>text,textarea</types>
3319
<language>de</language>
3320
<match>tag</match>
3321
<value>25</value>
3322
<valuematch></valuematch>
3323
<matchcriteria>Regex</matchcriteria>
3324
</trainingparameter>
3325
<trainingparameter>
3326
<patternname>Month</patternname>
3327
<types>text,textarea</types>
3328
<language>de</language>
3329
<match>monat</match>
3330
<value>12</value>
3331
<valuematch></valuematch>
3332
<matchcriteria>Regex</matchcriteria>
3333
</trainingparameter>
3334
<trainingparameter>
3335
<patternname>Year</patternname>
3336
<types>text,textarea</types>
3337
<language>de</language>