Scan Config XML Breakout

Scan Config XML Breakout

Below is a sample of an XML config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.

ScanConfig is the top-level structure in the Scan Configuration File and contains all elements of the config to be submitted. For Example:

  • Name sets the name for the config

  • AppVersion identifies which version of AppSpider the config was written for (defaults to the current major version of the Scan Engine)

  • Log is a binary field to tell the engine to enable or disable logging (defaults to "1")

    • 1 - Enables Logging
    • 2 - Disables Logging

A full breakout of all XML elements contained in a scan config can be found at Scan Configuration Parameters

Caution

All elements must be submitted for the XML to be considered a "well-formed" request. Failure to include any element will result in the request being dropped

XML File example
xml
1
<ScanConfig>
2
<Name>webscantest</Name>
3
<AppVersion>7.0</AppVersion>
4
<Log>1</Log>
5
<DetailedLogging>0</DetailedLogging>
6
<IncludeTraffic>0</IncludeTraffic>
7
<WindowsErrors>0</WindowsErrors>
8
<UseSystemDsn>0</UseSystemDsn>
9
<Recrawl>0</Recrawl>
10
<PauseOnRecoverableError>1</PauseOnRecoverableError>
11
<DisplayImminentLicenseExpiryMessage>1</DisplayImminentLicenseExpiryMessage>
12
<ExecuteCommandLineURL></ExecuteCommandLineURL>
13
<NotifyScanDoneURL></NotifyScanDoneURL>
14
<JavaScriptEngine>Chrome</JavaScriptEngine>
15
<MaxDatabaseSize>1073741824</MaxDatabaseSize>
16
<MaxTrafficFiles>0</MaxTrafficFiles>
17
<CrawlConfig>
18
<MaxDomain>100</MaxDomain>
19
<MaxCrawlResults>5000</MaxCrawlResults>
20
<MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
21
<MaxPerDirCrawlResults>400</MaxPerDirCrawlResults>
22
<MaxPerLinkCrawlResults>40</MaxPerLinkCrawlResults>
23
<MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
24
<MaxPerDirChildNodes>300</MaxPerDirChildNodes>
25
<MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
26
<MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
27
<MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
28
<MaxPerQueryCrawlResults>100</MaxPerQueryCrawlResults>
29
<RecursionDepth>2</RecursionDepth>
30
<MaxDirDepth>15</MaxDirDepth>
31
<DiscoveryDepth>-1</DiscoveryDepth>
32
<UrlRepetitionTolerance>15</UrlRepetitionTolerance>
33
<SequenceRepetitionTolerance>3</SequenceRepetitionTolerance>
34
<MaxReportedImages>500</MaxReportedImages>
35
<MaxReportedLinks>2500</MaxReportedLinks>
36
<MaxReportedComments>500</MaxReportedComments>
37
<MaxReportedScripts>500</MaxReportedScripts>
38
<MaxReportedEmails>500</MaxReportedEmails>
39
<MaxReportedForms>500</MaxReportedForms>
40
<MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
41
<MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
42
<MaxBrowserDOMDepth>2</MaxBrowserDOMDepth>
43
<MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
44
<MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
45
<MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
46
<MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
47
<NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
48
<MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
49
<MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>
50
<MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>
51
<CrawlPrioritization>Smart</CrawlPrioritization>
52
<FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File
53
(or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
54
<ServerErrorRegex></ServerErrorRegex>
55
<InvalidURLRegexAttack>
56
<![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]>
57
</InvalidURLRegexAttack>
58
<InvalidURLRegexCrawl>
59
<![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]>
60
</InvalidURLRegexCrawl>
61
<PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>
62
<LockCookies>0</LockCookies>
63
<CaseSensitivity>Case Sensitive</CaseSensitivity>
64
<UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
65
<SaveReferences>0</SaveReferences>
66
<UseBrowser>1</UseBrowser>
67
<ShowBrowser>0</ShowBrowser>
68
<StayOnPort>0</StayOnPort>
69
<RestrictToMacro>0</RestrictToMacro>
70
<RestrictToManualCrawling>0</RestrictToManualCrawling>
71
<RestrictToSeedList>0</RestrictToSeedList>
72
<RestrictToWebService>0</RestrictToWebService>
73
<RestrictToSelenium>0</RestrictToSelenium>
74
<RestrictToSwagger>0</RestrictToSwagger>
75
<RestrictToAgentRoutes>0</RestrictToAgentRoutes>
76
<ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
77
<PageEqualThreshhold>0.95</PageEqualThreshhold>
78
<PageSimilarThreshhold>0.8</PageSimilarThreshhold>
79
<ExperimentalCrawling>Disabled</ExperimentalCrawling>
80
<Flash>1</Flash>
81
<EnableAdvancedParsers>1</EnableAdvancedParsers>
82
<SearchForUrls>1</SearchForUrls>
83
<CookieCommaSeparator>1</CookieCommaSeparator>
84
<MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
85
<BlacklistContactForms>0</BlacklistContactForms>
86
<EnableRobotstxtSitemapCrawling>0</EnableRobotstxtSitemapCrawling>
87
<LogDomContents>0</LogDomContents>
88
<UseBrowserResponseCaching>1</UseBrowserResponseCaching>
89
<FrameworksCrawlConfig>
90
<EnableFrameworksCrawling>1</EnableFrameworksCrawling>
91
<FrameworkConfigList>
92
<FrameworkConfig>
93
<Name>ReactJS</Name>
94
<DefaultConfigVersion>2</DefaultConfigVersion>
95
<Enabled>1</Enabled>
96
<HEAD>1</HEAD>
97
<DetectionRegex>createReactRootIndex</DetectionRegex>
98
<HealthcheckString>react</HealthcheckString>
99
<FileName>fm.react.min.js</FileName>
100
<GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>
101
<GetAllEventsDelay>0</GetAllEventsDelay>
102
<GetVersionStringScript></GetVersionStringScript>
103
</FrameworkConfig>
104
<FrameworkConfig>
105
<Name>AngularJS</Name>
106
<DefaultConfigVersion>1</DefaultConfigVersion>
107
<Enabled>1</Enabled>
108
<HEAD>0</HEAD>
109
<DetectionRegex>ng-controller</DetectionRegex>
110
<HealthcheckString>angular</HealthcheckString>
111
<FileName>angular-hook-bundle.min.js</FileName>
112
<GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>
113
<GetAllEventsDelay>0</GetAllEventsDelay>
114
<GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>
115
</FrameworkConfig>
116
<FrameworkConfig>
117
<Name>KnockoutJS</Name>
118
<DefaultConfigVersion>1</DefaultConfigVersion>
119
<Enabled>1</Enabled>
120
<HEAD>0</HEAD>
121
<DetectionRegex>data-bind</DetectionRegex>
122
<HealthcheckString>ko</HealthcheckString>
123
<FileName>ko-hook-bundle.min.js</FileName>
124
<GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>
125
<GetAllEventsDelay>5000</GetAllEventsDelay>
126
<GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>
127
</FrameworkConfig>
128
<FrameworkConfig>
129
<Name>AngularLib</Name>
130
<DefaultConfigVersion>2</DefaultConfigVersion>
131
<Enabled>1</Enabled>
132
133
<HEAD>0</HEAD>
134
<DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>
135
<HealthcheckString></HealthcheckString>
136
<FileName>angular-4-hook-bundle.min.js</FileName>
137
<GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>
138
<GetAllEventsDelay>6000</GetAllEventsDelay>
139
<GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>
140
</FrameworkConfig>
141
<FrameworkConfig>
142
<Name>ReactLib</Name>
143
<DefaultConfigVersion>1</DefaultConfigVersion>
144
<Enabled>1</Enabled>
145
<HEAD>0</HEAD>
146
<DetectionRegex>react-text</DetectionRegex>
147
<HealthcheckString></HealthcheckString>
148
<FileName>react-hook-bundle.min.js</FileName>
149
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>
150
<GetAllEventsDelay>8000</GetAllEventsDelay>
151
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
152
</FrameworkConfig>
153
<FrameworkConfig>
154
<Name>ReactTwo</Name>
155
<DefaultConfigVersion>1</DefaultConfigVersion>
156
<Enabled>1</Enabled>
157
<HEAD>0</HEAD>
158
<DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>
159
<HealthcheckString></HealthcheckString>
160
<FileName>react-hook-bundle.min.js</FileName>
161
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>
162
<GetAllEventsDelay>8000</GetAllEventsDelay>
163
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
164
</FrameworkConfig>
165
<FrameworkConfig>
166
<Name>OpenUI5</Name>
167
<DefaultConfigVersion>1</DefaultConfigVersion>
168
<Enabled>1</Enabled>
169
<HEAD>0</HEAD>
170
<DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>
171
<HealthcheckString></HealthcheckString>
172
<FileName>sap-open-ui5-hook-bundle.min.js</FileName>
173
<GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>
174
<GetAllEventsDelay>5000</GetAllEventsDelay>
175
<GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>
176
</FrameworkConfig>
177
<FrameworkConfig>
178
<Name>Vue</Name>
179
<DefaultConfigVersion>1</DefaultConfigVersion>
180
<Enabled>1</Enabled>
181
<HEAD>0</HEAD>
182
<DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>
183
<HealthcheckString></HealthcheckString>
184
<FileName>vue-hook-bundle.min.js</FileName>
185
<GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>
186
<GetAllEventsDelay>5000</GetAllEventsDelay>
187
<GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>
188
</FrameworkConfig>
189
<FrameworkConfig>
190
<Name>Ember</Name>
191
<DefaultConfigVersion>1</DefaultConfigVersion>
192
<Enabled>1</Enabled>
193
<HEAD>0</HEAD>
194
<DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>
195
<HealthcheckString></HealthcheckString>
196
<FileName>ember-hook-bundle.min.js</FileName>
197
<GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>
198
<GetAllEventsDelay>5000</GetAllEventsDelay>
199
<GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>
200
</FrameworkConfig>
201
<FrameworkConfig>
202
<Name>Backbone</Name>
203
<DefaultConfigVersion>1</DefaultConfigVersion>
204
<Enabled>1</Enabled>
205
<HEAD>0</HEAD>
206
<DetectionRegex>(?-i)Backbone</DetectionRegex>
207
<HealthcheckString></HealthcheckString>
208
<FileName>backbone-hook-bundle.min.js</FileName>
209
<GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>
210
<GetAllEventsDelay>5000</GetAllEventsDelay>
211
<GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>
212
</FrameworkConfig>
213
</FrameworkConfigList>
214
</FrameworksCrawlConfig>
215
<SeedUrlList>
216
<SeedUrl>
217
<Value>http://www.webscantest.com/</Value>
218
</SeedUrl>
219
</SeedUrlList>
220
<ScopeConstraintList>
221
<ScopeConstraint>
222
<URL>http://www.webscantest.com/*</URL>
223
<Method>All</Method>
224
<MatchCriteria>Wildcard</MatchCriteria>
225
<Exclusion>Include</Exclusion>
226
</ScopeConstraint>
227
<ScopeConstraint>
228
<URL>http://*.www.webscantest.com/*</URL>
229
<Method>All</Method>
230
<MatchCriteria>Wildcard</MatchCriteria>
231
<Exclusion>Include</Exclusion>
232
</ScopeConstraint>
233
</ScopeConstraintList>
234
<BlackListExtensionList>
235
<BlackListExtension>
236
<Value>css</Value>
237
</BlackListExtension>
238
<BlackListExtension>
239
<Value>axd</Value>
240
</BlackListExtension>
241
</BlackListExtensionList>
242
<GrayListExtensionList>
243
<GrayListExtension>
244
<Value>pdf</Value>
245
</GrayListExtension>
246
<GrayListExtension>
247
<Value>doc</Value>
248
</GrayListExtension>
249
<GrayListExtension>
250
<Value>jpg</Value>
251
</GrayListExtension>
252
<GrayListExtension>
253
<Value>jpeg</Value>
254
</GrayListExtension>
255
<GrayListExtension>
256
<Value>gif</Value>
257
</GrayListExtension>
258
<GrayListExtension>
259
<Value>png</Value>
260
</GrayListExtension>
261
<GrayListExtension>
262
<Value>bmp</Value>
263
</GrayListExtension>
264
<GrayListExtension>
265
<Value>ico</Value>
266
</GrayListExtension>
267
<GrayListExtension>
268
<Value>js</Value>
269
</GrayListExtension>
270
<GrayListExtension>
271
<Value>tiff</Value>
272
</GrayListExtension>
273
<GrayListExtension>
274
<Value>eot</Value>
275
</GrayListExtension>
276
<GrayListExtension>
277
<Value>ttf</Value>
278
</GrayListExtension>
279
<GrayListExtension>
280
<Value>mid</Value>
281
</GrayListExtension>
282
<GrayListExtension>
283
<Value>midi</Value>
284
</GrayListExtension>
285
<GrayListExtension>
286
<Value>mp3</Value>
287
</GrayListExtension>
288
<GrayListExtension>
289
<Value>mpeg</Value>
290
</GrayListExtension>
291
<GrayListExtension>
292
<Value>wav</Value>
293
</GrayListExtension>
294
<GrayListExtension>
295
<Value>avi</Value>
296
</GrayListExtension>
297
<GrayListExtension>
298
<Value>woff</Value>
299
</GrayListExtension>
300
<GrayListExtension>
301
<Value>svg</Value>
302
</GrayListExtension>
303
</GrayListExtensionList>
304
<BinaryExtensionList>
305
<BinaryExtension>
306
<Value>fla</Value>
307
</BinaryExtension>
308
<BinaryExtension>
309
<Value>swf</Value>
310
</BinaryExtension>
311
<BinaryExtension>
312
<Value>pdf</Value>
313
</BinaryExtension>
314
<BinaryExtension>
315
<Value>doc</Value>
316
</BinaryExtension>
317
<BinaryExtension>
318
<Value>jpg</Value>
319
</BinaryExtension>
320
<BinaryExtension>
321
<Value>jpeg</Value>
322
</BinaryExtension>
323
<BinaryExtension>
324
<Value>gif</Value>
325
</BinaryExtension>
326
<BinaryExtension>
327
<Value>png</Value>
328
</BinaryExtension>
329
<BinaryExtension>
330
<Value>bmp</Value>
331
</BinaryExtension>
332
<BinaryExtension>
333
<Value>ico</Value>
334
</BinaryExtension>
335
<BinaryExtension>
336
<Value>dll</Value>
337
</BinaryExtension>
338
<BinaryExtension>
339
<Value>exe</Value>
340
</BinaryExtension>
341
<BinaryExtension>
342
<Value>eot</Value>
343
</BinaryExtension>
344
<BinaryExtension>
345
<Value>ttf</Value>
346
</BinaryExtension>
347
<BinaryExtension>
348
<Value>mp3</Value>
349
</BinaryExtension>
350
<BinaryExtension>
351
<Value>mp4</Value>
352
</BinaryExtension>
353
<BinaryExtension>
354
<Value>wav</Value>
355
</BinaryExtension>
356
<BinaryExtension>
357
<Value>woff</Value>
358
</BinaryExtension>
359
<BinaryExtension>
360
<Value>svg</Value>
361
</BinaryExtension>
362
</BinaryExtensionList>
363
<TextExtensionList>
364
<TextExtension>
365
<Value>txt</Value>
366
</TextExtension>
367
<TextExtension>
368
<Value>js</Value>
369
</TextExtension>
370
<TextExtension>
371
<Value>css</Value>
372
</TextExtension>
373
<TextExtension>
374
<Value>json</Value>
375
</TextExtension>
376
</TextExtensionList>
377
<BinaryContentTypeList>
378
<BinaryContentType>
379
<Value>audio/*</Value>
380
</BinaryContentType>
381
<BinaryContentType>
382
<Value>image/*</Value>
383
</BinaryContentType>
384
<BinaryContentType>
385
<Value>video/*</Value>
386
</BinaryContentType>
387
<BinaryContentType>
388
<Value>application/pdf</Value>
389
</BinaryContentType>
390
<BinaryContentType>
391
<Value>application/zip</Value>
392
</BinaryContentType>
393
<BinaryContentType>
394
<Value>application/x-rar-compressed</Value>
395
</BinaryContentType>
396
<BinaryContentType>
397
<Value>application/x-dvi</Value>
398
</BinaryContentType>
399
<BinaryContentType>
400
<Value>application/x-shockwave-flash</Value>
401
</BinaryContentType>
402
<BinaryContentType>
403
<Value>application/msword</Value>
404
</BinaryContentType>
405
<BinaryContentType>
406
<Value>application/ogg</Value>
407
</BinaryContentType>
408
<BinaryContentType>
409
<Value>application/x-tar</Value>
410
</BinaryContentType>
411
<BinaryContentType>
412
<Value>application/octet-stream</Value>
413
</BinaryContentType>
414
</BinaryContentTypeList>
415
<HTMLContentTypeList>
416
<HTMLContentType>
417
<Value>text/html</Value>
418
</HTMLContentType>
419
<HTMLContentType>
420
<Value>html/*</Value>
421
</HTMLContentType>
422
<HTMLContentType>
423
<Value>application/xhtml+xml</Value>
424
</HTMLContentType>
425
</HTMLContentTypeList>
426
<TextContentTypeList>
427
<TextContentType>
428
<Value>text/plain</Value>
429
</TextContentType>
430
<TextContentType>
431
<Value>text/csv</Value>
432
</TextContentType>
433
<TextContentType>
434
<Value>text/css</Value>
435
</TextContentType>
436
<TextContentType>
437
<Value>text/javascript</Value>
438
</TextContentType>
439
<TextContentType>
440
<Value>application/javascript</Value>
441
</TextContentType>
442
<TextContentType>
443
<Value>application/x-javascript</Value>
444
</TextContentType>
445
<TextContentType>
446
<Value>application/json</Value>
447
</TextContentType>
448
<TextContentType>
449
<Value>application/x-httpd-php-source</Value>
450
</TextContentType>
451
</TextContentTypeList>
452
<XMLContentTypeList>
453
<XMLContentType>
454
<Value>application/xml-dtd</Value>
455
</XMLContentType>
456
<XMLContentType>
457
<Value>text/xml</Value>
458
</XMLContentType>
459
<XMLContentType>
460
<Value>application/soap+xml</Value>
461
</XMLContentType>
462
<XMLContentType>
463
<Value>application/xml</Value>
464
</XMLContentType>
465
</XMLContentTypeList>
466
<BrowserDownloadWhitelistList>
467
<BrowserDownloadWhitelist>
468
<Value>*.css</Value>
469
</BrowserDownloadWhitelist>
470
<BrowserDownloadWhitelist>
471
<Value>*.js</Value>
472
</BrowserDownloadWhitelist>
473
<BrowserDownloadWhitelist>
474
<Value>*.xml</Value>
475
</BrowserDownloadWhitelist>
476
<BrowserDownloadWhitelist>
477
<Value>*.dtd</Value>
478
</BrowserDownloadWhitelist>
479
<BrowserDownloadWhitelist>
480
<Value>*.axd</Value>
481
</BrowserDownloadWhitelist>
482
<BrowserDownloadWhitelist>
483
<Value>*.json</Value>
484
</BrowserDownloadWhitelist>
485
<BrowserDownloadWhitelist>
486
<Value>*/js/*</Value>
487
</BrowserDownloadWhitelist>
488
<BrowserDownloadWhitelist>
489
<Value>*/css/*</Value>
490
</BrowserDownloadWhitelist>
491
</BrowserDownloadWhitelistList>
492
<BrowserDoNotDownloadExtensionList>
493
<BrowserDoNotDownloadExtension>
494
<Value>pdf</Value>
495
</BrowserDoNotDownloadExtension>
496
<BrowserDoNotDownloadExtension>
497
<Value>doc</Value>
498
</BrowserDoNotDownloadExtension>
499
<BrowserDoNotDownloadExtension>
500
<Value>jpg</Value>
501
</BrowserDoNotDownloadExtension>
502
<BrowserDoNotDownloadExtension>
503
<Value>jpeg</Value>
504
</BrowserDoNotDownloadExtension>
505
<BrowserDoNotDownloadExtension>
506
<Value>gif</Value>
507
</BrowserDoNotDownloadExtension>
508
<BrowserDoNotDownloadExtension>
509
<Value>png</Value>
510
</BrowserDoNotDownloadExtension>
511
<BrowserDoNotDownloadExtension>
512
<Value>bmp</Value>
513
</BrowserDoNotDownloadExtension>
514
<BrowserDoNotDownloadExtension>
515
<Value>ico</Value>
516
</BrowserDoNotDownloadExtension>
517
<BrowserDoNotDownloadExtension>
518
<Value>exe</Value>
519
</BrowserDoNotDownloadExtension>
520
<BrowserDoNotDownloadExtension>
521
<Value>swf</Value>
522
</BrowserDoNotDownloadExtension>
523
<BrowserDoNotDownloadExtension>
524
<Value>mp3</Value>
525
</BrowserDoNotDownloadExtension>
526
<BrowserDoNotDownloadExtension>
527
<Value>mp4</Value>
528
</BrowserDoNotDownloadExtension>
529
<BrowserDoNotDownloadExtension>
530
<Value>wav</Value>
531
</BrowserDoNotDownloadExtension>
532
<BrowserDoNotDownloadExtension>
533
<Value>eot</Value>
534
</BrowserDoNotDownloadExtension>
535
<BrowserDoNotDownloadExtension>
536
<Value>ttf</Value>
537
</BrowserDoNotDownloadExtension>
538
<BrowserDoNotDownloadExtension>
539
<Value>woff</Value>
540
</BrowserDoNotDownloadExtension>
541
<BrowserDoNotDownloadExtension>
542
<Value>ico</Value>
543
</BrowserDoNotDownloadExtension>
544
<BrowserDoNotDownloadExtension>
545
<Value>svg</Value>
546
</BrowserDoNotDownloadExtension>
547
</BrowserDoNotDownloadExtensionList>
548
<BrowserDoNotDownloadContentTypeList>
549
<BrowserDoNotDownloadContentType>
550
<Value>audio/*</Value>
551
</BrowserDoNotDownloadContentType>
552
<BrowserDoNotDownloadContentType>
553
<Value>image/*</Value>
554
</BrowserDoNotDownloadContentType>
555
<BrowserDoNotDownloadContentType>
556
<Value>video/*</Value>
557
</BrowserDoNotDownloadContentType>
558
<BrowserDoNotDownloadContentType>
559
<Value>application/pdf</Value>
560
</BrowserDoNotDownloadContentType>
561
<BrowserDoNotDownloadContentType>
562
<Value>application/zip</Value>
563
</BrowserDoNotDownloadContentType>
564
<BrowserDoNotDownloadContentType>
565
<Value>application/x-rar-compressed</Value>
566
</BrowserDoNotDownloadContentType>
567
<BrowserDoNotDownloadContentType>
568
<Value>application/x-dvi</Value>
569
</BrowserDoNotDownloadContentType>
570
<BrowserDoNotDownloadContentType>
571
<Value>application/x-shockwave-flash</Value>
572
</BrowserDoNotDownloadContentType>
573
<BrowserDoNotDownloadContentType>
574
<Value>application/msword</Value>
575
</BrowserDoNotDownloadContentType>
576
<BrowserDoNotDownloadContentType>
577
<Value>application/ogg</Value>
578
</BrowserDoNotDownloadContentType>
579
<BrowserDoNotDownloadContentType>
580
<Value>application/x-tar</Value>
581
</BrowserDoNotDownloadContentType>
582
<BrowserDoNotDownloadContentType>
583
<Value>application/octet-stream</Value>
584
</BrowserDoNotDownloadContentType>
585
</BrowserDoNotDownloadContentTypeList>
586
</CrawlConfig>
587
<AttackerConfig>
588
<ParametersToAttackBeforeLimitingAttacks>100</ParametersToAttackBeforeLimitingAttacks>
589
<LinksToAttackBeforeLimitingAttacks>20</LinksToAttackBeforeLimitingAttacks>
590
<MaxSameNameParameterAttackPoints>10</MaxSameNameParameterAttackPoints>
591
<MaxSameCookieParameterAttackPoints>5</MaxSameCookieParameterAttackPoints>
592
<MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
593
<MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
594
<MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
595
<ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
596
<ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
597
<MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>
598
<MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>
599
<ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>
600
<OutOfBandHost></OutOfBandHost>
601
<MaxSeverityForTrafficReduction>Low</MaxSeverityForTrafficReduction>
602
<MinResponseSizeForTrafficReduction>204800</MinResponseSizeForTrafficReduction>
603
<DefaultDoNotAttackParamList>
604
<DefaultDoNotAttackParam>
605
<ParameterName>
606
^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$
607
</ParameterName>
608
<MatchCriteria>Regex</MatchCriteria>
609
</DefaultDoNotAttackParam>
610
</DefaultDoNotAttackParamList>
611
</AttackerConfig>
612
<AttackPolicyConfig>
613
<Policy>All Modules</Policy>
614
<AttackPrioritization>Smart</AttackPrioritization>
615
<AttackDepth>Smart</AttackDepth>
616
<EnableAdvancedAttacks>0</EnableAdvancedAttacks>
617
<FalsePositiveRegex></FalsePositiveRegex>
618
<FalsePositiveFindingRegex></FalsePositiveFindingRegex>
619
<RootCauseIdExcludeList></RootCauseIdExcludeList>
620
<AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
621
<EnforceEncoding>0</EnforceEncoding>
622
<AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
623
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
624
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
625
<AttackModulePolicyList>
626
<AttackModulePolicy>
627
<Enabled>1</Enabled>
628
<ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>
629
<ModulePriority>High</ModulePriority>
630
<Severity>Informational</Severity>
631
<MaxVulnLimit>10</MaxVulnLimit>
632
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
633
<MaxVarianceLimit>2</MaxVarianceLimit>
634
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
635
<EnforceEncoding>0</EnforceEncoding>
636
<ApplyPolicySeverity>0</ApplyPolicySeverity>
637
<AttackPoints>Web Site</AttackPoints>
638
<ParameterLocations></ParameterLocations>
639
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
640
<DisplayName>Anonymous Access</DisplayName>
641
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
642
</AttackModulePolicy>
643
<AttackModulePolicy>
644
<Enabled>1</Enabled>
645
<ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
646
<ModulePriority>High</ModulePriority>
647
<Severity>High</Severity>
648
<MaxVulnLimit>100</MaxVulnLimit>
649
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
650
<MaxVarianceLimit>3</MaxVarianceLimit>
651
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
652
<EnforceEncoding>0</EnforceEncoding>
653
<ApplyPolicySeverity>0</ApplyPolicySeverity>
654
<AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
655
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
656
</ParameterLocations>
657
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
658
<DisplayName>Apache Struts 2 Framework Checks</DisplayName>
659
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
660
</AttackModulePolicy>
661
<AttackModulePolicy>
662
<Enabled>1</Enabled>
663
<ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
664
<ModulePriority>High</ModulePriority>
665
<Severity>Informational</Severity>
666
<MaxVulnLimit>100</MaxVulnLimit>
667
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
668
<MaxVarianceLimit>3</MaxVarianceLimit>
669
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
670
<EnforceEncoding>0</EnforceEncoding>
671
<ApplyPolicySeverity>0</ApplyPolicySeverity>
672
<AttackPoints>Response Analysis</AttackPoints>
673
<ParameterLocations></ParameterLocations>
674
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
675
<DisplayName>Apache Struts Detection</DisplayName>
676
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
677
</AttackModulePolicy>
678
<AttackModulePolicy>
679
<Enabled>1</Enabled>
680
<ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
681
<ModulePriority>High</ModulePriority>
682
<Severity>High</Severity>
683
<MaxVulnLimit>100</MaxVulnLimit>
684
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
685
<MaxVarianceLimit>4</MaxVarianceLimit>
686
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
687
<EnforceEncoding>0</EnforceEncoding>
688
<ApplyPolicySeverity>0</ApplyPolicySeverity>
689
<AttackPoints>Parameter</AttackPoints>
690
<ParameterLocations>Post</ParameterLocations>
691
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
692
<DisplayName>Arbitrary File Upload</DisplayName>
693
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
694
</AttackModulePolicy>
695
<AttackModulePolicy>
696
<Enabled>1</Enabled>
697
<ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
698
<ModulePriority>Medium</ModulePriority>
699
<Severity>Low</Severity>
700
<MaxVulnLimit>25</MaxVulnLimit>
701
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
702
<MaxVarianceLimit>2</MaxVarianceLimit>
703
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
704
<EnforceEncoding>0</EnforceEncoding>
705
<ApplyPolicySeverity>0</ApplyPolicySeverity>
706
<AttackPoints>Directory</AttackPoints>
707
<ParameterLocations></ParameterLocations>
708
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
709
<DisplayName>ASP.NET Misconfiguration</DisplayName>
710
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
711
</AttackModulePolicy>
712
<AttackModulePolicy>
713
<Enabled>1</Enabled>
714
<ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>
715
<ModulePriority>Medium</ModulePriority>
716
<Severity>High</Severity>
717
<MaxVulnLimit>25</MaxVulnLimit>
718
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
719
<MaxVarianceLimit>4</MaxVarianceLimit>
720
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
721
<EnforceEncoding>0</EnforceEncoding>
722
<ApplyPolicySeverity>0</ApplyPolicySeverity>
723
<AttackPoints>Parameter</AttackPoints>
724
<ParameterLocations>Post|Cookie</ParameterLocations>
725
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
726
<DisplayName>ASP.NET Serialization</DisplayName>
727
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
728
</AttackModulePolicy>
729
<AttackModulePolicy>
730
<Enabled>1</Enabled>
731
<ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
732
<ModulePriority>Medium</ModulePriority>
733
<Severity>Low</Severity>
734
<MaxVulnLimit>200</MaxVulnLimit>
735
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
736
<MaxVarianceLimit>2</MaxVarianceLimit>
737
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
738
<EnforceEncoding>0</EnforceEncoding>
739
<ApplyPolicySeverity>0</ApplyPolicySeverity>
740
<AttackPoints>Response Analysis</AttackPoints>
741
<ParameterLocations></ParameterLocations>
742
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
743
<DisplayName>Autocomplete attribute</DisplayName>
744
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
745
</AttackModulePolicy>
746
<AttackModulePolicy>
747
<Enabled>1</Enabled>
748
<ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>
749
<ModulePriority>High</ModulePriority>
750
<Severity>High</Severity>
751
<MaxVulnLimit>75</MaxVulnLimit>
752
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
753
<MaxVarianceLimit>4</MaxVarianceLimit>
754
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
755
<EnforceEncoding>0</EnforceEncoding>
756
<ApplyPolicySeverity>0</ApplyPolicySeverity>
757
<AttackPoints>Parameter</AttackPoints>
758
<ParameterLocations>Query|Post</ParameterLocations>
759
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
760
<DisplayName>Blind LDAP Injection</DisplayName>
761
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
762
</AttackModulePolicy>
763
<AttackModulePolicy>
764
<Enabled>1</Enabled>
765
<ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
766
<ModulePriority>Medium</ModulePriority>
767
<Severity>Informational</Severity>
768
<MaxVulnLimit>100</MaxVulnLimit>
769
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
770
<MaxVarianceLimit>1</MaxVarianceLimit>
771
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
772
<EnforceEncoding>0</EnforceEncoding>
773
<ApplyPolicySeverity>0</ApplyPolicySeverity>
774
<AttackPoints>Response Analysis</AttackPoints>
775
<ParameterLocations></ParameterLocations>
776
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
777
<DisplayName>Browser Cache directive (web application performance)</DisplayName>
778
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
779
</AttackModulePolicy>
780
<AttackModulePolicy>
781
<Enabled>1</Enabled>
782
<ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
783
<ModulePriority>Medium</ModulePriority>
784
<Severity>Low</Severity>
785
<MaxVulnLimit>150</MaxVulnLimit>
786
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
787
<MaxVarianceLimit>4</MaxVarianceLimit>
788
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
789
<EnforceEncoding>0</EnforceEncoding>
790
<ApplyPolicySeverity>0</ApplyPolicySeverity>
791
<AttackPoints>Response Analysis</AttackPoints>
792
<ParameterLocations></ParameterLocations>
793
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
794
<DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>
795
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
796
</AttackModulePolicy>
797
<AttackModulePolicy>
798
<Enabled>1</Enabled>
799
<ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
800
<ModulePriority>High</ModulePriority>
801
<Severity>High</Severity>
802
<MaxVulnLimit>5</MaxVulnLimit>
803
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
804
<MaxVarianceLimit>2</MaxVarianceLimit>
805
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
806
<EnforceEncoding>0</EnforceEncoding>
807
<ApplyPolicySeverity>0</ApplyPolicySeverity>
808
<AttackPoints>Web Resource</AttackPoints>
809
<ParameterLocations></ParameterLocations>
810
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
811
<DisplayName>Brute Force (HTTP Auth)</DisplayName>
812
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
813
</AttackModulePolicy>
814
<AttackModulePolicy>
815
<Enabled>1</Enabled>
816
<ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
817
<ModulePriority>High</ModulePriority>
818
<Severity>High</Severity>
819
<MaxVulnLimit>5</MaxVulnLimit>
820
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
821
<MaxVarianceLimit>2</MaxVarianceLimit>
822
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
823
<EnforceEncoding>0</EnforceEncoding>
824
<ApplyPolicySeverity>0</ApplyPolicySeverity>
825
<AttackPoints>Parameter</AttackPoints>
826
<ParameterLocations>Query|Post</ParameterLocations>
827
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
828
<DisplayName>Brute Force (Form Auth)</DisplayName>
829
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
830
</AttackModulePolicy>
831
<AttackModulePolicy>
832
<Enabled>1</Enabled>
833
<ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
834
<ModulePriority>High</ModulePriority>
835
<Severity>High</Severity>
836
<MaxVulnLimit>250</MaxVulnLimit>
837
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
838
<MaxVarianceLimit>4</MaxVarianceLimit>
839
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
840
<EnforceEncoding>0</EnforceEncoding>
841
<ApplyPolicySeverity>0</ApplyPolicySeverity>
842
<AttackPoints>Parameter</AttackPoints>
843
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
844
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
845
<DisplayName>Blind SQL</DisplayName>
846
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
847
</AttackModulePolicy>
848
<AttackModulePolicy>
849
<Enabled>1</Enabled>
850
<ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
851
<ModulePriority>Low</ModulePriority>
852
<Severity>Low</Severity>
853
<MaxVulnLimit>100</MaxVulnLimit>
854
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
855
<MaxVarianceLimit>4</MaxVarianceLimit>
856
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
857
<EnforceEncoding>0</EnforceEncoding>
858
<ApplyPolicySeverity>0</ApplyPolicySeverity>
859
<AttackPoints>Directory</AttackPoints>
860
<ParameterLocations></ParameterLocations>
861
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
862
<DisplayName>Clients Cross-Domain Policy Files</DisplayName>
863
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
864
</AttackModulePolicy>
865
<AttackModulePolicy>
866
<Enabled>1</Enabled>
867
<ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
868
<ModulePriority>Low</ModulePriority>
869
<Severity>Informational</Severity>
870
<MaxVulnLimit>100</MaxVulnLimit>
871
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
872
<MaxVarianceLimit>4</MaxVarianceLimit>
873
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
874
<EnforceEncoding>0</EnforceEncoding>
875
<ApplyPolicySeverity>0</ApplyPolicySeverity>
876
<AttackPoints>Response Analysis</AttackPoints>
877
<ParameterLocations></ParameterLocations>
878
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
879
<DisplayName>Information Disclosure in comments</DisplayName>
880
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
881
</AttackModulePolicy>
882
<AttackModulePolicy>
883
<Enabled>1</Enabled>
884
<ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
885
<ModulePriority>Medium</ModulePriority>
886
<Severity>Low</Severity>
887
<MaxVulnLimit>50</MaxVulnLimit>
888
<MaxPerWebSiteVulnLimit>20</MaxPerWebSiteVulnLimit>
889
<MaxVarianceLimit>10</MaxVarianceLimit>
890
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
891
<EnforceEncoding>0</EnforceEncoding>
892
<ApplyPolicySeverity>0</ApplyPolicySeverity>
893
<AttackPoints>Response Analysis</AttackPoints>
894
<ParameterLocations></ParameterLocations>
895
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
896
<DisplayName>Cookie attributes</DisplayName>
897
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
898
</AttackModulePolicy>
899
<AttackModulePolicy>
900
<Enabled>1</Enabled>
901
<ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
902
<ModulePriority>Low</ModulePriority>
903
<Severity>Low</Severity>
904
<MaxVulnLimit>100</MaxVulnLimit>
905
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
906
<MaxVarianceLimit>5</MaxVarianceLimit>
907
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
908
<EnforceEncoding>0</EnforceEncoding>
909
<ApplyPolicySeverity>0</ApplyPolicySeverity>
910
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
911
<ParameterLocations></ParameterLocations>
912
<RequestOriginations>AJAX</RequestOriginations>
913
<DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>
914
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
915
</AttackModulePolicy>
916
<AttackModulePolicy>
917
<Enabled>1</Enabled>
918
<ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
919
<ModulePriority>Low</ModulePriority>
920
<Severity>Medium</Severity>
921
<MaxVulnLimit>25</MaxVulnLimit>
922
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
923
<MaxVarianceLimit>2</MaxVarianceLimit>
924
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
925
<EnforceEncoding>0</EnforceEncoding>
926
<ApplyPolicySeverity>0</ApplyPolicySeverity>
927
<AttackPoints>Response Analysis</AttackPoints>
928
<ParameterLocations></ParameterLocations>
929
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
930
<DisplayName>Credentials over an insecure channel</DisplayName>
931
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
932
</AttackModulePolicy>
933
<AttackModulePolicy>
934
<Enabled>1</Enabled>
935
<ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>
936
<ModulePriority>Medium</ModulePriority>
937
<Severity>Informational</Severity>
938
<MaxVulnLimit>100</MaxVulnLimit>
939
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
940
<MaxVarianceLimit>4</MaxVarianceLimit>
941
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
942
<EnforceEncoding>0</EnforceEncoding>
943
<ApplyPolicySeverity>0</ApplyPolicySeverity>
944
<AttackPoints>Response Analysis</AttackPoints>
945
<ParameterLocations></ParameterLocations>
946
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
947
<DisplayName>Content Security Policy Header</DisplayName>
948
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
949
</AttackModulePolicy>
950
<AttackModulePolicy>
951
<Enabled>1</Enabled>
952
<ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
953
<ModulePriority>Low</ModulePriority>
954
<Severity>Low</Severity>
955
<MaxVulnLimit>250</MaxVulnLimit>
956
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
957
<MaxVarianceLimit>2</MaxVarianceLimit>
958
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
959
<EnforceEncoding>0</EnforceEncoding>
960
<ApplyPolicySeverity>0</ApplyPolicySeverity>
961
<AttackPoints>Web Resource</AttackPoints>
962
<ParameterLocations></ParameterLocations>
963
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
964
<DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>
965
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
966
</AttackModulePolicy>
967
<AttackModulePolicy>
968
<Enabled>0</Enabled>
969
<ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
970
<ModulePriority>Medium</ModulePriority>
971
<Severity>Informational</Severity>
972
<MaxVulnLimit>20</MaxVulnLimit>
973
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
974
<MaxVarianceLimit>1</MaxVarianceLimit>
975
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
976
<EnforceEncoding>0</EnforceEncoding>
977
<ApplyPolicySeverity>0</ApplyPolicySeverity>
978
<AttackPoints>Directory</AttackPoints>
979
<ParameterLocations></ParameterLocations>
980
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
981
<DisplayName>Custom Directory Module</DisplayName>
982
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
983
</AttackModulePolicy>
984
<AttackModulePolicy>
985
<Enabled>0</Enabled>
986
<ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
987
<ModulePriority>Medium</ModulePriority>
988
<Severity>Informational</Severity>
989
<MaxVulnLimit>20</MaxVulnLimit>
990
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
991
<MaxVarianceLimit>1</MaxVarianceLimit>
992
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
993
<EnforceEncoding>0</EnforceEncoding>
994
<ApplyPolicySeverity>0</ApplyPolicySeverity>
995
<AttackPoints>Parameter</AttackPoints>
996
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
997
</ParameterLocations>
998
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
999
<DisplayName>Custom Parameter Module</DisplayName>
1000
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1001
</AttackModulePolicy>
1002
<AttackModulePolicy>
1003
<Enabled>0</Enabled>
1004
<ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
1005
<ModulePriority>Medium</ModulePriority>
1006
<Severity>Informational</Severity>
1007
<MaxVulnLimit>20</MaxVulnLimit>
1008
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1009
<MaxVarianceLimit>1</MaxVarianceLimit>
1010
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1011
<EnforceEncoding>0</EnforceEncoding>
1012
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1013
<AttackPoints>Response Analysis</AttackPoints>
1014
<ParameterLocations></ParameterLocations>
1015
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1016
<DisplayName>Custom Passive Module</DisplayName>
1017
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1018
</AttackModulePolicy>
1019
<AttackModulePolicy>
1020
<Enabled>1</Enabled>
1021
<ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
1022
<ModulePriority>Medium</ModulePriority>
1023
<Severity>Low</Severity>
1024
<MaxVulnLimit>250</MaxVulnLimit>
1025
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1026
<MaxVarianceLimit>1</MaxVarianceLimit>
1027
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1028
<EnforceEncoding>0</EnforceEncoding>
1029
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1030
<AttackPoints>Directory</AttackPoints>
1031
<ParameterLocations></ParameterLocations>
1032
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1033
<DisplayName>Directory Indexing</DisplayName>
1034
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1035
</AttackModulePolicy>
1036
<AttackModulePolicy>
1037
<Enabled>1</Enabled>
1038
<ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
1039
<ModulePriority>Low</ModulePriority>
1040
<Severity>Informational</Severity>
1041
<MaxVulnLimit>150</MaxVulnLimit>
1042
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1043
<MaxVarianceLimit>4</MaxVarianceLimit>
1044
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1045
<EnforceEncoding>0</EnforceEncoding>
1046
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1047
<AttackPoints>Response Analysis</AttackPoints>
1048
<ParameterLocations></ParameterLocations>
1049
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1050
<DisplayName>Email Disclosure</DisplayName>
1051
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1052
</AttackModulePolicy>
1053
<AttackModulePolicy>
1054
<Enabled>1</Enabled>
1055
<ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
1056
<ModulePriority>High</ModulePriority>
1057
<Severity>High</Severity>
1058
<MaxVulnLimit>100</MaxVulnLimit>
1059
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1060
<MaxVarianceLimit>4</MaxVarianceLimit>
1061
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1062
<EnforceEncoding>0</EnforceEncoding>
1063
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1064
<AttackPoints>Parameter</AttackPoints>
1065
<ParameterLocations>Path|Query|Post</ParameterLocations>
1066
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1067
<DisplayName>Expression Language Injection</DisplayName>
1068
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1069
</AttackModulePolicy>
1070
<AttackModulePolicy>
1071
<Enabled>1</Enabled>
1072
<ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
1073
<ModulePriority>Low</ModulePriority>
1074
<Severity>Low</Severity>
1075
<MaxVulnLimit>100</MaxVulnLimit>
1076
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1077
<MaxVarianceLimit>2</MaxVarianceLimit>
1078
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1079
<EnforceEncoding>0</EnforceEncoding>
1080
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1081
<AttackPoints>Parameter</AttackPoints>
1082
<ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
1083
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1084
<DisplayName>Forced Browsing</DisplayName>
1085
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1086
</AttackModulePolicy>
1087
<AttackModulePolicy>
1088
<Enabled>1</Enabled>
1089
<ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
1090
<ModulePriority>Medium</ModulePriority>
1091
<Severity>Low</Severity>
1092
<MaxVulnLimit>200</MaxVulnLimit>
1093
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1094
<MaxVarianceLimit>2</MaxVarianceLimit>
1095
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1096
<EnforceEncoding>0</EnforceEncoding>
1097
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1098
<AttackPoints>Response Analysis</AttackPoints>
1099
<ParameterLocations></ParameterLocations>
1100
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1101
<DisplayName>Sensitive Data Exposure</DisplayName>
1102
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1103
</AttackModulePolicy>
1104
<AttackModulePolicy>
1105
<Enabled>1</Enabled>
1106
<ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
1107
<ModulePriority>High</ModulePriority>
1108
<Severity>Low</Severity>
1109
<MaxVulnLimit>5</MaxVulnLimit>
1110
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1111
<MaxVarianceLimit>4</MaxVarianceLimit>
1112
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1113
<EnforceEncoding>0</EnforceEncoding>
1114
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1115
<AttackPoints>Web Resource</AttackPoints>
1116
<ParameterLocations></ParameterLocations>
1117
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1118
<DisplayName>Form Session Strength</DisplayName>
1119
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1120
</AttackModulePolicy>
1121
<AttackModulePolicy>
1122
<Enabled>1</Enabled>
1123
<ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
1124
<ModulePriority>High</ModulePriority>
1125
<Severity>High</Severity>
1126
<MaxVulnLimit>25</MaxVulnLimit>
1127
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1128
<MaxVarianceLimit>50</MaxVarianceLimit>
1129
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1130
<EnforceEncoding>0</EnforceEncoding>
1131
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1132
<AttackPoints>Web Site</AttackPoints>
1133
<ParameterLocations></ParameterLocations>
1134
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1135
<DisplayName>FrontPage Checks</DisplayName>
1136
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1137
</AttackModulePolicy>
1138
<AttackModulePolicy>
1139
<Enabled>1</Enabled>
1140
<ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
1141
<ModulePriority>High</ModulePriority>
1142
<Severity>High</Severity>
1143
<MaxVulnLimit>25</MaxVulnLimit>
1144
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1145
<MaxVarianceLimit>1</MaxVarianceLimit>
1146
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1147
<EnforceEncoding>0</EnforceEncoding>
1148
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1149
<AttackPoints>Web Site</AttackPoints>
1150
<ParameterLocations></ParameterLocations>
1151
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1152
<DisplayName>Heartbleed Check</DisplayName>
1153
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1154
</AttackModulePolicy>
1155
<AttackModulePolicy>
1156
<Enabled>1</Enabled>
1157
<ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
1158
<ModulePriority>Low</ModulePriority>
1159
<Severity>Informational</Severity>
1160
<MaxVulnLimit>20</MaxVulnLimit>
1161
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1162
<MaxVarianceLimit>1</MaxVarianceLimit>
1163
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1164
<EnforceEncoding>0</EnforceEncoding>
1165
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1166
<AttackPoints>Response Analysis</AttackPoints>
1167
<ParameterLocations></ParameterLocations>
1168
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1169
<DisplayName>HTTP Strict Transport Security</DisplayName>
1170
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1171
</AttackModulePolicy>
1172
<AttackModulePolicy>
1173
<Enabled>1</Enabled>
1174
<ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
1175
<ModulePriority>Low</ModulePriority>
1176
<Severity>Low</Severity>
1177
<MaxVulnLimit>20</MaxVulnLimit>
1178
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
1179
<MaxVarianceLimit>4</MaxVarianceLimit>
1180
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1181
<EnforceEncoding>0</EnforceEncoding>
1182
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1183
<AttackPoints>Response Analysis</AttackPoints>
1184
<ParameterLocations></ParameterLocations>
1185
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1186
<DisplayName>HTTP Authentication over insecure channel</DisplayName>
1187
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1188
</AttackModulePolicy>
1189
<AttackModulePolicy>
1190
<Enabled>1</Enabled>
1191
<ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
1192
<ModulePriority>Low</ModulePriority>
1193
<Severity>Low</Severity>
1194
<MaxVulnLimit>200</MaxVulnLimit>
1195
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1196
<MaxVarianceLimit>1</MaxVarianceLimit>
1197
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1198
<EnforceEncoding>0</EnforceEncoding>
1199
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1200
<AttackPoints>Web Resource</AttackPoints>
1201
<ParameterLocations></ParameterLocations>
1202
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1203
<DisplayName>HTTPS Downgrade</DisplayName>
1204
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1205
</AttackModulePolicy>
1206
<AttackModulePolicy>
1207
<Enabled>1</Enabled>
1208
<ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
1209
<ModulePriority>Medium</ModulePriority>
1210
<Severity>Informational</Severity>
1211
<MaxVulnLimit>200</MaxVulnLimit>
1212
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1213
<MaxVarianceLimit>4</MaxVarianceLimit>
1214
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1215
<EnforceEncoding>0</EnforceEncoding>
1216
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1217
<AttackPoints>Response Analysis</AttackPoints>
1218
<ParameterLocations></ParameterLocations>
1219
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1220
<DisplayName>HTTP Headers</DisplayName>
1221
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1222
</AttackModulePolicy>
1223
<AttackModulePolicy>
1224
<Enabled>1</Enabled>
1225
<ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
1226
<ModulePriority>High</ModulePriority>
1227
<Severity>High</Severity>
1228
<MaxVulnLimit>200</MaxVulnLimit>
1229
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1230
<MaxVarianceLimit>4</MaxVarianceLimit>
1231
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1232
<EnforceEncoding>0</EnforceEncoding>
1233
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1234
<AttackPoints>Parameter</AttackPoints>
1235
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1236
</ParameterLocations>
1237
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1238
<DisplayName>HTTP Response Splitting</DisplayName>
1239
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1240
</AttackModulePolicy>
1241
<AttackModulePolicy>
1242
<Enabled>1</Enabled>
1243
<ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>
1244
<ModulePriority>Low</ModulePriority>
1245
<Severity>Low</Severity>
1246
<MaxVulnLimit>200</MaxVulnLimit>
1247
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1248
<MaxVarianceLimit>1</MaxVarianceLimit>
1249
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1250
<EnforceEncoding>0</EnforceEncoding>
1251
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1252
<AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>
1253
<ParameterLocations></ParameterLocations>
1254
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1255
<DisplayName>HTTPS Everywhere</DisplayName>
1256
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1257
</AttackModulePolicy>
1258
<AttackModulePolicy>
1259
<Enabled>1</Enabled>
1260
<ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>
1261
<ModulePriority>Low</ModulePriority>
1262
<Severity>Informational</Severity>
1263
<MaxVulnLimit>20</MaxVulnLimit>
1264
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1265
<MaxVarianceLimit>1</MaxVarianceLimit>
1266
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1267
<EnforceEncoding>0</EnforceEncoding>
1268
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1269
<AttackPoints>Web Resource</AttackPoints>
1270
<ParameterLocations></ParameterLocations>
1271
<RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1272
<DisplayName>HTTP User-Agent Check</DisplayName>
1273
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1274
</AttackModulePolicy>
1275
<AttackModulePolicy>
1276
<Enabled>1</Enabled>
1277
<ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
1278
<ModulePriority>Low</ModulePriority>
1279
<Severity>Informational</Severity>
1280
<MaxVulnLimit>500</MaxVulnLimit>
1281
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1282
<MaxVarianceLimit>4</MaxVarianceLimit>
1283
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1284
<EnforceEncoding>0</EnforceEncoding>
1285
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1286
<AttackPoints>Response Analysis</AttackPoints>
1287
<ParameterLocations></ParameterLocations>
1288
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1289
<DisplayName>Information Disclosure in response</DisplayName>
1290
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1291
</AttackModulePolicy>
1292
<AttackModulePolicy>
1293
<Enabled>1</Enabled>
1294
<ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
1295
<ModulePriority>High</ModulePriority>
1296
<Severity>Low</Severity>
1297
<MaxVulnLimit>500</MaxVulnLimit>
1298
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1299
<MaxVarianceLimit>4</MaxVarianceLimit>
1300
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1301
<EnforceEncoding>0</EnforceEncoding>
1302
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1303
<AttackPoints>Response Analysis</AttackPoints>
1304
<ParameterLocations></ParameterLocations>
1305
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1306
<DisplayName>Information Leakage in responses</DisplayName>
1307
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1308
</AttackModulePolicy>
1309
<AttackModulePolicy>
1310
<Enabled>1</Enabled>
1311
<ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
1312
<ModulePriority>Low</ModulePriority>
1313
<Severity>Low</Severity>
1314
<MaxVulnLimit>100</MaxVulnLimit>
1315
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1316
<MaxVarianceLimit>4</MaxVarianceLimit>
1317
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1318
<EnforceEncoding>0</EnforceEncoding>
1319
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1320
<AttackPoints>Web Resource</AttackPoints>
1321
<ParameterLocations></ParameterLocations>
1322
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1323
<DisplayName>Java Grinder</DisplayName>
1324
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1325
</AttackModulePolicy>
1326
<AttackModulePolicy>
1327
<Enabled>1</Enabled>
1328
<ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>
1329
<ModulePriority>Low</ModulePriority>
1330
<Severity>Informational</Severity>
1331
<MaxVulnLimit>100</MaxVulnLimit>
1332
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
1333
<MaxVarianceLimit>4</MaxVarianceLimit>
1334
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1335
<EnforceEncoding>0</EnforceEncoding>
1336
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1337
<AttackPoints>Response Analysis</AttackPoints>
1338
<ParameterLocations></ParameterLocations>
1339
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
1340
<DisplayName>JavaScript Memory Leaks</DisplayName>
1341
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1342
</AttackModulePolicy>
1343
<AttackModulePolicy>
1344
<Enabled>1</Enabled>
1345
<ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
1346
<ModulePriority>High</ModulePriority>
1347
<Severity>High</Severity>
1348
<MaxVulnLimit>100</MaxVulnLimit>
1349
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
1350
<MaxVarianceLimit>4</MaxVarianceLimit>
1351
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1352
<EnforceEncoding>0</EnforceEncoding>
1353
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1354
<AttackPoints>Parameter</AttackPoints>
1355
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1356
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1357
<DisplayName>LDAP Injection</DisplayName>
1358
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1359
</AttackModulePolicy>
1360
<AttackModulePolicy>
1361
<Enabled>1</Enabled>
1362
<ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
1363
<ModulePriority>High</ModulePriority>
1364
<Severity>Informational</Severity>
1365
<MaxVulnLimit>250</MaxVulnLimit>
1366
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1367
<MaxVarianceLimit>4</MaxVarianceLimit>
1368
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1369
<EnforceEncoding>0</EnforceEncoding>
1370
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1371
<AttackPoints>Response Analysis</AttackPoints>
1372
<ParameterLocations></ParameterLocations>
1373
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1374
<DisplayName>Local Storage Usage</DisplayName>
1375
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1376
</AttackModulePolicy>
1377
<AttackModulePolicy>
1378
<Enabled>1</Enabled>
1379
<ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
1380
<ModulePriority>Medium</ModulePriority>
1381
<Severity>Low</Severity>
1382
<MaxVulnLimit>100</MaxVulnLimit>
1383
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1384
<MaxVarianceLimit>4</MaxVarianceLimit>
1385
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1386
<EnforceEncoding>0</EnforceEncoding>
1387
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1388
<AttackPoints>Parameter|Response Analysis</AttackPoints>
1389
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1390
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1391
<DisplayName>Business logic abuse attacks</DisplayName>
1392
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1393
</AttackModulePolicy>
1394
<AttackModulePolicy>
1395
<Enabled>1</Enabled>
1396
<ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
1397
<ModulePriority>High</ModulePriority>
1398
<Severity>High</Severity>
1399
<MaxVulnLimit>10</MaxVulnLimit>
1400
<MaxPerWebSiteVulnLimit>1</MaxPerWebSiteVulnLimit>
1401
<MaxVarianceLimit>1</MaxVarianceLimit>
1402
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1403
<EnforceEncoding>0</EnforceEncoding>
1404
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1405
<AttackPoints>Parameter</AttackPoints>
1406
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1407
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1408
<DisplayName>Nginx NULL code</DisplayName>
1409
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1410
</AttackModulePolicy>
1411
<AttackModulePolicy>
1412
<Enabled>1</Enabled>
1413
<ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>
1414
<ModulePriority>High</ModulePriority>
1415
<Severity>High</Severity>
1416
<MaxVulnLimit>500</MaxVulnLimit>
1417
<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1418
<MaxVarianceLimit>4</MaxVarianceLimit>
1419
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1420
<EnforceEncoding>0</EnforceEncoding>
1421
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1422
<AttackPoints>Parameter</AttackPoints>
1423
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1424
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1425
<DisplayName>NoSQLi Injection</DisplayName>
1426
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1427
</AttackModulePolicy>
1428
<AttackModulePolicy>
1429
<Enabled>1</Enabled>
1430
<ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>
1431
<ModulePriority>High</ModulePriority>
1432
<Severity>High</Severity>
1433
<MaxVulnLimit>250</MaxVulnLimit>
1434
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1435
<MaxVarianceLimit>4</MaxVarianceLimit>
1436
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1437
<EnforceEncoding>0</EnforceEncoding>
1438
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1439
<AttackPoints>Parameter</AttackPoints>
1440
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1441
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1442
<DisplayName>Blind NoSQLi</DisplayName>
1443
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1444
</AttackModulePolicy>
1445
<AttackModulePolicy>
1446
<Enabled>1</Enabled>
1447
<ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
1448
<ModulePriority>Medium</ModulePriority>
1449
<Severity>High</Severity>
1450
<MaxVulnLimit>200</MaxVulnLimit>
1451
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1452
<MaxVarianceLimit>4</MaxVarianceLimit>
1453
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1454
<EnforceEncoding>0</EnforceEncoding>
1455
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1456
<AttackPoints>Parameter</AttackPoints>
1457
<ParameterLocations>File|Path|Query|Post</ParameterLocations>
1458
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1459
<DisplayName>OS Commanding</DisplayName>
1460
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1461
</AttackModulePolicy>
1462
<AttackModulePolicy>
1463
<Enabled>1</Enabled>
1464
<ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
1465
<ModulePriority>High</ModulePriority>
1466
<Severity>High</Severity>
1467
<MaxVulnLimit>250</MaxVulnLimit>
1468
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1469
<MaxVarianceLimit>5</MaxVarianceLimit>
1470
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1471
<EnforceEncoding>0</EnforceEncoding>
1472
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1473
<AttackPoints>Parameter</AttackPoints>
1474
<ParameterLocations>Query|Post</ParameterLocations>
1475
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1476
<DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>
1477
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1478
</AttackModulePolicy>
1479
<AttackModulePolicy>
1480
<Enabled>1</Enabled>
1481
<ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
1482
<ModulePriority>High</ModulePriority>
1483
<Severity>Medium</Severity>
1484
<MaxVulnLimit>250</MaxVulnLimit>
1485
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1486
<MaxVarianceLimit>5</MaxVarianceLimit>
1487
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1488
<EnforceEncoding>0</EnforceEncoding>
1489
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1490
<AttackPoints>Parameter</AttackPoints>
1491
<ParameterLocations>Query|Post</ParameterLocations>
1492
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1493
<DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>
1494
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1495
</AttackModulePolicy>
1496
<AttackModulePolicy>
1497
<Enabled>1</Enabled>
1498
<ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
1499
<ModulePriority>High</ModulePriority>
1500
<Severity>Medium</Severity>
1501
<MaxVulnLimit>500</MaxVulnLimit>
1502
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1503
<MaxVarianceLimit>4</MaxVarianceLimit>
1504
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1505
<EnforceEncoding>0</EnforceEncoding>
1506
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1507
<AttackPoints>Parameter</AttackPoints>
1508
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
1509
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1510
<DisplayName>Parameter Fuzzing</DisplayName>
1511
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1512
</AttackModulePolicy>
1513
<AttackModulePolicy>
1514
<Enabled>1</Enabled>
1515
<ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
1516
<ModulePriority>High</ModulePriority>
1517
<Severity>Low</Severity>
1518
<MaxVulnLimit>10</MaxVulnLimit>
1519
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1520
<MaxVarianceLimit>2</MaxVarianceLimit>
1521
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1522
<EnforceEncoding>0</EnforceEncoding>
1523
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1524
<AttackPoints>Response Analysis</AttackPoints>
1525
<ParameterLocations></ParameterLocations>
1526
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1527
<DisplayName>Credentials stored in clear text in a cookie.</DisplayName>
1528
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1529
</AttackModulePolicy>
1530
<AttackModulePolicy>
1531
<Enabled>1</Enabled>
1532
<ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
1533
<ModulePriority>Medium</ModulePriority>
1534
<Severity>Informational</Severity>
1535
<MaxVulnLimit>200</MaxVulnLimit>
1536
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1537
<MaxVarianceLimit>10</MaxVarianceLimit>
1538
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1539
<EnforceEncoding>0</EnforceEncoding>
1540
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1541
<AttackPoints>Response Analysis</AttackPoints>
1542
<ParameterLocations></ParameterLocations>
1543
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1544
<DisplayName>Collecting Sensitive Personal Information</DisplayName>
1545
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1546
</AttackModulePolicy>
1547
<AttackModulePolicy>
1548
<Enabled>1</Enabled>
1549
<ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
1550
<ModulePriority>High</ModulePriority>
1551
<Severity>Medium</Severity>
1552
<MaxVulnLimit>100</MaxVulnLimit>
1553
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1554
<MaxVarianceLimit>4</MaxVarianceLimit>
1555
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1556
<EnforceEncoding>0</EnforceEncoding>
1557
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1558
<AttackPoints>Parameter</AttackPoints>
1559
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1560
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1561
<DisplayName>PHP Code Execution</DisplayName>
1562
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1563
</AttackModulePolicy>
1564
<AttackModulePolicy>
1565
<Enabled>1</Enabled>
1566
<ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>
1567
<ModulePriority>High</ModulePriority>
1568
<Severity>Low</Severity>
1569
<MaxVulnLimit>4</MaxVulnLimit>
1570
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1571
<MaxVarianceLimit>4</MaxVarianceLimit>
1572
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1573
<EnforceEncoding>0</EnforceEncoding>
1574
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1575
<AttackPoints>Web Resource</AttackPoints>
1576
<ParameterLocations></ParameterLocations>
1577
<RequestOriginations>HTML</RequestOriginations>
1578
<DisplayName>Privacy Policy Check</DisplayName>
1579
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1580
</AttackModulePolicy>
1581
<AttackModulePolicy>
1582
<Enabled>1</Enabled>
1583
<ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
1584
<ModulePriority>Low</ModulePriority>
1585
<Severity>Informational</Severity>
1586
<MaxVulnLimit>250</MaxVulnLimit>
1587
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1588
<MaxVarianceLimit>10</MaxVarianceLimit>
1589
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1590
<EnforceEncoding>0</EnforceEncoding>
1591
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1592
<AttackPoints>Response Analysis</AttackPoints>
1593
<ParameterLocations></ParameterLocations>
1594
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1595
<DisplayName>Privacy Disclosure</DisplayName>
1596
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1597
</AttackModulePolicy>
1598
<AttackModulePolicy>
1599
<Enabled>1</Enabled>
1600
<ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
1601
<ModulePriority>Medium</ModulePriority>
1602
<Severity>Low</Severity>
1603
<MaxVulnLimit>10</MaxVulnLimit>
1604
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1605
<MaxVarianceLimit>4</MaxVarianceLimit>
1606
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1607
<EnforceEncoding>0</EnforceEncoding>
1608
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1609
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
1610
<ParameterLocations></ParameterLocations>
1611
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1612
<DisplayName>Privilege Escalation</DisplayName>
1613
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1614
</AttackModulePolicy>
1615
<AttackModulePolicy>
1616
<Enabled>1</Enabled>
1617
<ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
1618
<ModulePriority>Low</ModulePriority>
1619
<Severity>Informational</Severity>
1620
<MaxVulnLimit>200</MaxVulnLimit>
1621
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1622
<MaxVarianceLimit>4</MaxVarianceLimit>
1623
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1624
<EnforceEncoding>0</EnforceEncoding>
1625
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1626
<AttackPoints>Response Analysis</AttackPoints>
1627
<ParameterLocations></ParameterLocations>
1628
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1629
<DisplayName>Profanity</DisplayName>
1630
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1631
</AttackModulePolicy>
1632
<AttackModulePolicy>
1633
<Enabled>1</Enabled>
1634
<ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
1635
<ModulePriority>Low</ModulePriority>
1636
<Severity>Informational</Severity>
1637
<MaxVulnLimit>500</MaxVulnLimit>
1638
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1639
<MaxVarianceLimit>4</MaxVarianceLimit>
1640
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1641
<EnforceEncoding>0</EnforceEncoding>
1642
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1643
<AttackPoints>Parameter</AttackPoints>
1644
<ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
1645
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1646
<DisplayName>Reflection</DisplayName>
1647
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1648
</AttackModulePolicy>
1649
<AttackModulePolicy>
1650
<Enabled>1</Enabled>
1651
<ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
1652
<ModulePriority>Medium</ModulePriority>
1653
<Severity>Medium</Severity>
1654
<MaxVulnLimit>1000</MaxVulnLimit>
1655
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
1656
<MaxVarianceLimit>4</MaxVarianceLimit>
1657
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1658
<EnforceEncoding>0</EnforceEncoding>
1659
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1660
<AttackPoints>Directory|File|Parameter</AttackPoints>
1661
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1662
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1663
<DisplayName>File Inclusion</DisplayName>
1664
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1665
</AttackModulePolicy>
1666
<AttackModulePolicy>
1667
<Enabled>1</Enabled>
1668
<ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
1669
<ModulePriority>Low</ModulePriority>
1670
<Severity>Informational</Severity>
1671
<MaxVulnLimit>50</MaxVulnLimit>
1672
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1673
<MaxVarianceLimit>2</MaxVarianceLimit>
1674
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1675
<EnforceEncoding>0</EnforceEncoding>
1676
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1677
<AttackPoints>Web Resource</AttackPoints>
1678
<ParameterLocations></ParameterLocations>
1679
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1680
<DisplayName>HTTP Verb Tampering</DisplayName>
1681
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1682
</AttackModulePolicy>
1683
<AttackModulePolicy>
1684
<Enabled>1</Enabled>
1685
<ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
1686
<ModulePriority>Low</ModulePriority>
1687
<Severity>Low</Severity>
1688
<MaxVulnLimit>200</MaxVulnLimit>
1689
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1690
<MaxVarianceLimit>10</MaxVarianceLimit>
1691
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1692
<EnforceEncoding>0</EnforceEncoding>
1693
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1694
<AttackPoints>Web Site|Directory|File</AttackPoints>
1695
<ParameterLocations></ParameterLocations>
1696
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1697
<DisplayName>Predictable Resource Location</DisplayName>
1698
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1699
</AttackModulePolicy>
1700
<AttackModulePolicy>
1701
<Enabled>1</Enabled>
1702
<ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
1703
<ModulePriority>Medium</ModulePriority>
1704
<Severity>Medium</Severity>
1705
<MaxVulnLimit>250</MaxVulnLimit>
1706
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1707
<MaxVarianceLimit>4</MaxVarianceLimit>
1708
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1709
<EnforceEncoding>0</EnforceEncoding>
1710
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1711
<AttackPoints>Parameter</AttackPoints>
1712
<ParameterLocations>Query</ParameterLocations>
1713
<RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
1714
<DisplayName>Reverse Clickjacking</DisplayName>
1715
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1716
</AttackModulePolicy>
1717
<AttackModulePolicy>
1718
<Enabled>1</Enabled>
1719
<ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
1720
<ModulePriority>High</ModulePriority>
1721
<Severity>Low</Severity>
1722
<MaxVulnLimit>25</MaxVulnLimit>
1723
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1724
<MaxVarianceLimit>1</MaxVarianceLimit>
1725
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1726
<EnforceEncoding>0</EnforceEncoding>
1727
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1728
<AttackPoints>Web Site</AttackPoints>
1729
<ParameterLocations></ParameterLocations>
1730
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1731
<DisplayName>Reverse Proxy</DisplayName>
1732
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1733
</AttackModulePolicy>
1734
<AttackModulePolicy>
1735
<Enabled>1</Enabled>
1736
<ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
1737
<ModulePriority>Low</ModulePriority>
1738
<Severity>Low</Severity>
1739
<MaxVulnLimit>200</MaxVulnLimit>
1740
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1741
<MaxVarianceLimit>4</MaxVarianceLimit>
1742
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1743
<EnforceEncoding>0</EnforceEncoding>
1744
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1745
<AttackPoints>Response Analysis</AttackPoints>
1746
<ParameterLocations></ParameterLocations>
1747
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1748
<DisplayName>Information Disclosure in scripts</DisplayName>
1749
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1750
</AttackModulePolicy>
1751
<AttackModulePolicy>
1752
<Enabled>1</Enabled>
1753
<ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
1754
<ModulePriority>Low</ModulePriority>
1755
<Severity>Informational</Severity>
1756
<MaxVulnLimit>250</MaxVulnLimit>
1757
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1758
<MaxVarianceLimit>3</MaxVarianceLimit>
1759
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1760
<EnforceEncoding>0</EnforceEncoding>
1761
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1762
<AttackPoints>Response Analysis</AttackPoints>
1763
<ParameterLocations></ParameterLocations>
1764
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1765
<DisplayName>Secure and non-secure content mix</DisplayName>
1766
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1767
</AttackModulePolicy>
1768
<AttackModulePolicy>
1769
<Enabled>1</Enabled>
1770
<ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
1771
<ModulePriority>Low</ModulePriority>
1772
<Severity>Low</Severity>
1773
<MaxVulnLimit>100</MaxVulnLimit>
1774
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1775
<MaxVarianceLimit>4</MaxVarianceLimit>
1776
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1777
<EnforceEncoding>0</EnforceEncoding>
1778
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1779
<AttackPoints>Response Analysis</AttackPoints>
1780
<ParameterLocations></ParameterLocations>
1781
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
1782
<DisplayName>Sensitive data over an insecure channel</DisplayName>
1783
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1784
</AttackModulePolicy>
1785
<AttackModulePolicy>
1786
<Enabled>1</Enabled>
1787
<ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
1788
<ModulePriority>High</ModulePriority>
1789
<Severity>Informational</Severity>
1790
<MaxVulnLimit>10</MaxVulnLimit>
1791
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1792
<MaxVarianceLimit>1</MaxVarianceLimit>
1793
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1794
<EnforceEncoding>0</EnforceEncoding>
1795
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1796
<AttackPoints>Web Site|Response Analysis</AttackPoints>
1797
<ParameterLocations></ParameterLocations>
1798
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1799
<DisplayName>Server Configuration</DisplayName>
1800
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1801
</AttackModulePolicy>
1802
<AttackModulePolicy>
1803
<Enabled>1</Enabled>
1804
<ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
1805
<ModulePriority>Medium</ModulePriority>
1806
<Severity>Medium</Severity>
1807
<MaxVulnLimit>150</MaxVulnLimit>
1808
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1809
<MaxVarianceLimit>4</MaxVarianceLimit>
1810
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1811
<EnforceEncoding>0</EnforceEncoding>
1812
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1813
<AttackPoints>Parameter</AttackPoints>
1814
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
1815
</ParameterLocations>
1816
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
1817
<DisplayName>Server Side Include (SSI) Injection</DisplayName>
1818
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1819
</AttackModulePolicy>
1820
<AttackModulePolicy>
1821
<Enabled>1</Enabled>
1822
<ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>
1823
<ModulePriority>High</ModulePriority>
1824
<Severity>High</Severity>
1825
<MaxVulnLimit>250</MaxVulnLimit>
1826
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1827
<MaxVarianceLimit>4</MaxVarianceLimit>
1828
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1829
<EnforceEncoding>0</EnforceEncoding>
1830
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1831
<AttackPoints>Directory|File|Parameter</AttackPoints>
1832
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
1833
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1834
<DisplayName>Server Side Request Forgery</DisplayName>
1835
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1836
</AttackModulePolicy>
1837
<AttackModulePolicy>
1838
<Enabled>1</Enabled>
1839
<ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>
1840
<ModulePriority>High</ModulePriority>
1841
<Severity>High</Severity>
1842
<MaxVulnLimit>200</MaxVulnLimit>
1843
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1844
<MaxVarianceLimit>4</MaxVarianceLimit>
1845
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1846
<EnforceEncoding>0</EnforceEncoding>
1847
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1848
<AttackPoints>Parameter</AttackPoints>
1849
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
1850
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1851
<DisplayName>Server Side Template Injection</DisplayName>
1852
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1853
</AttackModulePolicy>
1854
<AttackModulePolicy>
1855
<Enabled>1</Enabled>
1856
<ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
1857
<ModulePriority>High</ModulePriority>
1858
<Severity>Medium</Severity>
1859
<MaxVulnLimit>25</MaxVulnLimit>
1860
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1861
<MaxVarianceLimit>2</MaxVarianceLimit>
1862
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1863
<EnforceEncoding>0</EnforceEncoding>
1864
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1865
<AttackPoints>Web Resource</AttackPoints>
1866
<ParameterLocations></ParameterLocations>
1867
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1868
<DisplayName>Session Fixation</DisplayName>
1869
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1870
</AttackModulePolicy>
1871
<AttackModulePolicy>
1872
<Enabled>1</Enabled>
1873
<ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>
1874
<ModulePriority>Low</ModulePriority>
1875
<Severity>Low</Severity>
1876
<MaxVulnLimit>10</MaxVulnLimit>
1877
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
1878
<MaxVarianceLimit>1</MaxVarianceLimit>
1879
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1880
<EnforceEncoding>0</EnforceEncoding>
1881
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1882
<AttackPoints>Parameter</AttackPoints>
1883
<ParameterLocations>Directory|Path|Query</ParameterLocations>
1884
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
1885
<DisplayName>HTTP Query Session Check</DisplayName>
1886
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1887
</AttackModulePolicy>
1888
<AttackModulePolicy>
1889
<Enabled>1</Enabled>
1890
<ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
1891
<ModulePriority>Medium</ModulePriority>
1892
<Severity>Low</Severity>
1893
<MaxVulnLimit>10</MaxVulnLimit>
1894
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
1895
<MaxVarianceLimit>4</MaxVarianceLimit>
1896
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1897
<EnforceEncoding>0</EnforceEncoding>
1898
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1899
<AttackPoints>Web Resource</AttackPoints>
1900
<ParameterLocations></ParameterLocations>
1901
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1902
<DisplayName>Session Strength</DisplayName>
1903
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1904
</AttackModulePolicy>
1905
<AttackModulePolicy>
1906
<Enabled>1</Enabled>
1907
<ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>
1908
<ModulePriority>Medium</ModulePriority>
1909
<Severity>Low</Severity>
1910
<MaxVulnLimit>50</MaxVulnLimit>
1911
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1912
<MaxVarianceLimit>4</MaxVarianceLimit>
1913
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1914
<EnforceEncoding>0</EnforceEncoding>
1915
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1916
<AttackPoints>Response Analysis</AttackPoints>
1917
<ParameterLocations></ParameterLocations>
1918
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1919
<DisplayName>Session Upgrade</DisplayName>
1920
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1921
</AttackModulePolicy>
1922
<AttackModulePolicy>
1923
<Enabled>1</Enabled>
1924
<ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
1925
<ModulePriority>Low</ModulePriority>
1926
<Severity>Medium</Severity>
1927
<MaxVulnLimit>100</MaxVulnLimit>
1928
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1929
<MaxVarianceLimit>4</MaxVarianceLimit>
1930
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1931
<EnforceEncoding>0</EnforceEncoding>
1932
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1933
<AttackPoints>File</AttackPoints>
1934
<ParameterLocations></ParameterLocations>
1935
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1936
<DisplayName>Source Code Disclosure</DisplayName>
1937
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1938
</AttackModulePolicy>
1939
<AttackModulePolicy>
1940
<Enabled>1</Enabled>
1941
<ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
1942
<ModulePriority>High</ModulePriority>
1943
<Severity>Low</Severity>
1944
<MaxVulnLimit>250</MaxVulnLimit>
1945
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
1946
<MaxVarianceLimit>4</MaxVarianceLimit>
1947
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
1948
<EnforceEncoding>0</EnforceEncoding>
1949
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1950
<AttackPoints>Response Analysis</AttackPoints>
1951
<ParameterLocations></ParameterLocations>
1952
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1953
<DisplayName>SQL Information Leakage</DisplayName>
1954
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1955
</AttackModulePolicy>
1956
<AttackModulePolicy>
1957
<Enabled>1</Enabled>
1958
<ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
1959
<ModulePriority>High</ModulePriority>
1960
<Severity>High</Severity>
1961
<MaxVulnLimit>500</MaxVulnLimit>
1962
<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
1963
<MaxVarianceLimit>4</MaxVarianceLimit>
1964
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1965
<EnforceEncoding>0</EnforceEncoding>
1966
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1967
<AttackPoints>Parameter</AttackPoints>
1968
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
1969
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1970
<DisplayName>SQL Injection</DisplayName>
1971
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1972
</AttackModulePolicy>
1973
<AttackModulePolicy>
1974
<Enabled>1</Enabled>
1975
<ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
1976
<ModulePriority>High</ModulePriority>
1977
<Severity>High</Severity>
1978
<MaxVulnLimit>25</MaxVulnLimit>
1979
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
1980
<MaxVarianceLimit>4</MaxVarianceLimit>
1981
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1982
<EnforceEncoding>0</EnforceEncoding>
1983
<ApplyPolicySeverity>0</ApplyPolicySeverity>
1984
<AttackPoints>Parameter</AttackPoints>
1985
<ParameterLocations>Path|Query|Post</ParameterLocations>
1986
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
1987
<DisplayName>SQL Injection Auth Bypass</DisplayName>
1988
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
1989
</AttackModulePolicy>
1990
<AttackModulePolicy>
1991
<Enabled>1</Enabled>
1992
<ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
1993
<ModulePriority>Medium</ModulePriority>
1994
<Severity>Medium</Severity>
1995
<MaxVulnLimit>100</MaxVulnLimit>
1996
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
1997
<MaxVarianceLimit>4</MaxVarianceLimit>
1998
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
1999
<EnforceEncoding>0</EnforceEncoding>
2000
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2001
<AttackPoints>Response Analysis</AttackPoints>
2002
<ParameterLocations></ParameterLocations>
2003
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2004
<DisplayName>SQL Parameter Check</DisplayName>
2005
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2006
</AttackModulePolicy>
2007
<AttackModulePolicy>
2008
<Enabled>1</Enabled>
2009
<ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
2010
<ModulePriority>Medium</ModulePriority>
2011
<Severity>Informational</Severity>
2012
<MaxVulnLimit>25</MaxVulnLimit>
2013
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2014
<MaxVarianceLimit>100</MaxVarianceLimit>
2015
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2016
<EnforceEncoding>0</EnforceEncoding>
2017
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2018
<AttackPoints>Web Site</AttackPoints>
2019
<ParameterLocations></ParameterLocations>
2020
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2021
<DisplayName>SSL Strength</DisplayName>
2022
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2023
</AttackModulePolicy>
2024
<AttackModulePolicy>
2025
<Enabled>1</Enabled>
2026
<ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
2027
<ModulePriority>Medium</ModulePriority>
2028
<Severity>Informational</Severity>
2029
<MaxVulnLimit>50</MaxVulnLimit>
2030
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2031
<MaxVarianceLimit>20</MaxVarianceLimit>
2032
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2033
<EnforceEncoding>0</EnforceEncoding>
2034
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2035
<AttackPoints>Web Site</AttackPoints>
2036
<ParameterLocations></ParameterLocations>
2037
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2038
<DisplayName>Subdomain discovery</DisplayName>
2039
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2040
</AttackModulePolicy>
2041
<AttackModulePolicy>
2042
<Enabled>1</Enabled>
2043
<ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>
2044
<ModulePriority>Low</ModulePriority>
2045
<Severity>Low</Severity>
2046
<MaxVulnLimit>100</MaxVulnLimit>
2047
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
2048
<MaxVarianceLimit>4</MaxVarianceLimit>
2049
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2050
<EnforceEncoding>0</EnforceEncoding>
2051
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2052
<AttackPoints>Response Analysis</AttackPoints>
2053
<ParameterLocations></ParameterLocations>
2054
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
2055
<DisplayName>Subresource Integrity</DisplayName>
2056
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2057
</AttackModulePolicy>
2058
<AttackModulePolicy>
2059
<Enabled>1</Enabled>
2060
<ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
2061
<ModulePriority>High</ModulePriority>
2062
<Severity>Medium</Severity>
2063
<MaxVulnLimit>40</MaxVulnLimit>
2064
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2065
<MaxVarianceLimit>4</MaxVarianceLimit>
2066
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2067
<EnforceEncoding>0</EnforceEncoding>
2068
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2069
<AttackPoints>Parameter</AttackPoints>
2070
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2071
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2072
<DisplayName>Unvalidated Redirect</DisplayName>
2073
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2074
</AttackModulePolicy>
2075
<AttackModulePolicy>
2076
<Enabled>1</Enabled>
2077
<ModuleId>B69E83831D26496BB2CC0C0D70181EC3</ModuleId>
2078
<ModulePriority>High</ModulePriority>
2079
<Severity>Low</Severity>
2080
<MaxVulnLimit>40</MaxVulnLimit>
2081
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2082
<MaxVarianceLimit>4</MaxVarianceLimit>
2083
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2084
<EnforceEncoding>0</EnforceEncoding>
2085
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2086
<AttackPoints>Response Analysis</AttackPoints>
2087
<ParameterLocations></ParameterLocations>
2088
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2089
<DisplayName>URL rewriting</DisplayName>
2090
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2091
</AttackModulePolicy>
2092
<AttackModulePolicy>
2093
<Enabled>1</Enabled>
2094
<ModuleId>4DE84100F31849A7B845FE5F62D2FD7A</ModuleId>
2095
<ModulePriority>Medium</ModulePriority>
2096
<Severity>Medium</Severity>
2097
<MaxVulnLimit>25</MaxVulnLimit>
2098
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2099
<MaxVarianceLimit>2</MaxVarianceLimit>
2100
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2101
<EnforceEncoding>0</EnforceEncoding>
2102
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2103
<AttackPoints>Response Analysis</AttackPoints>
2104
<ParameterLocations></ParameterLocations>
2105
<RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
2106
<DisplayName>ASP.NET ViewState security</DisplayName>
2107
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2108
</AttackModulePolicy>
2109
<AttackModulePolicy>
2110
<Enabled>1</Enabled>
2111
<ModuleId>0BE4C251F44C4CF1924104ADFD86289C</ModuleId>
2112
<ModulePriority>Low</ModulePriority>
2113
<Severity>Informational</Severity>
2114
<MaxVulnLimit>100</MaxVulnLimit>
2115
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
2116
<MaxVarianceLimit>4</MaxVarianceLimit>
2117
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2118
<EnforceEncoding>0</EnforceEncoding>
2119
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2120
<AttackPoints>Web Resource</AttackPoints>
2121
<ParameterLocations></ParameterLocations>
2122
<RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
2123
<DisplayName>Web Beacon</DisplayName>
2124
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2125
</AttackModulePolicy>
2126
<AttackModulePolicy>
2127
<Enabled>1</Enabled>
2128
<ModuleId>667629EC1FDC4C6D98B5F4031717BB9B</ModuleId>
2129
<ModulePriority>Medium</ModulePriority>
2130
<Severity>Low</Severity>
2131
<MaxVulnLimit>250</MaxVulnLimit>
2132
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2133
<MaxVarianceLimit>4</MaxVarianceLimit>
2134
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2135
<EnforceEncoding>0</EnforceEncoding>
2136
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2137
<AttackPoints>Directory</AttackPoints>
2138
<ParameterLocations></ParameterLocations>
2139
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2140
<DisplayName>Web DAV Flaws Check</DisplayName>
2141
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2142
</AttackModulePolicy>
2143
<AttackModulePolicy>
2144
<Enabled>1</Enabled>
2145
<ModuleId>74FB936F2BBA499F8D0AF3B7A29B4F9E</ModuleId>
2146
<ModulePriority>High</ModulePriority>
2147
<Severity>Low</Severity>
2148
<MaxVulnLimit>30</MaxVulnLimit>
2149
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2150
<MaxVarianceLimit>4</MaxVarianceLimit>
2151
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2152
<EnforceEncoding>0</EnforceEncoding>
2153
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2154
<AttackPoints>Web Site</AttackPoints>
2155
<ParameterLocations></ParameterLocations>
2156
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2157
<DisplayName>Cross-site tracing (XST)</DisplayName>
2158
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2159
</AttackModulePolicy>
2160
<AttackModulePolicy>
2161
<Enabled>1</Enabled>
2162
<ModuleId>377030BFE58A4F01A112295D32A0744C</ModuleId>
2163
<ModulePriority>High</ModulePriority>
2164
<Severity>Medium</Severity>
2165
<MaxVulnLimit>250</MaxVulnLimit>
2166
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
2167
<MaxVarianceLimit>4</MaxVarianceLimit>
2168
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2169
<EnforceEncoding>0</EnforceEncoding>
2170
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2171
<AttackPoints>Parameter</AttackPoints>
2172
<ParameterLocations>Post</ParameterLocations>
2173
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2174
<DisplayName>Web Service Parameter Fuzzing</DisplayName>
2175
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2176
</AttackModulePolicy>
2177
<AttackModulePolicy>
2178
<Enabled>1</Enabled>
2179
<ModuleId>8399FA8EDF5C41BC9D3CF85DC23DC26B</ModuleId>
2180
<ModulePriority>Low</ModulePriority>
2181
<Severity>Informational</Severity>
2182
<MaxVulnLimit>20</MaxVulnLimit>
2183
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
2184
<MaxVarianceLimit>2</MaxVarianceLimit>
2185
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2186
<EnforceEncoding>0</EnforceEncoding>
2187
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2188
<AttackPoints>Response Analysis</AttackPoints>
2189
<ParameterLocations></ParameterLocations>
2190
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2191
<DisplayName>X-Content-Type-Options</DisplayName>
2192
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2193
</AttackModulePolicy>
2194
<AttackModulePolicy>
2195
<Enabled>1</Enabled>
2196
<ModuleId>3E2E60F7D0E04D8596918C2D1F639064</ModuleId>
2197
<ModulePriority>Low</ModulePriority>
2198
<Severity>Informational</Severity>
2199
<MaxVulnLimit>50</MaxVulnLimit>
2200
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
2201
<MaxVarianceLimit>2</MaxVarianceLimit>
2202
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2203
<EnforceEncoding>0</EnforceEncoding>
2204
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2205
<AttackPoints>Response Analysis</AttackPoints>
2206
<ParameterLocations></ParameterLocations>
2207
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2208
<DisplayName>X-Frame-Options</DisplayName>
2209
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2210
</AttackModulePolicy>
2211
<AttackModulePolicy>
2212
<Enabled>1</Enabled>
2213
<ModuleId>615D72F401BC447AB4A2139654BC9945</ModuleId>
2214
<ModulePriority>Low</ModulePriority>
2215
<Severity>Informational</Severity>
2216
<MaxVulnLimit>25</MaxVulnLimit>
2217
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
2218
<MaxVarianceLimit>2</MaxVarianceLimit>
2219
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2220
<EnforceEncoding>0</EnforceEncoding>
2221
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2222
<AttackPoints>Response Analysis</AttackPoints>
2223
<ParameterLocations></ParameterLocations>
2224
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2225
<DisplayName>X-XSS-Protection</DisplayName>
2226
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2227
</AttackModulePolicy>
2228
<AttackModulePolicy>
2229
<Enabled>1</Enabled>
2230
<ModuleId>ABFA075919804435A25A22A8CAC191DF</ModuleId>
2231
<ModulePriority>High</ModulePriority>
2232
<Severity>Medium</Severity>
2233
<MaxVulnLimit>100</MaxVulnLimit>
2234
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2235
<MaxVarianceLimit>4</MaxVarianceLimit>
2236
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2237
<EnforceEncoding>0</EnforceEncoding>
2238
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2239
<AttackPoints>Parameter</AttackPoints>
2240
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
2241
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2242
<DisplayName>XML External Entity Attack</DisplayName>
2243
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2244
</AttackModulePolicy>
2245
<AttackModulePolicy>
2246
<Enabled>1</Enabled>
2247
<ModuleId>BBE9F36A88A944ECB837D5193D356E4C</ModuleId>
2248
<ModulePriority>Medium</ModulePriority>
2249
<Severity>High</Severity>
2250
<MaxVulnLimit>100</MaxVulnLimit>
2251
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2252
<MaxVarianceLimit>4</MaxVarianceLimit>
2253
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2254
<EnforceEncoding>0</EnforceEncoding>
2255
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2256
<AttackPoints>Parameter</AttackPoints>
2257
<ParameterLocations>Path|Query|Post</ParameterLocations>
2258
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2259
<DisplayName>XPath Injection</DisplayName>
2260
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2261
</AttackModulePolicy>
2262
<AttackModulePolicy>
2263
<Enabled>1</Enabled>
2264
<ModuleId>6CEF426D33514825B50741616DB2120B</ModuleId>
2265
<ModulePriority>Low</ModulePriority>
2266
<Severity>Informational</Severity>
2267
<MaxVulnLimit>25</MaxVulnLimit>
2268
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
2269
<MaxVarianceLimit>2</MaxVarianceLimit>
2270
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2271
<EnforceEncoding>0</EnforceEncoding>
2272
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2273
<AttackPoints>Response Analysis</AttackPoints>
2274
<ParameterLocations></ParameterLocations>
2275
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2276
<DisplayName>X-Powered-By</DisplayName>
2277
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2278
</AttackModulePolicy>
2279
<AttackModulePolicy>
2280
<Enabled>1</Enabled>
2281
<ModuleId>46A8FE469F6C44BFB9946C021A2BCDC8</ModuleId>
2282
<ModulePriority>High</ModulePriority>
2283
<Severity>Medium</Severity>
2284
<MaxVulnLimit>250</MaxVulnLimit>
2285
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2286
<MaxVarianceLimit>4</MaxVarianceLimit>
2287
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2288
<EnforceEncoding>0</EnforceEncoding>
2289
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2290
<AttackPoints>Response Analysis</AttackPoints>
2291
<ParameterLocations></ParameterLocations>
2292
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2293
<DisplayName>Cross-site scripting (XSS), (DOM based)</DisplayName>
2294
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2295
</AttackModulePolicy>
2296
<AttackModulePolicy>
2297
<Enabled>1</Enabled>
2298
<ModuleId>BD57F92E956A493DA39ADDF215B29D96</ModuleId>
2299
<ModulePriority>High</ModulePriority>
2300
<Severity>Medium</Severity>
2301
<MaxVulnLimit>100</MaxVulnLimit>
2302
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2303
<MaxVarianceLimit>4</MaxVarianceLimit>
2304
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2305
<EnforceEncoding>0</EnforceEncoding>
2306
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2307
<AttackPoints>Web Resource</AttackPoints>
2308
<ParameterLocations></ParameterLocations>
2309
<RequestOriginations>AJAX</RequestOriginations>
2310
<DisplayName>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</DisplayName>
2311
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2312
</AttackModulePolicy>
2313
<AttackModulePolicy>
2314
<Enabled>1</Enabled>
2315
<ModuleId>62AA6A08FA764E209551B4A4C479F08D</ModuleId>
2316
<ModulePriority>High</ModulePriority>
2317
<Severity>High</Severity>
2318
<MaxVulnLimit>100</MaxVulnLimit>
2319
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2320
<MaxVarianceLimit>4</MaxVarianceLimit>
2321
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2322
<EnforceEncoding>0</EnforceEncoding>
2323
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2324
<AttackPoints>Response Analysis</AttackPoints>
2325
<ParameterLocations></ParameterLocations>
2326
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2327
<DisplayName>Persistent Cross-site scripting (XSS) (passive)</DisplayName>
2328
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2329
</AttackModulePolicy>
2330
<AttackModulePolicy>
2331
<Enabled>1</Enabled>
2332
<ModuleId>050ABD8CF99F4EE4AA18C12F06FA3051</ModuleId>
2333
<ModulePriority>High</ModulePriority>
2334
<Severity>High</Severity>
2335
<MaxVulnLimit>250</MaxVulnLimit>
2336
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
2337
<MaxVarianceLimit>5</MaxVarianceLimit>
2338
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2339
<EnforceEncoding>0</EnforceEncoding>
2340
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2341
<AttackPoints>Parameter</AttackPoints>
2342
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2343
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2344
<DisplayName>Persistent Cross-site scripting (XSS), (active)</DisplayName>
2345
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2346
</AttackModulePolicy>
2347
<AttackModulePolicy>
2348
<Enabled>1</Enabled>
2349
<ModuleId>ABEB2E590AA24A39BB6FE7DBD6338277</ModuleId>
2350
<ModulePriority>High</ModulePriority>
2351
<Severity>Medium</Severity>
2352
<MaxVulnLimit>400</MaxVulnLimit>
2353
<MaxPerWebSiteVulnLimit>150</MaxPerWebSiteVulnLimit>
2354
<MaxVarianceLimit>5</MaxVarianceLimit>
2355
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2356
<EnforceEncoding>0</EnforceEncoding>
2357
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2358
<AttackPoints>Parameter</AttackPoints>
2359
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
2360
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
2361
<DisplayName>Reflected Cross-site scripting (XSS)</DisplayName>
2362
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2363
</AttackModulePolicy>
2364
<AttackModulePolicy>
2365
<Enabled>1</Enabled>
2366
<ModuleId>FFBF4640C8A4475E93E099018951B409</ModuleId>
2367
<ModulePriority>Medium</ModulePriority>
2368
<Severity>Medium</Severity>
2369
<MaxVulnLimit>250</MaxVulnLimit>
2370
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
2371
<MaxVarianceLimit>4</MaxVarianceLimit>
2372
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
2373
<EnforceEncoding>0</EnforceEncoding>
2374
<ApplyPolicySeverity>0</ApplyPolicySeverity>
2375
<AttackPoints>Parameter</AttackPoints>
2376
<ParameterLocations>File|Query|Post</ParameterLocations>
2377
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
2378
<DisplayName>Reflected Cross-site scripting (XSS), (simple)</DisplayName>
2379
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
2380
</AttackModulePolicy>
2381
</AttackModulePolicyList>
2382
</AttackPolicyConfig>
2383
<AnalyzerConfig>
2384
<Enabled>0</Enabled>
2385
<NotExistingFilePath>/aaaaaaaa.aaa</NotExistingFilePath>
2386
<NotExistingDirPath>/aaaaaaaa/</NotExistingDirPath>
2387
<AppendToOriginalValue>1</AppendToOriginalValue>
2388
<ReplaceOriginalValue>0</ReplaceOriginalValue>
2389
</AnalyzerConfig>
2390
<AuthConfig>
2391
<Type>Form</Type>
2392
<HttpAuth>0</HttpAuth>
2393
<OAuth>0</OAuth>
2394
<ReloginAfterSessionLoss>1</ReloginAfterSessionLoss>
2395
<LogoutDetection>1</LogoutDetection>
2396
<UserAssistance>0</UserAssistance>
2397
<AssumeSuccessfulLogin>0</AssumeSuccessfulLogin>
2398
<VerifyNotLoggedin>1</VerifyNotLoggedin>
2399
<PostponeLoginAction>1</PostponeLoginAction>
2400
<CreateNonAuthenticatedSession>0</CreateNonAuthenticatedSession>
2401
<TreatFailedReloginAsError>1</TreatFailedReloginAsError>
2402
<RestartProxyBeforeRelogin>0</RestartProxyBeforeRelogin>
2403
<TemplateLoginMacro>0</TemplateLoginMacro>
2404
<BlacklistSinglePasswordForms>0</BlacklistSinglePasswordForms>
2405
<BlacklistMultiPasswordForms>1</BlacklistMultiPasswordForms>
2406
<ResetCookies>1</ResetCookies>
2407
<AccountType>Restricted</AccountType>
2408
<UsernameForm>admin</UsernameForm>
2409
<PasswordForm>
2410
FF7CF70CAE791A3B49FF16F4F97F566C661AFFA277EAA8DFFBF53AFFCC7554E4D013706DFFEC81A95B2CAEF2E9FF6F76CA0FA1B24DEF00FEFDEEFF200F320F0407445FCCD1
2411
</PasswordForm>
2412
<UsernameHttp></UsernameHttp>
2413
<PasswordHttp></PasswordHttp>
2414
<AutoLogonSecurity>Medium</AutoLogonSecurity>
2415
<LoginLinkRegex>((log|sign)[ -]?(in|on))|auth</LoginLinkRegex>
2416
<LoggedInRegex>(sign|log)[ -]?(out|off)</LoggedInRegex>
2417
<LoggedInHeaderRegex></LoggedInHeaderRegex>
2418
<SessionLossRegex>please (re)?login|have been logged out|session has expired</SessionLossRegex>
2419
<SessionLossHeaderRegex>Location: [^\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\b</SessionLossHeaderRegex>
2420
<LogoutLinkRegex>(sign|log|time)[ -]?(in|on|out|off)|password</LogoutLinkRegex>
2421
<LogoutPostBodyRegex>(sign|log|time)[ -]?(in|on|out|off)</LogoutPostBodyRegex>
2422
<CanaryPage></CanaryPage>
2423
<SessionLossOnCanaryPageHeaderRegex></SessionLossOnCanaryPageHeaderRegex>
2424
<SessionLossOnCanaryPageRegex></SessionLossOnCanaryPageRegex>
2425
<FormSubmissionScript></FormSubmissionScript>
2426
<SessionCookieRegex>\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\b
2427
</SessionCookieRegex>
2428
<SessionCookieLifespan>32</SessionCookieLifespan>
2429
<URLSessionTokenRegex></URLSessionTokenRegex>
2430
<PostSessionTokenRegex></PostSessionTokenRegex>
2431
<ResponseBodyTokenRegex></ResponseBodyTokenRegex>
2432
<SecondResponseBodyTokenRegex></SecondResponseBodyTokenRegex>
2433
<HTTPHeaderWithTokenReplacement></HTTPHeaderWithTokenReplacement>
2434
<SecondHTTPHeaderWithTokenReplacement></SecondHTTPHeaderWithTokenReplacement>
2435
<LogoutDetectionFrequency>60</LogoutDetectionFrequency>
2436
<DiscoveryMaxLinks>100</DiscoveryMaxLinks>
2437
<LoginMaxLinks>50</LoginMaxLinks>
2438
<DiscoveryDepth>10</DiscoveryDepth>
2439
<LoginDepth>10</LoginDepth>
2440
<MaxMacroReloginAttempts>3</MaxMacroReloginAttempts>
2441
<DiscoveryPrioritization>Login Form Discovery</DiscoveryPrioritization>
2442
<LoginPrioritization>Login</LoginPrioritization>
2443
<BootstrapDelay>60000</BootstrapDelay>
2444
<RemoteBootstrapTimeoutMinutes>60</RemoteBootstrapTimeoutMinutes>
2445
<SeedLink></SeedLink>
2446
<DiscoverLoginForm>1</DiscoverLoginForm>
2447
<UseBrowserFormLogin>1</UseBrowserFormLogin>
2448
<PingFrequency>600</PingFrequency>
2449
<PingURL></PingURL>
2450
<HmacConfig>
2451
<HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2452
<HMACUsername></HMACUsername>
2453
<HMACApiKey></HMACApiKey>
2454
<HMACHashAlgorithm>32780</HMACHashAlgorithm>
2455
</HmacConfig>
2456
<HawkConfig>
2457
<HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
2458
<HMACUsername></HMACUsername>
2459
<HMACApiKey></HMACApiKey>
2460
<HMACHashAlgorithm>32780</HMACHashAlgorithm>
2461
<HAWKAuthKeyId></HAWKAuthKeyId>
2462
<HAWKAuthKey></HAWKAuthKey>
2463
<HAWKExtAppData></HAWKExtAppData>
2464
</HawkConfig>
2465
<OauthConfig>
2466
<ResourceOwnerURL></ResourceOwnerURL>
2467
<ResourceServerURL></ResourceServerURL>
2468
<AuthorizationServerURL>/authorize</AuthorizationServerURL>
2469
<ClientId></ClientId>
2470
<ClientScope></ClientScope>
2471
<ClientState></ClientState>
2472
<ClientSecret></ClientSecret>
2473
<RedirectURI></RedirectURI>
2474
<Username></Username>
2475
<Password></Password>
2476
<UsernameForm></UsernameForm>
2477
<PasswordForm></PasswordForm>
2478
<ExtensionGrant></ExtensionGrant>
2479
<AuthorizationGrantType>Null</AuthorizationGrantType>
2480
<NeverDoBasicAuth>0</NeverDoBasicAuth>
2481
<JsonPostBodies>0</JsonPostBodies>
2482
<AzureResponseMode>NullAzureResponseMode</AzureResponseMode>
2483
<AzureResourceUrl></AzureResourceUrl>
2484
<AzurePrompt>NullAzurePrompt</AzurePrompt>
2485
<AzureLoginHint></AzureLoginHint>
2486
<AzureDomainHint></AzureDomainHint>
2487
</OauthConfig>
2488
<ADALConfig>
2489
<ResourceId>https://graph.windows.net</ResourceId>
2490
<Tenant></Tenant>
2491
<ClientId></ClientId>
2492
<AuthorityURL></AuthorityURL>
2493
<Username></Username>
2494
<Password></Password>
2495
<TokenRefreshPeriod>0:10:00</TokenRefreshPeriod>
2496
</ADALConfig>
2497
<MacroFile>
2498
<MacroFileName>
2499
<![CDATA[]]>
2500
</MacroFileName>
2501
<JavaScriptEngine>Default</JavaScriptEngine>
2502
<ShowInBrowser>0</ShowInBrowser>
2503
<ReplaySpeed>1</ReplaySpeed>
2504
<ASAPMode>1</ASAPMode>
2505
<ASAPModeMinDelay>3000</ASAPModeMinDelay>
2506
<ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro>
2507
<AttackAsSequence>0</AttackAsSequence>
2508
<SequenceConfig>
2509
<ResetSession>1</ResetSession>
2510
<AutoSequenceConfig>1</AutoSequenceConfig>
2511
<ManualSequenceConfig>
2512
</ManualSequenceConfig>
2513
</SequenceConfig>
2514
<WebDriverConfig>
2515
<ChromeDriverPort>1235</ChromeDriverPort>
2516
<ChromeDebugPort>1234</ChromeDebugPort>
2517
</WebDriverConfig>
2518
</MacroFile>
2519
<WebServiceAuthConfig>
2520
<Enabled>0</Enabled>
2521
<AuthWSDL></AuthWSDL>
2522
<AuthWebMethod></AuthWebMethod>
2523
<GetAuthTokenXPath></GetAuthTokenXPath>
2524
<PutAuthTokenXPath></PutAuthTokenXPath>
2525
<ExtractAuthToken>1</ExtractAuthToken>
2526
</WebServiceAuthConfig>
2527
<SeleniumFile>
2528
<SeleniumFileName>
2529
<![CDATA[]]>
2530
</SeleniumFileName>
2531
</SeleniumFile>
2532
<TrafficFile>
2533
<TrafficFileName></TrafficFileName>
2534
<TrafficFilePassword></TrafficFilePassword>
2535
<AttackAsSequence>0</AttackAsSequence>
2536
<BeginAttackRequest>0</BeginAttackRequest>
2537
<EndAttackRequest>-1</EndAttackRequest>
2538
</TrafficFile>
2539
<BrowserFormLoginConfig>
2540
<ShowInBrowser>0</ShowInBrowser>
2541
<InitialNavigateEventDuration>10000</InitialNavigateEventDuration>
2542
<FinalDelayEventDuration>20000</FinalDelayEventDuration>
2543
</BrowserFormLoginConfig>
2544
</AuthConfig>
2545
<ProxyConfig>
2546
<Type>Internet Explorer Settings</Type>
2547
<HttpHost></HttpHost>
2548
<HttpPort>0</HttpPort>
2549
<HttpsHost></HttpsHost>
2550
<HttpsPort>0</HttpsPort>
2551
<PACFile></PACFile>
2552
<Username></Username>
2553
<Password></Password>
2554
</ProxyConfig>
2555
<RemediationConfig>
2556
<DollarsPerHourAppDev>250</DollarsPerHourAppDev>
2557
<DollarsPerHourServerAdmin>250</DollarsPerHourServerAdmin>
2558
<DollarsPerHourDatabaseAdmin>250</DollarsPerHourDatabaseAdmin>
2559
<SetupHoursAppDev>8</SetupHoursAppDev>
2560
<SetupHoursServerAdmin>2</SetupHoursServerAdmin>
2561
<SetupHoursDatabaseAdmin>8</SetupHoursDatabaseAdmin>
2562
<MinHoursPerIssueAppDev>0.75</MinHoursPerIssueAppDev>
2563
<MaxHoursPerIssueAppDev>1.25</MaxHoursPerIssueAppDev>
2564
<MinHoursPerIssueServerAdmin>0.25</MinHoursPerIssueServerAdmin>
2565
<MaxHoursPerIssueServerAdmin>1</MaxHoursPerIssueServerAdmin>
2566
<MinHoursPerIssueDatabaseAdmin>0.75</MinHoursPerIssueDatabaseAdmin>
2567
<MaxHoursPerIssueDatabaseAdmin>1.25</MaxHoursPerIssueDatabaseAdmin>
2568
</RemediationConfig>
2569
<SSLCertConfig>
2570
<Type>NoCert</Type>
2571
<File></File>
2572
<Password></Password>
2573
<Index>-3</Index>
2574
<Name></Name>
2575
<SerialNumber></SerialNumber>
2576
<IssuerNameBase64></IssuerNameBase64>
2577
<Pin></Pin>
2578
<RequestPinAtStartup>0</RequestPinAtStartup>
2579
<SetPinInterval>180</SetPinInterval>
2580
</SSLCertConfig>
2581
<NetworkSettingsConfig>
2582
<CloseConnection>0</CloseConnection>
2583
<SendKeepAliveHeader>0</SendKeepAliveHeader>
2584
<PreAuthenticateBasicAuth>0</PreAuthenticateBasicAuth>
2585
<MaxRetries>2</MaxRetries>
2586
<MaxResponseSize>7000000</MaxResponseSize>
2587
<MaxJavasciptResponseSize>12000000</MaxJavasciptResponseSize>
2588
<ResolveTimeout>60000</ResolveTimeout>
2589
<ConnectTimeout>60000</ConnectTimeout>
2590
<WriteTimeout>60000</WriteTimeout>
2591
<ReadTimeout>60000</ReadTimeout>
2592
<AssumeDisconnectedTimeout>18000000</AssumeDisconnectedTimeout>
2593
<DripDelayMilliSeconds>25</DripDelayMilliSeconds>
2594
<MaxConsecutiveFailures>500</MaxConsecutiveFailures>
2595
<CustomNetworkLib>0</CustomNetworkLib>
2596
<NetworkPreferredAuthScheme>npasDefault</NetworkPreferredAuthScheme>
2597
<UseSecureProtocols>0</UseSecureProtocols>
2598
<SecureProtocols>SSL3|TLS1</SecureProtocols>
2599
<RASPScanDataSinkHost></RASPScanDataSinkHost>
2600
<RASPScanKickoffRESTHost></RASPScanKickoffRESTHost>
2601
<RASPScanKickoffRESTEndpoint>advise_rasp_of_scan</RASPScanKickoffRESTEndpoint>
2602
<RASPTimeout>0:03:00</RASPTimeout>
2603
</NetworkSettingsConfig>
2604
<PerformanceConfig>
2605
<MaxConcurrentRequests>16</MaxConcurrentRequests>
2606
<MaxBandwidthKB>1200</MaxBandwidthKB>
2607
<MaxBrowserReuseCount>10</MaxBrowserReuseCount>
2608
<MaxBrowserMemorySize>209715200</MaxBrowserMemorySize>
2609
<MaxCPUUsage>50</MaxCPUUsage>
2610
<MemoryCeiling>2800</MemoryCeiling>
2611
<MemoryCeiling64Bit>5600</MemoryCeiling64Bit>
2612
<AntiDoS>0</AntiDoS>
2613
<MonitorPerformanceUsage>1</MonitorPerformanceUsage>
2614
<DumpUserProcessMemoryUsage>0</DumpUserProcessMemoryUsage>
2615
<SingleThreadedScan>0</SingleThreadedScan>
2616
<KillStrayIEInstances>0</KillStrayIEInstances>
2617
<KillStrayChromeInstances>0</KillStrayChromeInstances>
2618
<MinFreeDiskSpace>524288000</MinFreeDiskSpace>
2619
<MaxMemoryUsagePercent>70</MaxMemoryUsagePercent>
2620
<MaxThreadCount>400</MaxThreadCount>
2621
<MaxBrowserProcessLifetime>240000</MaxBrowserProcessLifetime>
2622
<MinDatabaseCompactInterval>900000</MinDatabaseCompactInterval>
2623
<DatabaseCompactDuringScan>0</DatabaseCompactDuringScan>
2624
<DatabaseCompactPostScan>0</DatabaseCompactPostScan>
2625
</PerformanceConfig>
2626
<SystemRecommendationsConfig>
2627
<Enabled>1</Enabled>
2628
<MinLogicalProcessors>2</MinLogicalProcessors>
2629
<MinTotalPhysicalMemoryFor64Bit>4187593113</MinTotalPhysicalMemoryFor64Bit>
2630
<MinAvailablePhysicalMemoryFor64Bit>2147483648</MinAvailablePhysicalMemoryFor64Bit>
2631
<MinTotalPhysicalMemoryFor32Bit>2147483648</MinTotalPhysicalMemoryFor32Bit>
2632
<MinAvailablePhysicalMemoryFor32Bit>1073741824</MinAvailablePhysicalMemoryFor32Bit>
2633
<MinFreeDiskSpace>10737418240</MinFreeDiskSpace>
2634
</SystemRecommendationsConfig>
2635
<HTTPHeadersConfig>
2636
<HttpProtocol>HTTP/1.1</HttpProtocol>
2637
<Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept>
2638
<AcceptCharset></AcceptCharset>
2639
<AcceptEncoding>gzip, deflate</AcceptEncoding>
2640
<AcceptLanguage>en-US</AcceptLanguage>
2641
<Cookie></Cookie>
2642
<UserAgent>Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117
2643
Safari/537.36</UserAgent>
2644
<OverwriteWithDefaultHeaders>0</OverwriteWithDefaultHeaders>
2645
<TrafficHeaderList>
2646
<TrafficHeader>
2647
<Value>Authorization</Value>
2648
</TrafficHeader>
2649
<TrafficHeader>
2650
<Value>X-XSRF-TOKEN</Value>
2651
</TrafficHeader>
2652
<TrafficHeader>
2653
<Value>X-CSRF-Token</Value>
2654
</TrafficHeader>
2655
</TrafficHeaderList>
2656
</HTTPHeadersConfig>
2657
<ManualCrawlingConfig>
2658
</ManualCrawlingConfig>
2659
<ParameterTrainingConfig>
2660
<FormPopulation>Smart</FormPopulation>
2661
<TrainingParameterList>
2662
<TrainingParameter>
2663
<PatternName>Username</PatternName>
2664
<Types>text,textarea</Types>
2665
<Language>en</Language>
2666
<Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match>
2667
<Value>%RANDALPHANUM%</Value>
2668
<ValueMatch></ValueMatch>
2669
<MatchCriteria>Regex</MatchCriteria>
2670
</TrainingParameter>
2671
<TrainingParameter>
2672
<PatternName>Password</PatternName>
2673
<Types>password</Types>
2674
<Language>en</Language>
2675
<Match>password|passwd|pw|pwd</Match>
2676
<Value>%RANDALPHANUM%$</Value>
2677
<ValueMatch></ValueMatch>
2678
<MatchCriteria>Regex</MatchCriteria>
2679
</TrainingParameter>
2680
<TrainingParameter>
2681
<PatternName>Social Security Number</PatternName>
2682
<Types>text,textarea,password</Types>
2683
<Language>en</Language>
2684
<Match>SSN|social|security</Match>
2685
<Value>987-65-4320</Value>
2686
<ValueMatch></ValueMatch>
2687
<MatchCriteria>Regex</MatchCriteria>
2688
</TrainingParameter>
2689
<TrainingParameter>
2690
<PatternName>Address</PatternName>
2691
<Types>text,textarea</Types>
2692
<Language>en</Language>
2693
<Match>income</Match>
2694
<Value>100000</Value>
2695
<ValueMatch></ValueMatch>
2696
<MatchCriteria>Regex</MatchCriteria>
2697
</TrainingParameter>
2698
<TrainingParameter>
2699
<PatternName>Address</PatternName>
2700
<Types>text,textarea</Types>
2701
<Language>en</Language>
2702
<Match>address|street</Match>
2703
<Value>600 Fairy Land Drive</Value>
2704
<ValueMatch></ValueMatch>
2705
<MatchCriteria>Regex</MatchCriteria>
2706
</TrainingParameter>
2707
<TrainingParameter>
2708
<PatternName>Apartment number</PatternName>
2709
<Types>text,textarea</Types>
2710
<Language>en</Language>
2711
<Match>address|apartment|house</Match>
2712
<Value>123</Value>
2713
<ValueMatch></ValueMatch>
2714
<MatchCriteria>Regex</MatchCriteria>
2715
</TrainingParameter>
2716
<TrainingParameter>
2717
<PatternName>First name</PatternName>
2718
<Types>text,textarea</Types>
2719
<Language>en</Language>
2720
<Match>name</Match>
2721
<Value>John</Value>
2722
<ValueMatch></ValueMatch>
2723
<MatchCriteria>Regex</MatchCriteria>
2724
</TrainingParameter>
2725
<TrainingParameter>
2726
<PatternName>Last name</PatternName>
2727
<Types>text,textarea</Types>
2728
<Language>en</Language>
2729
<Match>last[:space:]*name|surname</Match>
2730
<Value>Johnson</Value>
2731
<ValueMatch></ValueMatch>
2732
<MatchCriteria>Regex</MatchCriteria>
2733
</TrainingParameter>
2734
<TrainingParameter>
2735
<PatternName>Full name</PatternName>
2736
<Types>text,textarea</Types>
2737
<Language>en</Language>
2738
<Match>(your|full)[:space:]+name|name</Match>
2739
<Value>John Johnson</Value>
2740
<ValueMatch></ValueMatch>
2741
<MatchCriteria>Regex</MatchCriteria>
2742
</TrainingParameter>
2743
<TrainingParameter>
2744
<PatternName>User Signature</PatternName>
2745
<Types>text,textarea</Types>
2746
<Language>en</Language>
2747
<Match>signature</Match>
2748
<Value>John Johnson</Value>
2749
<ValueMatch></ValueMatch>
2750
<MatchCriteria>Regex</MatchCriteria>
2751
</TrainingParameter>
2752
<TrainingParameter>
2753
<PatternName>Middle name</PatternName>
2754
<Types>text,textarea</Types>
2755
<Language>en</Language>
2756
<Match>middle[:space:]+name</Match>
2757
<Value>L</Value>
2758
<ValueMatch></ValueMatch>
2759
<MatchCriteria>Regex</MatchCriteria>
2760
</TrainingParameter>
2761
<TrainingParameter>
2762
<PatternName>City</PatternName>
2763
<Types>text,textarea</Types>
2764
<Language>en</Language>
2765
<Match>city|town</Match>
2766
<Value>Costa Mesa</Value>
2767
<ValueMatch></ValueMatch>
2768
<MatchCriteria>Regex</MatchCriteria>
2769
</TrainingParameter>
2770
<TrainingParameter>
2771
<PatternName>County</PatternName>
2772
<Types>text,textarea</Types>
2773
<Language>en</Language>
2774
<Match>county</Match>
2775
<Value>Orange</Value>
2776
<ValueMatch></ValueMatch>
2777
<MatchCriteria>Regex</MatchCriteria>
2778
</TrainingParameter>
2779
<TrainingParameter>
2780
<PatternName>State</PatternName>
2781
<Types>text,textarea</Types>
2782
<Language>en</Language>
2783
<Match>state</Match>
2784
<Value>CA</Value>
2785
<ValueMatch></ValueMatch>
2786
<MatchCriteria>Regex</MatchCriteria>
2787
</TrainingParameter>
2788
<TrainingParameter>
2789
<PatternName>Zip code</PatternName>
2790
<Types>text,textarea</Types>
2791
<Language>en</Language>
2792
<Match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</Match>
2793
<Value>92626</Value>
2794
<ValueMatch></ValueMatch>
2795
<MatchCriteria>Regex</MatchCriteria>
2796
</TrainingParameter>
2797
<TrainingParameter>
2798
<PatternName>Country</PatternName>
2799
<Types>text,textarea,select</Types>
2800
<Language>en</Language>
2801
<Match>united[:space:]*states|country</Match>
2802
<Value>US</Value>
2803
<ValueMatch>us</ValueMatch>
2804
<MatchCriteria>Regex</MatchCriteria>
2805
</TrainingParameter>
2806
<TrainingParameter>
2807
<PatternName>Phone number</PatternName>
2808
<Types>text,textarea</Types>
2809
<Language>en</Language>
2810
<Match>tele[:space:]*phone|fax|phone</Match>
2811
<Value>123-456-7890</Value>
2812
<ValueMatch></ValueMatch>
2813
<MatchCriteria>Regex</MatchCriteria>
2814
</TrainingParameter>
2815
<TrainingParameter>
2816
<PatternName>Phone area code</PatternName>
2817
<Types>text,textarea</Types>
2818
<Language>en</Language>
2819
<Match>area[:space:]+code</Match>
2820
<Value>123</Value>
2821
<ValueMatch></ValueMatch>
2822
<MatchCriteria>Regex</MatchCriteria>
2823
</TrainingParameter>
2824
<TrainingParameter>
2825
<PatternName>Company name</PatternName>
2826
<Types>text,textarea</Types>
2827
<Language>en</Language>
2828
<Match>company|employer|organization</Match>
2829
<Value>Example</Value>
2830
<ValueMatch></ValueMatch>
2831
<MatchCriteria>Regex</MatchCriteria>
2832
</TrainingParameter>
2833
<TrainingParameter>
2834
<PatternName>Email</PatternName>
2835
<Types>text,textarea</Types>
2836
<Language>en</Language>
2837
<Match>e[-_]?mail([-_]?address)?</Match>
2838
<Value>a%RANDALPHANUM%@example.com</Value>
2839
<ValueMatch></ValueMatch>
2840
<MatchCriteria>Regex</MatchCriteria>
2841
</TrainingParameter>
2842
<TrainingParameter>
2843
<PatternName>Birthday</PatternName>
2844
<Types>text,textarea</Types>
2845
<Language>en</Language>
2846
<Match>birth[:space:]day|birth</Match>
2847
<Value>12/25/1975</Value>
2848
<ValueMatch></ValueMatch>
2849
<MatchCriteria>Regex</MatchCriteria>
2850
</TrainingParameter>
2851
<TrainingParameter>
2852
<PatternName>Day</PatternName>
2853
<Types>text,textarea,select</Types>
2854
<Language>en</Language>
2855
<Match>dd|day</Match>
2856
<Value>25</Value>
2857
<ValueMatch>25</ValueMatch>
2858
<MatchCriteria>Regex</MatchCriteria>
2859
</TrainingParameter>
2860
<TrainingParameter>
2861
<PatternName>Month</PatternName>
2862
<Types>text,textarea,select</Types>
2863
<Language>en</Language>
2864
<Match>mm|month</Match>
2865
<Value>12</Value>
2866
<ValueMatch>12|dec|d</ValueMatch>
2867
<MatchCriteria>Regex</MatchCriteria>
2868
</TrainingParameter>
2869
<TrainingParameter>
2870
<PatternName>FutureYear</PatternName>
2871
<Types>text,textarea,select</Types>
2872
<Language>en</Language>
2873
<Match>2015|2016|2017</Match>
2874
<Value>2016</Value>
2875
<ValueMatch>2015|2016|2017</ValueMatch>
2876
<MatchCriteria>Regex</MatchCriteria>
2877
</TrainingParameter>
2878
<TrainingParameter>
2879
<PatternName>BirthYear</PatternName>
2880
<Types>text,textarea,select</Types>
2881
<Language>en</Language>
2882
<Match>yyyy|year|1975|1970|1960|1950</Match>
2883
<Value></Value>
2884
<ValueMatch>1975|1970|1960|1950</ValueMatch>
2885
<MatchCriteria>Regex</MatchCriteria>
2886
</TrainingParameter>
2887
<TrainingParameter>
2888
<PatternName>Past Date mm/dd/yyyy</PatternName>
2889
<Types>text,textarea</Types>
2890
<Language>en</Language>
2891
<Match>(start|from)[-\s_]*date</Match>
2892
<Value>02/02/2003</Value>
2893
<ValueMatch></ValueMatch>
2894
<MatchCriteria>Regex</MatchCriteria>
2895
</TrainingParameter>
2896
<TrainingParameter>
2897
<PatternName>Future Date mm/dd/yy</PatternName>
2898
<Types>text,textarea</Types>
2899
<Language>en</Language>
2900
<Match>mm/dd/yy</Match>
2901
<Value>02/02/15</Value>
2902
<ValueMatch></ValueMatch>
2903
<MatchCriteria>Regex</MatchCriteria>
2904
</TrainingParameter>
2905
<TrainingParameter>
2906
<PatternName>Future Date mm/dd/yyyy</PatternName>
2907
<Types>text,textarea</Types>
2908
<Language>en</Language>
2909
<Match>
2910
mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\s_]*date
2911
</Match>
2912
<Value>02/02/2015</Value>
2913
<ValueMatch></ValueMatch>
2914
<MatchCriteria>Regex</MatchCriteria>
2915
</TrainingParameter>
2916
<TrainingParameter>
2917
<PatternName>Old password</PatternName>
2918
<Types>password</Types>
2919
<Language>en</Language>
2920
<Match>old[:space:]+password</Match>
2921
<Value>%RANDALPHANUM%1'</Value>
2922
<ValueMatch></ValueMatch>
2923
<MatchCriteria>Regex</MatchCriteria>
2924
</TrainingParameter>
2925
<TrainingParameter>
2926
<PatternName>Accept terms</PatternName>
2927
<Types>checkbox,radio</Types>
2928
<Language>en</Language>
2929
<Match>
2930
<![CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]>
2931
</Match>
2932
<Value></Value>
2933
<ValueMatch>yes|1|on|true</ValueMatch>
2934
<MatchCriteria>Regex</MatchCriteria>
2935
</TrainingParameter>
2936
<TrainingParameter>
2937
<PatternName>Save login</PatternName>
2938
<Types>checkbox,radio,select</Types>
2939
<Language>en</Language>
2940
<Match>save|remember</Match>
2941
<Value></Value>
2942
<ValueMatch>yes|1|on|true</ValueMatch>
2943
<MatchCriteria>Regex</MatchCriteria>
2944
</TrainingParameter>
2945
<TrainingParameter>
2946
<PatternName>Remove item</PatternName>
2947
<Types>checkbox,radio</Types>
2948
<Language>en</Language>
2949
<Match>remove|delete</Match>
2950
<Value></Value>
2951
<ValueMatch></ValueMatch>
2952
<MatchCriteria>Regex</MatchCriteria>
2953
</TrainingParameter>
2954
<TrainingParameter>
2955
<PatternName>Search</PatternName>
2956
<Types>text,textarea</Types>
2957
<Language>en</Language>
2958
<Match>keyword|search|query</Match>
2959
<Value>water</Value>
2960
<ValueMatch></ValueMatch>
2961
<MatchCriteria>Regex</MatchCriteria>
2962
</TrainingParameter>
2963
<TrainingParameter>
2964
<PatternName>Quantity</PatternName>
2965
<Types>text,textarea,select</Types>
2966
<Language>en</Language>
2967
<Match>quantity|amount|number|qty|num</Match>
2968
<Value>3</Value>
2969
<ValueMatch></ValueMatch>
2970
<MatchCriteria>Regex</MatchCriteria>
2971
</TrainingParameter>
2972
<TrainingParameter>
2973
<PatternName>Number</PatternName>
2974
<Types>text,textarea</Types>
2975
<Language>en</Language>
2976
<Match>number|count|nmr|cnt|rate|decimal|digit</Match>
2977
<Value>21</Value>
2978
<ValueMatch></ValueMatch>
2979
<MatchCriteria>Regex</MatchCriteria>
2980
</TrainingParameter>
2981
<TrainingParameter>
2982
<PatternName>Account Number</PatternName>
2983
<Types>text,textarea,select,radio,checkbox</Types>
2984
<Language>en</Language>
2985
<Match>account</Match>
2986
<Value>20</Value>
2987
<ValueMatch></ValueMatch>
2988
<MatchCriteria>Regex</MatchCriteria>
2989
</TrainingParameter>
2990
<TrainingParameter>
2991
<PatternName>Shipping method</PatternName>
2992
<Types>select,radio,checkbox</Types>
2993
<Language>en</Language>
2994
<Match>shipping|fedex|standard|ups</Match>
2995
<Value></Value>
2996
<ValueMatch>fedex|standard|ups</ValueMatch>
2997
<MatchCriteria>Regex</MatchCriteria>
2998
</TrainingParameter>
2999
<TrainingParameter>
3000
<PatternName>Gift</PatternName>
3001
<Types>checkbox</Types>
3002
<Language>en</Language>
3003
<Match>gift</Match>
3004
<Value></Value>
3005
<ValueMatch>yes|1|on|true</ValueMatch>
3006
<MatchCriteria>Regex</MatchCriteria>
3007
</TrainingParameter>
3008
<TrainingParameter>
3009
<PatternName>Credit card number</PatternName>
3010
<Types>text,textarea,password</Types>
3011
<Language>en</Language>
3012
<Match>credit[:space:]*card|card[:space:]*number</Match>
3013
<Value>5105105105105100</Value>
3014
<ValueMatch></ValueMatch>
3015
<MatchCriteria>Regex</MatchCriteria>
3016
</TrainingParameter>
3017
<TrainingParameter>
3018
<PatternName>Credit card type</PatternName>
3019
<Types>select,checkbox,radio</Types>
3020
<Language>en</Language>
3021
<Match>
3022
master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex
3023
</Match>
3024
<Value></Value>
3025
<ValueMatch></ValueMatch>
3026
<MatchCriteria>Regex</MatchCriteria>
3027
</TrainingParameter>
3028
<TrainingParameter>
3029
<PatternName>Credit card security code</PatternName>
3030
<Types>text,textarea,password</Types>
3031
<Language>en</Language>
3032
<Match>security[:space:]*code|verification[:space:]*number</Match>
3033
<Value>123</Value>
3034
<ValueMatch></ValueMatch>
3035
<MatchCriteria>Regex</MatchCriteria>
3036
</TrainingParameter>
3037
<TrainingParameter>
3038
<PatternName>PIN</PatternName>
3039
<Types>text,textarea,password</Types>
3040
<Language>en</Language>
3041
<Match>PIN</Match>
3042
<Value>1234</Value>
3043
<ValueMatch></ValueMatch>
3044
<MatchCriteria>Regex</MatchCriteria>
3045
</TrainingParameter>
3046
<TrainingParameter>
3047
<PatternName>CAPTCHA</PatternName>
3048
<Types>text,textarea</Types>
3049
<Language>en</Language>
3050
<Match>code[:space:]*shown|captcha</Match>
3051
<Value>%RANDALPHANUM%</Value>
3052
<ValueMatch></ValueMatch>
3053
<MatchCriteria>Regex</MatchCriteria>
3054
</TrainingParameter>
3055
<TrainingParameter>
3056
<PatternName>Size</PatternName>
3057
<Types>select</Types>
3058
<Language>en</Language>
3059
<Match>size|xxl</Match>
3060
<Value></Value>
3061
<ValueMatch>(\b(m|s|42)\b</ValueMatch>
3062
<MatchCriteria>Regex</MatchCriteria>
3063
</TrainingParameter>
3064
<TrainingParameter>
3065
<PatternName>Color</PatternName>
3066
<Types>select</Types>
3067
<Language>en</Language>
3068
<Match>\b(color|red|black)\b</Match>
3069
<Value>Blue</Value>
3070
<ValueMatch>\b(blue|red|black)\b</ValueMatch>
3071
<MatchCriteria>Regex</MatchCriteria>
3072
</TrainingParameter>
3073
<TrainingParameter>
3074
<PatternName>Price</PatternName>
3075
<Types>text,textare</Types>
3076
<Language>en</Language>
3077
<Match>price</Match>
3078
<Value>20</Value>
3079
<ValueMatch></ValueMatch>
3080
<MatchCriteria>Regex</MatchCriteria>
3081
</TrainingParameter>
3082
<TrainingParameter>
3083
<PatternName>Attention</PatternName>
3084
<Types>text,textare</Types>
3085
<Language>en</Language>
3086
<Match>attention</Match>
3087
<Value>John</Value>
3088
<ValueMatch></ValueMatch>
3089
<MatchCriteria>Regex</MatchCriteria>
3090
</TrainingParameter>
3091
<TrainingParameter>
3092
<PatternName>Gender</PatternName>
3093
<Types>select,radio</Types>
3094
<Language>en</Language>
3095
<Match>gender|male|female</Match>
3096
<Value>male</Value>
3097
<ValueMatch>\b(male|m|f)\b</ValueMatch>
3098
<MatchCriteria>Regex</MatchCriteria>
3099
</TrainingParameter>
3100
<TrainingParameter>
3101
<PatternName>Legal age</PatternName>
3102
<Types>checkbox,radio</Types>
3103
<Language>en</Language>
3104
<Match>legal|\d\d[:space:]*years[:space:]*old</Match>
3105
<Value>yes</Value>
3106
<ValueMatch>\b(on|1|yes|true)\b</ValueMatch>
3107
<MatchCriteria>Regex</MatchCriteria>
3108
</TrainingParameter>
3109
<TrainingParameter>
3110
<PatternName>Coupon code</PatternName>
3111
<Types>text,textarea</Types>
3112
<Language>en</Language>
3113
<Match>promotion|coupon</Match>
3114
<Value>%RANDALPHANUM%</Value>
3115
<ValueMatch></ValueMatch>
3116
<MatchCriteria>Regex</MatchCriteria>
3117
</TrainingParameter>
3118
<TrainingParameter>
3119
<PatternName>Send message</PatternName>
3120
<Types>text,textarea</Types>
3121
<Language>en</Language>
3122
<Match>message|comment|complain|enquiry|review</Match>
3123
<Value>comment</Value>
3124
<ValueMatch></ValueMatch>
3125
<MatchCriteria>Regex</MatchCriteria>
3126
</TrainingParameter>
3127
<TrainingParameter>
3128
<PatternName>Existing user</PatternName>
3129
<Types>checkbox,radio</Types>
3130
<Language>en</Language>
3131
<Match>returning|existing|customer</Match>
3132
<Value></Value>
3133
<ValueMatch>\b(on|1|yes|true)\b</ValueMatch>
3134
<MatchCriteria>Regex</MatchCriteria>
3135
</TrainingParameter>
3136
<TrainingParameter>
3137
<PatternName>Age</PatternName>
3138
<Types>text,textarea</Types>
3139
<Language>en</Language>
3140
<Match>age|under|over</Match>
3141
<Value>40</Value>
3142
<ValueMatch></ValueMatch>
3143
<MatchCriteria>Regex</MatchCriteria>
3144
</TrainingParameter>
3145
<TrainingParameter>
3146
<PatternName>Passphrase Hint</PatternName>
3147
<Types>text,textarea</Types>
3148
<Language>en</Language>
3149
<Match>What make|pet's name|your father|high school|friend</Match>
3150
<Value>What make was your first car?</Value>
3151
<ValueMatch></ValueMatch>
3152
<MatchCriteria>Regex</MatchCriteria>
3153
</TrainingParameter>
3154
<TrainingParameter>
3155
<PatternName>Passphrase Hint Answer</PatternName>
3156
<Types>text,textarea</Types>
3157
<Language>en</Language>
3158
<Match>Answer</Match>
3159
<Value>Ford</Value>
3160
<ValueMatch></ValueMatch>
3161
<MatchCriteria>Regex</MatchCriteria>
3162
</TrainingParameter>
3163
<TrainingParameter>
3164
<PatternName>Doctor name</PatternName>
3165
<Types>text,textarea</Types>
3166
<Language>en</Language>
3167
<Match>doctor</Match>
3168
<Value>John Johnson</Value>
3169
<ValueMatch></ValueMatch>
3170
<MatchCriteria>Regex</MatchCriteria>
3171
</TrainingParameter>
3172
<TrainingParameter>
3173
<PatternName>Website</PatternName>
3174
<Types>text,textarea</Types>
3175
<Language>en</Language>
3176
<Match>website</Match>
3177
<Value>www.example.com</Value>
3178
<ValueMatch></ValueMatch>
3179
<MatchCriteria>Regex</MatchCriteria>
3180
</TrainingParameter>
3181
<TrainingParameter>
3182
<PatternName>Address</PatternName>
3183
<Types>text,textarea</Types>
3184
<Language>de</Language>
3185
<Match>adresse|strasse</Match>
3186
<Value>600 Fairy Land Drive</Value>
3187
<ValueMatch></ValueMatch>
3188
<MatchCriteria>Regex</MatchCriteria>
3189
</TrainingParameter>
3190
<TrainingParameter>
3191
<PatternName>Apartment number</PatternName>
3192
<Types>text,textarea</Types>
3193
<Language>de</Language>
3194
<Match>adresse|wohnung|haus</Match>
3195
<Value>123</Value>
3196
<ValueMatch></ValueMatch>
3197
<MatchCriteria>Regex</MatchCriteria>
3198
</TrainingParameter>
3199
<TrainingParameter>
3200
<PatternName>First name</PatternName>
3201
<Types>text,textarea</Types>
3202
<Language>de</Language>
3203
<Match>name</Match>
3204
<Value>John</Value>
3205
<ValueMatch></ValueMatch>
3206
<MatchCriteria>Regex</MatchCriteria>
3207
</TrainingParameter>
3208
<TrainingParameter>
3209
<PatternName>Last name</PatternName>
3210
<Types>text,textarea</Types>
3211
<Language>de</Language>
3212
<Match>vorname|name</Match>
3213
<Value>Johnson</Value>
3214
<ValueMatch></ValueMatch>
3215
<MatchCriteria>Regex</MatchCriteria>
3216
</TrainingParameter>
3217
<TrainingParameter>
3218
<PatternName>Full name</PatternName>
3219
<Types>text,textarea</Types>
3220
<Language>de</Language>
3221
<Match>ihren namen|name</Match>
3222
<Value>John Johnson</Value>
3223
<ValueMatch></ValueMatch>
3224
<MatchCriteria>Regex</MatchCriteria>
3225
</TrainingParameter>
3226
<TrainingParameter>
3227
<PatternName>User Signature</PatternName>
3228
<Types>text,textarea</Types>
3229
<Language>de</Language>
3230
<Match>unterschrift</Match>
3231
<Value>John Johnson</Value>
3232
<ValueMatch></ValueMatch>
3233
<MatchCriteria>Regex</MatchCriteria>
3234
</TrainingParameter>
3235
<TrainingParameter>
3236
<PatternName>City</PatternName>
3237
<Types>text,textarea</Types>
3238
<Language>de</Language>
3239
<Match>stadt|stadt</Match>
3240
<Value>Berlin</Value>
3241
<ValueMatch></ValueMatch>
3242
<MatchCriteria>Regex</MatchCriteria>
3243
</TrainingParameter>
3244
<TrainingParameter>
3245
<PatternName>Regierungsbezirke</PatternName>
3246
<Types>text,textarea</Types>
3247
<Language>de</Language>
3248
<Match>regierungsbezirke</Match>
3249
<Value>Berlin</Value>
3250
<ValueMatch></ValueMatch>
3251
<MatchCriteria>Regex</MatchCriteria>
3252
</TrainingParameter>
3253
<TrainingParameter>
3254
<PatternName>Zip code</PatternName>
3255
<Types>text,textarea</Types>
3256
<Language>de</Language>
3257
<Match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</Match>
3258
<Value>10115</Value>
3259
<ValueMatch></ValueMatch>
3260
<MatchCriteria>Regex</MatchCriteria>
3261
</TrainingParameter>
3262
<TrainingParameter>
3263
<PatternName>Country</PatternName>
3264
<Types>text,textarea</Types>
3265
<Language>de</Language>
3266
<Match>\b(deutschland|land)\b</Match>
3267
<Value>DE</Value>
3268
<ValueMatch>\bDE\b</ValueMatch>
3269
<MatchCriteria>Regex</MatchCriteria>
3270
</TrainingParameter>
3271
<TrainingParameter>
3272
<PatternName>Phone number</PatternName>
3273
<Types>text,textarea</Types>
3274
<Language>de</Language>
3275
<Match>telefon|telefon|fax</Match>
3276
<Value>(1234) 567890</Value>
3277
<ValueMatch></ValueMatch>
3278
<MatchCriteria>Regex</MatchCriteria>
3279
</TrainingParameter>
3280
<TrainingParameter>
3281
<PatternName>Phone area code</PatternName>
3282
<Types>text,textarea</Types>
3283
<Language>de</Language>
3284
<Match>vorwahl</Match>
3285
<Value>123</Value>
3286
<ValueMatch></ValueMatch>
3287
<MatchCriteria>Regex</MatchCriteria>
3288
</TrainingParameter>
3289
<TrainingParameter>
3290
<PatternName>Company name</PatternName>
3291
<Types>text,textarea</Types>
3292
<Language>de</Language>
3293
<Match>unternehmen|arbeitgeber|organisation</Match>
3294
<Value>Example</Value>
3295
<ValueMatch></ValueMatch>
3296
<MatchCriteria>Regex</MatchCriteria>
3297
</TrainingParameter>
3298
<TrainingParameter>
3299
<PatternName>Email</PatternName>
3300
<Types>text,textarea</Types>
3301
<Language>de</Language>
3302
<Match>E[-_]Mailadresse|email|E[-_]Mail</Match>
3303
<Value>a%RANDALPHANUM%@example.com</Value>
3304
<ValueMatch></ValueMatch>
3305
<MatchCriteria>Regex</MatchCriteria>
3306
</TrainingParameter>
3307
<TrainingParameter>
3308
<PatternName>Birthday</PatternName>
3309
<Types>text,textarea</Types>
3310
<Language>de</Language>
3311
<Match>geburtstag|geburt</Match>
3312
<Value>12/25/1975</Value>
3313
<ValueMatch></ValueMatch>
3314
<MatchCriteria>Regex</MatchCriteria>
3315
</TrainingParameter>
3316
<TrainingParameter>
3317
<PatternName>Day</PatternName>
3318
<Types>text,textarea</Types>
3319
<Language>de</Language>
3320
<Match>tag</Match>
3321
<Value>25</Value>
3322
<ValueMatch></ValueMatch>
3323
<MatchCriteria>Regex</MatchCriteria>
3324
</TrainingParameter>
3325
<TrainingParameter>
3326
<PatternName>Month</PatternName>
3327
<Types>text,textarea</Types>
3328
<Language>de</Language>
3329
<Match>monat</Match>
3330
<Value>12</Value>
3331
<ValueMatch></ValueMatch>
3332
<MatchCriteria>Regex</MatchCriteria>
3333
</TrainingParameter>
3334
<TrainingParameter>
3335
<PatternName>Year</PatternName>
3336
<Types>text,textarea</Types>
3337
<Language>de</Language>
3338
<Match>Jahr</Match>
3339
<Value>2007</Value>
3340
<ValueMatch></ValueMatch>
3341
<MatchCriteria>Regex</MatchCriteria>
3342
</TrainingParameter>
3343
<TrainingParameter>
3344
<PatternName>BirthYear</PatternName>
3345
<Types>text,textarea</Types>
3346
<Language>de</Language>
3347
<Match>Jahr|1975|1970|1960|1950</Match>
3348
<Value>1975</Value>
3349
<ValueMatch></ValueMatch>
3350
<MatchCriteria>Regex</MatchCriteria>
3351
</TrainingParameter>
3352
<TrainingParameter>
3353
<PatternName>Past Date mm/dd/yy</PatternName>
3354
<Types>text,textarea</Types>
3355
<Language>de</Language>
3356
<Match>Datum|d.m.yyyy|dd.mm.yyyy</Match>
3357
<Value>02.02.03</Value>
3358
<ValueMatch></ValueMatch>
3359
<MatchCriteria>Regex</MatchCriteria>
3360
</TrainingParameter>
3361
<TrainingParameter>
3362
<PatternName>Past Date mm/dd/yyyy</PatternName>
3363
<Types>text,textarea</Types>
3364
<Language>de</Language>
3365
<Match>Datum|mm/dd/yyyy</Match>
3366
<Value>02/02/2003</Value>
3367
<ValueMatch></ValueMatch>
3368
<MatchCriteria>Regex</MatchCriteria>
3369
</TrainingParameter>
3370
<TrainingParameter>
3371
<PatternName>Future Date mm/dd/yy</PatternName>
3372
<Types>text,textarea</Types>
3373
<Language>de</Language>
3374
<Match>
3375
MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==
3376
</Match>
3377
<Value>02/02/11</Value>
3378
<ValueMatch></ValueMatch>
3379
<MatchCriteria>Regex</MatchCriteria>
3380
</TrainingParameter>
3381
<TrainingParameter>
3382
<PatternName>Future Date mm/dd/yyyy</PatternName>
3383
<Types>text,textarea</Types>
3384
<Language>de</Language>
3385
<Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5
3386
</Match>
3387
<Value>02/02/2011</Value>
3388
<ValueMatch></ValueMatch>
3389
<MatchCriteria>Regex</MatchCriteria>
3390
</TrainingParameter>
3391
<TrainingParameter>
3392
<PatternName>Username</PatternName>
3393
<Types>text,textarea</Types>
3394
<Language>de</Language>
3395
<Match>Benutzername|Mitgliedsnamen|Benutzer</Match>
3396
<Value>%RANDALPHANUM%</Value>
3397
<ValueMatch></ValueMatch>
3398
<MatchCriteria>Regex</MatchCriteria>
3399
</TrainingParameter>
3400
<TrainingParameter>
3401
<PatternName>Password</PatternName>
3402
<Types>password</Types>
3403
<Language>de</Language>
3404
<Match>password|passwort|passwd</Match>
3405
<Value>%RANDALPHANUM%1'</Value>
3406
<ValueMatch></ValueMatch>
3407
<MatchCriteria>Regex</MatchCriteria>
3408
</TrainingParameter>
3409
<TrainingParameter>
3410
<PatternName>Old password</PatternName>
3411
<Types>password</Types>
3412
<Language>de</Language>
3413
<Match>alte[:space:]passwort</Match>
3414
<Value>%RANDALPHANUM%1'</Value>
3415
<ValueMatch></ValueMatch>
3416
<MatchCriteria>Regex</MatchCriteria>
3417
</TrainingParameter>
3418
<TrainingParameter>
3419
<PatternName>Accept terms</PatternName>
3420
<Types>checkbox,radio</Types>
3421
<Language>de</Language>
3422
<Match>Ich habe gelesen und akzeptiere|Ich habe gelesen und
3423
akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</Match>
3424
<Value></Value>
3425
<ValueMatch>yes|1|on|true</ValueMatch>
3426
<MatchCriteria>Regex</MatchCriteria>
3427
</TrainingParameter>
3428
<TrainingParameter>
3429
<PatternName>Remove item</PatternName>
3430
<Types>checkbox,radio</Types>
3431
<Language>de</Language>
3432
<Match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</Match>
3433
<Value></Value>
3434
<ValueMatch>yes|1|on|true</ValueMatch>
3435
<MatchCriteria>Regex</MatchCriteria>
3436
</TrainingParameter>
3437
<TrainingParameter>
3438
<PatternName>Search</PatternName>
3439
<Types>text,textarea</Types>
3440
<Language>de</Language>
3441
<Match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</Match>
3442
<Value>water</Value>
3443
<ValueMatch></ValueMatch>
3444
<MatchCriteria>Regex</MatchCriteria>
3445
</TrainingParameter>
3446
<TrainingParameter>
3447
<PatternName>Quantity</PatternName>
3448
<Types>text,textarea</Types>
3449
<Language>de</Language>
3450
<Match>qty|Menge|Betrag|Anzahl</Match>
3451
<Value>3</Value>
3452
<ValueMatch></ValueMatch>
3453
<MatchCriteria>Regex</MatchCriteria>
3454
</TrainingParameter>
3455
<TrainingParameter>
3456
<PatternName>Number</PatternName>
3457
<Types>text,textarea</Types>
3458
<Language>de</Language>
3459
<Match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</Match>
3460
<Value>21</Value>
3461
<ValueMatch></ValueMatch>
3462
<MatchCriteria>Regex</MatchCriteria>
3463
</TrainingParameter>
3464
<TrainingParameter>
3465
<PatternName>Account Number</PatternName>
3466
<Types>text,textarea</Types>
3467
<Language>de</Language>
3468
<Match>Konto</Match>
3469
<Value>3456</Value>
3470
<ValueMatch></ValueMatch>
3471
<MatchCriteria>Regex</MatchCriteria>
3472
</TrainingParameter>
3473
<TrainingParameter>
3474
<PatternName>Shipping method</PatternName>
3475
<Types>select</Types>
3476
<Language>de</Language>
3477
<Match>Versand</Match>
3478
<Value></Value>
3479
<ValueMatch></ValueMatch>
3480
<MatchCriteria>Regex</MatchCriteria>
3481
</TrainingParameter>
3482
<TrainingParameter>
3483
<PatternName>Gift</PatternName>
3484
<Types>text,textarea</Types>
3485
<Language>de</Language>
3486
<Match>Geschenk</Match>
3487
<Value></Value>
3488
<ValueMatch></ValueMatch>
3489
<MatchCriteria>Regex</MatchCriteria>
3490
</TrainingParameter>
3491
<TrainingParameter>
3492
<PatternName>Credit card number</PatternName>
3493
<Types>text,textarea</Types>
3494
<Language>de</Language>
3495
<Match>Kreditkarte|Kredit|Kartennummer</Match>
3496
<Value>5105105105105100</Value>
3497
<ValueMatch></ValueMatch>
3498
<MatchCriteria>Regex</MatchCriteria>
3499
</TrainingParameter>
3500
<TrainingParameter>
3501
<PatternName>Credit card type</PatternName>
3502
<Types>text,textarea</Types>
3503
<Language>de</Language>
3504
<Match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</Match>
3505
<Value></Value>
3506
<ValueMatch>Master</ValueMatch>
3507
<MatchCriteria>Regex</MatchCriteria>
3508
</TrainingParameter>
3509
<TrainingParameter>
3510
<PatternName>Credit card security code</PatternName>
3511
<Types>text,textarea</Types>
3512
<Language>de</Language>
3513
<Match>MJPYBZHSWwshWRRFSGWAGES3JlZGl0fFNpY2hlcmhlaXRzLUNvZGV8UHLDvGZudW1tZXI=</Match>
3514
<Value>123</Value>
3515
<ValueMatch></ValueMatch>
3516
<MatchCriteria>Regex</MatchCriteria>
3517
</TrainingParameter>
3518
<TrainingParameter>
3519
<PatternName>CAPTCHA</PatternName>
3520
<Types>text,textarea</Types>
3521
<Language>de</Language>
3522
<Match>captcha</Match>
3523
<Value>[%RANDALPHANUM%</Value>
3524
<ValueMatch></ValueMatch>
3525
<MatchCriteria>Regex</MatchCriteria>
3526
</TrainingParameter>
3527
<TrainingParameter>
3528
<PatternName>Back button</PatternName>
3529
<Types>button,image,submit</Types>
3530
<Language>de</Language>
3531
<Match>MJPYBZHSWwshWRRFSGWAGEenVyw7xja3xyZXR1cm58c3Rvcm5pZXJlbnx2b3JoZXJpZ2V8d2VpdGVyIGVpbmthdWZlbg==
3532
</Match>
3533
<Value></Value>
3534
<ValueMatch></ValueMatch>
3535
<MatchCriteria>Regex</MatchCriteria>
3536
</TrainingParameter>
3537
<TrainingParameter>
3538
<PatternName>Logout button</PatternName>
3539
<Types>button,image,submi</Types>
3540
<Language>de</Language>
3541
<Match>Abmeldung|Abmeldung|ausloggen|(sign|log)-?(off|out)</Match>
3542
<Value></Value>
3543
<ValueMatch></ValueMatch>
3544
<MatchCriteria>Regex</MatchCriteria>
3545
</TrainingParameter>
3546
<TrainingParameter>
3547
<PatternName>Login button</PatternName>
3548
<Types>button,image,submi</Types>
3549
<Language>de</Language>
3550
<Match>(log|sign)-?in</Match>
3551
<Value></Value>
3552
<ValueMatch></ValueMatch>
3553
<MatchCriteria>Regex</MatchCriteria>
3554
</TrainingParameter>
3555
<TrainingParameter>
3556
<PatternName>Size</PatternName>
3557
<Types>select</Types>
3558
<Language>de</Language>
3559
<Match>MJPYBZHSWwshWRRFSGWAGER3LDtnNzZXxYWEw=</Match>
3560
<Value>m</Value>
3561
<ValueMatch>m|s|42</ValueMatch>
3562
<MatchCriteria>Regex</MatchCriteria>
3563
</TrainingParameter>
3564
<TrainingParameter>
3565
<PatternName>Color</PatternName>
3566
<Types>select</Types>
3567
<Language>de</Language>
3568
<Match>Farbe</Match>
3569
<Value>Blue</Value>
3570
<ValueMatch></ValueMatch>
3571
<MatchCriteria>Regex</MatchCriteria>
3572
</TrainingParameter>
3573
<TrainingParameter>
3574
<PatternName>Enter price</PatternName>
3575
<Types>text,textarea</Types>
3576
<Language>de</Language>
3577
<Match>Preis</Match>
3578
<Value>20</Value>
3579
<ValueMatch></ValueMatch>
3580
<MatchCriteria>Regex</MatchCriteria>
3581
</TrainingParameter>
3582
<TrainingParameter>
3583
<PatternName>Attention</PatternName>
3584
<Types>text,textarea</Types>
3585
<Language>de</Language>
3586
<Match>Aufmerksamkeit</Match>
3587
<Value>John</Value>
3588
<ValueMatch></ValueMatch>
3589
<MatchCriteria>Regex</MatchCriteria>
3590
</TrainingParameter>
3591
<TrainingParameter>
3592
<PatternName>Gender</PatternName>
3593
<Types>select,radio,checkbox</Types>
3594
<Language>de</Language>
3595
<Match>Geschlecht|Herren</Match>
3596
<Value>m</Value>
3597
<ValueMatch>m|h</ValueMatch>
3598
<MatchCriteria>Regex</MatchCriteria>
3599
</TrainingParameter>
3600
<TrainingParameter>
3601
<PatternName>Legal age</PatternName>
3602
<Types>select,radio,checkbox</Types>
3603
<Language>de</Language>
3604
<Match>rechtliche|\d\d[:space:]*Jahre</Match>
3605
<Value>ja</Value>
3606
<ValueMatch>ja|yes|1|on|true</ValueMatch>
3607
<MatchCriteria>Regex</MatchCriteria>
3608
</TrainingParameter>
3609
<TrainingParameter>
3610
<PatternName>Coupon code</PatternName>
3611
<Types>text,textarea</Types>
3612
<Language>de</Language>
3613
<Match>MJPYBZHSWwshWRRFSGWAGERsO2cmRlcnVuZ3xHdXRzY2hlaW4=</Match>
3614
<Value>111</Value>
3615
<ValueMatch></ValueMatch>
3616
<MatchCriteria>Regex</MatchCriteria>
3617
</TrainingParameter>
3618
<TrainingParameter>
3619
<PatternName>Send message</PatternName>
3620
<Types>text,textarea</Types>
3621
<Language>de</Language>
3622
<Match>Nachricht|Kommentar|beschweren|Anfrage|Kritik</Match>
3623
<Value>comment</Value>
3624
<ValueMatch></ValueMatch>
3625
<MatchCriteria>Regex</MatchCriteria>
3626
</TrainingParameter>
3627
<TrainingParameter>
3628
<PatternName>Age</PatternName>
3629
<Types>text,textarea</Types>
3630
<Language>de</Language>
3631
<Match>Alter|unter|mehr</Match>
3632
<Value>40</Value>
3633
<ValueMatch></ValueMatch>
3634
<MatchCriteria>Regex</MatchCriteria>
3635
</TrainingParameter>
3636
<TrainingParameter>
3637
<PatternName>Passphrase Hint</PatternName>
3638
<Types>text,textarea</Types>
3639
<Language>de</Language>
3640
<Match>Was machen|Name des Haustieres|Ihr Vater</Match>
3641
<Value>What make was your first car?</Value>
3642
<ValueMatch></ValueMatch>
3643
<MatchCriteria>Regex</MatchCriteria>
3644
</TrainingParameter>
3645
<TrainingParameter>
3646
<PatternName>Passphrase Hint Answer</PatternName>
3647
<Types>text,textarea</Types>
3648
<Language>de</Language>
3649
<Match>beantworten</Match>
3650
<Value>Ford</Value>
3651
<ValueMatch></ValueMatch>
3652
<MatchCriteria>Regex</MatchCriteria>
3653
</TrainingParameter>
3654
<TrainingParameter>
3655
<PatternName>Doctor name</PatternName>
3656
<Types>text,textarea</Types>
3657
<Language>de</Language>
3658
<Match>Arzt</Match>
3659
<Value>John Johnson</Value>
3660
<ValueMatch></ValueMatch>
3661
<MatchCriteria>Regex</MatchCriteria>
3662
</TrainingParameter>
3663
</TrainingParameterList>
3664
</ParameterTrainingConfig>
3665
<AutoSequenceConfig>
3666
<SequenceIgnoreExtensionList>
3667
<SequenceIgnoreExtension>
3668
<Value>js</Value>
3669
</SequenceIgnoreExtension>
3670
<SequenceIgnoreExtension>
3671
<Value>css</Value>
3672
</SequenceIgnoreExtension>
3673
<SequenceIgnoreExtension>
3674
<Value>doc</Value>
3675
</SequenceIgnoreExtension>
3676
<SequenceIgnoreExtension>
3677
<Value>jpg</Value>
3678
</SequenceIgnoreExtension>
3679
<SequenceIgnoreExtension>
3680
<Value>jpeg</Value>
3681
</SequenceIgnoreExtension>
3682
<SequenceIgnoreExtension>
3683
<Value>gif</Value>
3684
</SequenceIgnoreExtension>
3685
<SequenceIgnoreExtension>
3686
<Value>png</Value>
3687
</SequenceIgnoreExtension>
3688
<SequenceIgnoreExtension>
3689
<Value>bmp</Value>
3690
</SequenceIgnoreExtension>
3691
<SequenceIgnoreExtension>
3692
<Value>ico</Value>
3693
</SequenceIgnoreExtension>
3694
<SequenceIgnoreExtension>
3695
<Value>exe</Value>
3696
</SequenceIgnoreExtension>
3697
<SequenceIgnoreExtension>
3698
<Value>swf</Value>
3699
</SequenceIgnoreExtension>
3700
<SequenceIgnoreExtension>
3701
<Value>mp3</Value>
3702
</SequenceIgnoreExtension>
3703
<SequenceIgnoreExtension>
3704
<Value>wav</Value>
3705
</SequenceIgnoreExtension>
3706
<SequenceIgnoreExtension>
3707
<Value>eot</Value>
3708
</SequenceIgnoreExtension>
3709
</SequenceIgnoreExtensionList>
3710
<SequenceIgnoreContentTypeList>
3711
<SequenceIgnoreContentType>
3712
<Value>*font*</Value>
3713
</SequenceIgnoreContentType>
3714
<SequenceIgnoreContentType>
3715
<Value>audio/*</Value>
3716
</SequenceIgnoreContentType>
3717
<SequenceIgnoreContentType>
3718
<Value>image/*</Value>
3719
</SequenceIgnoreContentType>
3720
<SequenceIgnoreContentType>
3721
<Value>video/*</Value>
3722
</SequenceIgnoreContentType>
3723
<SequenceIgnoreContentType>
3724
<Value>application/pdf</Value>
3725
</SequenceIgnoreContentType>
3726
<SequenceIgnoreContentType>
3727
<Value>application/zip</Value>
3728
</SequenceIgnoreContentType>
3729
<SequenceIgnoreContentType>
3730
<Value>application/x-rar-compressed</Value>
3731
</SequenceIgnoreContentType>
3732
<SequenceIgnoreContentType>
3733
<Value>application/x-dvi</Value>
3734
</SequenceIgnoreContentType>
3735
<SequenceIgnoreContentType>
3736
<Value>application/x-shockwave-flash</Value>
3737
</SequenceIgnoreContentType>
3738
<SequenceIgnoreContentType>
3739
<Value>application/msword</Value>
3740
</SequenceIgnoreContentType>
3741
<SequenceIgnoreContentType>
3742
<Value>application/ogg</Value>
3743
</SequenceIgnoreContentType>
3744
<SequenceIgnoreContentType>
3745
<Value>application/x-tar</Value>
3746
</SequenceIgnoreContentType>
3747
<SequenceIgnoreContentType>
3748
<Value>application/octet-stream</Value>
3749
</SequenceIgnoreContentType>
3750
</SequenceIgnoreContentTypeList>
3751
</AutoSequenceConfig>
3752
<MacroConfig>
3753
<SequentialMacroPlayback>1</SequentialMacroPlayback>
3754
</MacroConfig>
3755
<SeleniumConfig>
3756
<ListenForOtherScripts>0</ListenForOtherScripts>
3757
<SequentialSeleniumScriptPlayback>1</SequentialSeleniumScriptPlayback>
3758
<SeleniumPort>32768</SeleniumPort>
3759
<FirefoxProfile></FirefoxProfile>
3760
<WebDriverForHtml>Chrome</WebDriverForHtml>
3761
</SeleniumConfig>
3762
<WebServiceConfig>
3763
<Username></Username>
3764
<Password></Password>
3765
<ContentType></ContentType>
3766
<WsdlRegex>([?]wsdl|[.]wsdl)$</WsdlRegex>
3767
<AutoDiscoverWSDL>1</AutoDiscoverWSDL>
3768
<WebServicesEnhancements>0</WebServicesEnhancements>
3769
<PasswordOption>Hashed</PasswordOption>
3770
<SwaggerHostName></SwaggerHostName>
3771
<SwaggerParseFail>1</SwaggerParseFail>
3772
<SwaggerWarningLevel>Strict</SwaggerWarningLevel>
3773
</WebServiceConfig>
3774
<ReportConfig>
3775
<GlobalDatabaseDSN></GlobalDatabaseDSN>
3776
<GlobalDatabaseUID></GlobalDatabaseUID>
3777
<GlobalDatabasePWD></GlobalDatabasePWD>
3778
<Language>en</Language>
3779
<BrandingDirectory></BrandingDirectory>
3780
<UseSQLite>0</UseSQLite>
3781
<XML>0</XML>
3782
<AttackModulesJSON>1</AttackModulesJSON>
3783
<CrawledLinksJSON>1</CrawledLinksJSON>
3784
<WebAppScanSelectedChildrenJSON>1</WebAppScanSelectedChildrenJSON>
3785
<ScanStatusJSON>1</ScanStatusJSON>
3786
<WebSitesJSON>1</WebSitesJSON>
3787
<CrawlResultsJSON>1</CrawlResultsJSON>
3788
<FormsJSON>1</FormsJSON>
3789
<WebResourcesJSON>1</WebResourcesJSON>
3790
<AttackVectorsJSON>1</AttackVectorsJSON>
3791
<FindingsJSON>1</FindingsJSON>
3792
<UserMessageLogEntriesJSON>1</UserMessageLogEntriesJSON>
3793
<AttackLocationsJSON>0</AttackLocationsJSON>
3794
<VulnerabilitiesSummaryXML>1</VulnerabilitiesSummaryXML>
3795
<VulnerabilitiesSummaryJSON>0</VulnerabilitiesSummaryJSON>
3796
<BrowserLinksJSON>1</BrowserLinksJSON>
3797
<CrawledLinksXML>0</CrawledLinksXML>
3798
<ValidationJSON>1</ValidationJSON>
3799
<TreatNTOEFindingFlagsSameAsUI>0</TreatNTOEFindingFlagsSameAsUI>
3800
<Index>1</Index>
3801
<ExecutiveSummary>1</ExecutiveSummary>
3802
<AllLinks>1</AllLinks>
3803
<AppThreatModeling>1</AppThreatModeling>
3804
<BestPractices>1</BestPractices>
3805
<Reflection>1</Reflection>
3806
<RemediationSummary>1</RemediationSummary>
3807
<Resources>0</Resources>
3808
<ResourceDetails>0</ResourceDetails>
3809
<ResourceSummaryBreakdown>0</ResourceSummaryBreakdown>
3810
<Application>1</Application>
3811
<Server>1</Server>
3812
<Database>1</Database>
3813
<BySite>0</BySite>
3814
<SiteLinks>1</SiteLinks>
3815
<StatusAndConfig>1</StatusAndConfig>
3816
<Vulnerabilities>1</Vulnerabilities>
3817
<VulnerabilitiesByUrlStandAlone>0</VulnerabilitiesByUrlStandAlone>
3818
<DISASTIG>1</DISASTIG>
3819
<FISMA>1</FISMA>
3820
<CWESANS>1</CWESANS>
3821
<GLB>1</GLB>
3822
<HIPAA>1</HIPAA>
3823
<OWASP2007>0</OWASP2007>
3824
<OWASP2010>0</OWASP2010>
3825
<OWASP2013>0</OWASP2013>
3826
<OWASP2017>1</OWASP2017>
3827
<GDPR2016>1</GDPR2016>
3828
<PCI>0</PCI>
3829
<PCI31>1</PCI31>
3830
<SOX>1</SOX>
3831
<Privacy>1</Privacy>
3832
<Comments>1</Comments>
3833
<Cookies>1</Cookies>
3834
<PDF>0</PDF>
3835
<ZipReport>0</ZipReport>
3836
<ValidateApplet>1</ValidateApplet>
3837
<IncludeDbInZip>0</IncludeDbInZip>
3838
<DisableBigReportPagesThreshold>10000</DisableBigReportPagesThreshold>
3839
<AesEncryptPassword></AesEncryptPassword>
3840
<Metadata></Metadata>
3841
<Confidence>1</Confidence>
3842
</ReportConfig>
3843
<WAFConfig>
3844
<Snort>1</Snort>
3845
<Imperva>1</Imperva>
3846
<ModSec>1</ModSec>
3847
<SnortMode>Alert</SnortMode>
3848
</WAFConfig>
3849
<ScheduleConfig>
3850
<Enabled>0</Enabled>
3851
<PauseTime>2020-06-24 17:08:33</PauseTime>
3852
<ResumeTime>2020-06-24 17:08:33</ResumeTime>
3853
<MaxRunTime>44006 Days, 17:08:33</MaxRunTime>
3854
</ScheduleConfig>
3855
<SiteTechnologyConfig>
3856
<Autodetect>1</Autodetect>
3857
<ServerPerformance>Unknown</ServerPerformance>
3858
<TechnologyTargets>
3859
</TechnologyTargets>
3860
</SiteTechnologyConfig>
3861
<OneTimeTokenConfig>
3862
<AutoDetectCSRF>1</AutoDetectCSRF>
3863
<MaxTokenLifetime>1899-12-30 00:00:00</MaxTokenLifetime>
3864
<ExpirationRegex></ExpirationRegex>
3865
<TokenNameRegex>csrf</TokenNameRegex>
3866
<TokenValueRegex></TokenValueRegex>
3867
</OneTimeTokenConfig>
3868
<CVSSConfig>
3869
<CollateralDamagePotential>Not Defined</CollateralDamagePotential>
3870
<TargetDistribution>Not Defined</TargetDistribution>
3871
<ConfidentialityRequirement>Not Defined</ConfidentialityRequirement>
3872
<IntegrityRequirement>Not Defined</IntegrityRequirement>
3873
<AvailabilityRequirement>Not Defined</AvailabilityRequirement>
3874
<AccessVector>Not Defined</AccessVector>
3875
<AccessComplexity>Not Defined</AccessComplexity>
3876
<CvssAuthentication>Not Defined</CvssAuthentication>
3877
</CVSSConfig>
3878
<ParameterParserConfig>
3879
<EnableBase64ParameterValues>1</EnableBase64ParameterValues>
3880
<StandardURLParserConfig>
3881
<PathNameValueDelimiters>=.</PathNameValueDelimiters>
3882
<PathParameterDelimiters>/;</PathParameterDelimiters>
3883
<QueryNameValueDelimiters>=</QueryNameValueDelimiters>
3884
<QueryParameterDelimiters>
3885
<![CDATA[&]]>
3886
</QueryParameterDelimiters>
3887
<PathParamsValueRegex>\d+</PathParamsValueRegex>
3888
<StartPathParamsPosition>-1</StartPathParamsPosition>
3889
</StandardURLParserConfig>
3890
</ParameterParserConfig>
3891
<ParameterValueConfig>
3892
</ParameterValueConfig>
3893
<RTCConfig>
3894
<Enabled>0</Enabled>
3895
<AuthToken></AuthToken>
3896
<ScanID></ScanID>
3897
</RTCConfig>
3898
<NexposeRESTConfig>
3899
<RootUrl></RootUrl>
3900
<FunctionAttackModuleList></FunctionAttackModuleList>
3901
<FunctionWebAppScanSelectedChildren></FunctionWebAppScanSelectedChildren>
3902
<FunctionNewWebSite></FunctionNewWebSite>
3903
<FunctionNewCrawlResult></FunctionNewCrawlResult>
3904
<FunctionNewForm></FunctionNewForm>
3905
<FunctionNewWebResource></FunctionNewWebResource>
3906
<FunctionNewAttackVector></FunctionNewAttackVector>
3907
<FunctionNewFinding></FunctionNewFinding>
3908
<FunctionTrimFalsePositiveFinding></FunctionTrimFalsePositiveFinding>
3909
<AuthKey></AuthKey>
3910
<ServicePullRequests>0</ServicePullRequests>
3911
</NexposeRESTConfig>
3912
</ScanConfig>