Scan Config XML Breakout
Scan Config XML Breakout
Below is a sample of an XML config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.
ScanConfig is the top-level structure in the Scan Configuration File and contains all elements of the config to be submitted. For Example:
Name sets the name for the config
AppVersion identifies which version of AppSpider the config was written for (defaults to the current major version of the Scan Engine)
Log is a binary field to tell the engine to enable or disable logging (defaults to "1")
- 1 - Enables Logging
- 2 - Disables Logging
A full breakout of all XML elements contained in a scan config can be found at Scan Configuration Parameters
Caution
All elements must be submitted for the XML to be considered a "well-formed" request. Failure to include any element will result in the request being dropped
XML File example
xml
1<ScanConfig>2<Name>webscantest</Name>3<AppVersion>7.0</AppVersion>4<Log>1</Log>5<DetailedLogging>0</DetailedLogging>6<IncludeTraffic>0</IncludeTraffic>7<WindowsErrors>0</WindowsErrors>8<UseSystemDsn>0</UseSystemDsn>9<Recrawl>0</Recrawl>10<PauseOnRecoverableError>1</PauseOnRecoverableError>11<DisplayImminentLicenseExpiryMessage>1</DisplayImminentLicenseExpiryMessage>12<ExecuteCommandLineURL></ExecuteCommandLineURL>13<NotifyScanDoneURL></NotifyScanDoneURL>14<JavaScriptEngine>Chrome</JavaScriptEngine>15<MaxDatabaseSize>1073741824</MaxDatabaseSize>16<MaxTrafficFiles>0</MaxTrafficFiles>17<CrawlConfig>18<MaxDomain>100</MaxDomain>19<MaxCrawlResults>5000</MaxCrawlResults>20<MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>21<MaxPerDirCrawlResults>400</MaxPerDirCrawlResults>22<MaxPerLinkCrawlResults>40</MaxPerLinkCrawlResults>23<MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>24<MaxPerDirChildNodes>300</MaxPerDirChildNodes>25<MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>26<MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>27<MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>28<MaxPerQueryCrawlResults>100</MaxPerQueryCrawlResults>29<RecursionDepth>2</RecursionDepth>30<MaxDirDepth>15</MaxDirDepth>31<DiscoveryDepth>-1</DiscoveryDepth>32<UrlRepetitionTolerance>15</UrlRepetitionTolerance>33<SequenceRepetitionTolerance>3</SequenceRepetitionTolerance>34<MaxReportedImages>500</MaxReportedImages>35<MaxReportedLinks>2500</MaxReportedLinks>36<MaxReportedComments>500</MaxReportedComments>37<MaxReportedScripts>500</MaxReportedScripts>38<MaxReportedEmails>500</MaxReportedEmails>39<MaxReportedForms>500</MaxReportedForms>40<MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>41<MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>42<MaxBrowserDOMDepth>2</MaxBrowserDOMDepth>43<MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>44<MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>45<MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>46<MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>47<NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>48<MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>49<MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>50<MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>51<CrawlPrioritization>Smart</CrawlPrioritization>52<FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File53(or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>54<ServerErrorRegex></ServerErrorRegex>55<InvalidURLRegexAttack>56<![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]>57</InvalidURLRegexAttack>58<InvalidURLRegexCrawl>59<![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]>60</InvalidURLRegexCrawl>61<PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>62<LockCookies>0</LockCookies>63<CaseSensitivity>Case Sensitive</CaseSensitivity>64<UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>65<SaveReferences>0</SaveReferences>66<UseBrowser>1</UseBrowser>67<ShowBrowser>0</ShowBrowser>68<StayOnPort>0</StayOnPort>69<RestrictToMacro>0</RestrictToMacro>70<RestrictToManualCrawling>0</RestrictToManualCrawling>71<RestrictToSeedList>0</RestrictToSeedList>72<RestrictToWebService>0</RestrictToWebService>73<RestrictToSelenium>0</RestrictToSelenium>74<RestrictToSwagger>0</RestrictToSwagger>75<RestrictToAgentRoutes>0</RestrictToAgentRoutes>76<ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>77<PageEqualThreshhold>0.95</PageEqualThreshhold>78<PageSimilarThreshhold>0.8</PageSimilarThreshhold>79<ExperimentalCrawling>Disabled</ExperimentalCrawling>80<Flash>1</Flash>81<EnableAdvancedParsers>1</EnableAdvancedParsers>82<SearchForUrls>1</SearchForUrls>83<CookieCommaSeparator>1</CookieCommaSeparator>84<MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>85<BlacklistContactForms>0</BlacklistContactForms>86<EnableRobotstxtSitemapCrawling>0</EnableRobotstxtSitemapCrawling>87<LogDomContents>0</LogDomContents>88<UseBrowserResponseCaching>1</UseBrowserResponseCaching>89<FrameworksCrawlConfig>90<EnableFrameworksCrawling>1</EnableFrameworksCrawling>91<FrameworkConfigList>92<FrameworkConfig>93<Name>ReactJS</Name>94<DefaultConfigVersion>2</DefaultConfigVersion>95<Enabled>1</Enabled>96<HEAD>1</HEAD>97<DetectionRegex>createReactRootIndex</DetectionRegex>98<HealthcheckString>react</HealthcheckString>99<FileName>fm.react.min.js</FileName>100<GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>101<GetAllEventsDelay>0</GetAllEventsDelay>102<GetVersionStringScript></GetVersionStringScript>103</FrameworkConfig>104<FrameworkConfig>105<Name>AngularJS</Name>106<DefaultConfigVersion>1</DefaultConfigVersion>107<Enabled>1</Enabled>108<HEAD>0</HEAD>109<DetectionRegex>ng-controller</DetectionRegex>110<HealthcheckString>angular</HealthcheckString>111<FileName>angular-hook-bundle.min.js</FileName>112<GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>113<GetAllEventsDelay>0</GetAllEventsDelay>114<GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>115</FrameworkConfig>116<FrameworkConfig>117<Name>KnockoutJS</Name>118<DefaultConfigVersion>1</DefaultConfigVersion>119<Enabled>1</Enabled>120<HEAD>0</HEAD>121<DetectionRegex>data-bind</DetectionRegex>122<HealthcheckString>ko</HealthcheckString>123<FileName>ko-hook-bundle.min.js</FileName>124<GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>125<GetAllEventsDelay>5000</GetAllEventsDelay>126<GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>127</FrameworkConfig>128<FrameworkConfig>129<Name>AngularLib</Name>130<DefaultConfigVersion>2</DefaultConfigVersion>131<Enabled>1</Enabled>132133<HEAD>0</HEAD>134<DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>135<HealthcheckString></HealthcheckString>136<FileName>angular-4-hook-bundle.min.js</FileName>137<GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>138<GetAllEventsDelay>6000</GetAllEventsDelay>139<GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>140</FrameworkConfig>141<FrameworkConfig>142<Name>ReactLib</Name>143<DefaultConfigVersion>1</DefaultConfigVersion>144<Enabled>1</Enabled>145<HEAD>0</HEAD>146<DetectionRegex>react-text</DetectionRegex>147<HealthcheckString></HealthcheckString>148<FileName>react-hook-bundle.min.js</FileName>149<GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>150<GetAllEventsDelay>8000</GetAllEventsDelay>151<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>152</FrameworkConfig>153<FrameworkConfig>154<Name>ReactTwo</Name>155<DefaultConfigVersion>1</DefaultConfigVersion>156<Enabled>1</Enabled>157<HEAD>0</HEAD>158<DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>159<HealthcheckString></HealthcheckString>160<FileName>react-hook-bundle.min.js</FileName>161<GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>162<GetAllEventsDelay>8000</GetAllEventsDelay>163<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>164</FrameworkConfig>165<FrameworkConfig>166<Name>OpenUI5</Name>167<DefaultConfigVersion>1</DefaultConfigVersion>168<Enabled>1</Enabled>169<HEAD>0</HEAD>170<DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>171<HealthcheckString></HealthcheckString>172<FileName>sap-open-ui5-hook-bundle.min.js</FileName>173<GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>174<GetAllEventsDelay>5000</GetAllEventsDelay>175<GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>176</FrameworkConfig>177<FrameworkConfig>178<Name>Vue</Name>179<DefaultConfigVersion>1</DefaultConfigVersion>180<Enabled>1</Enabled>181<HEAD>0</HEAD>182<DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>183<HealthcheckString></HealthcheckString>184<FileName>vue-hook-bundle.min.js</FileName>185<GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>186<GetAllEventsDelay>5000</GetAllEventsDelay>187<GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>188</FrameworkConfig>189<FrameworkConfig>190<Name>Ember</Name>191<DefaultConfigVersion>1</DefaultConfigVersion>192<Enabled>1</Enabled>193<HEAD>0</HEAD>194<DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>195<HealthcheckString></HealthcheckString>196<FileName>ember-hook-bundle.min.js</FileName>197<GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>198<GetAllEventsDelay>5000</GetAllEventsDelay>199<GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>200</FrameworkConfig>201<FrameworkConfig>202<Name>Backbone</Name>203<DefaultConfigVersion>1</DefaultConfigVersion>204<Enabled>1</Enabled>205<HEAD>0</HEAD>206<DetectionRegex>(?-i)Backbone</DetectionRegex>207<HealthcheckString></HealthcheckString>208<FileName>backbone-hook-bundle.min.js</FileName>209<GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>210<GetAllEventsDelay>5000</GetAllEventsDelay>211<GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>212</FrameworkConfig>213</FrameworkConfigList>214</FrameworksCrawlConfig>215<SeedUrlList>216<SeedUrl>217<Value>http://www.webscantest.com/</Value>218</SeedUrl>219</SeedUrlList>220<ScopeConstraintList>221<ScopeConstraint>222<URL>http://www.webscantest.com/*</URL>223<Method>All</Method>224<MatchCriteria>Wildcard</MatchCriteria>225<Exclusion>Include</Exclusion>226</ScopeConstraint>227<ScopeConstraint>228<URL>http://*.www.webscantest.com/*</URL>229<Method>All</Method>230<MatchCriteria>Wildcard</MatchCriteria>231<Exclusion>Include</Exclusion>232</ScopeConstraint>233</ScopeConstraintList>234<BlackListExtensionList>235<BlackListExtension>236<Value>css</Value>237</BlackListExtension>238<BlackListExtension>239<Value>axd</Value>240</BlackListExtension>241</BlackListExtensionList>242<GrayListExtensionList>243<GrayListExtension>244<Value>pdf</Value>245</GrayListExtension>246<GrayListExtension>247<Value>doc</Value>248</GrayListExtension>249<GrayListExtension>250<Value>jpg</Value>251</GrayListExtension>252<GrayListExtension>253<Value>jpeg</Value>254</GrayListExtension>255<GrayListExtension>256<Value>gif</Value>257</GrayListExtension>258<GrayListExtension>259<Value>png</Value>260</GrayListExtension>261<GrayListExtension>262<Value>bmp</Value>263</GrayListExtension>264<GrayListExtension>265<Value>ico</Value>266</GrayListExtension>267<GrayListExtension>268<Value>js</Value>269</GrayListExtension>270<GrayListExtension>271<Value>tiff</Value>272</GrayListExtension>273<GrayListExtension>274<Value>eot</Value>275</GrayListExtension>276<GrayListExtension>277<Value>ttf</Value>278</GrayListExtension>279<GrayListExtension>280<Value>mid</Value>281</GrayListExtension>282<GrayListExtension>283<Value>midi</Value>284</GrayListExtension>285<GrayListExtension>286<Value>mp3</Value>287</GrayListExtension>288<GrayListExtension>289<Value>mpeg</Value>290</GrayListExtension>291<GrayListExtension>292<Value>wav</Value>293</GrayListExtension>294<GrayListExtension>295<Value>avi</Value>296</GrayListExtension>297<GrayListExtension>298<Value>woff</Value>299</GrayListExtension>300<GrayListExtension>301<Value>svg</Value>302</GrayListExtension>303</GrayListExtensionList>304<BinaryExtensionList>305<BinaryExtension>306<Value>fla</Value>307</BinaryExtension>308<BinaryExtension>309<Value>swf</Value>310</BinaryExtension>311<BinaryExtension>312<Value>pdf</Value>313</BinaryExtension>314<BinaryExtension>315<Value>doc</Value>316</BinaryExtension>317<BinaryExtension>318<Value>jpg</Value>319</BinaryExtension>320<BinaryExtension>321<Value>jpeg</Value>322</BinaryExtension>323<BinaryExtension>324<Value>gif</Value>325</BinaryExtension>326<BinaryExtension>327<Value>png</Value>328</BinaryExtension>329<BinaryExtension>330<Value>bmp</Value>331</BinaryExtension>332<BinaryExtension>333<Value>ico</Value>334</BinaryExtension>335<BinaryExtension>336<Value>dll</Value>337</BinaryExtension>338<BinaryExtension>339<Value>exe</Value>340</BinaryExtension>341<BinaryExtension>342<Value>eot</Value>343</BinaryExtension>344<BinaryExtension>345<Value>ttf</Value>346</BinaryExtension>347<BinaryExtension>348<Value>mp3</Value>349</BinaryExtension>350<BinaryExtension>351<Value>mp4</Value>352</BinaryExtension>353<BinaryExtension>354<Value>wav</Value>355</BinaryExtension>356<BinaryExtension>357<Value>woff</Value>358</BinaryExtension>359<BinaryExtension>360<Value>svg</Value>361</BinaryExtension>362</BinaryExtensionList>363<TextExtensionList>364<TextExtension>365<Value>txt</Value>366</TextExtension>367<TextExtension>368<Value>js</Value>369</TextExtension>370<TextExtension>371<Value>css</Value>372</TextExtension>373<TextExtension>374<Value>json</Value>375</TextExtension>376</TextExtensionList>377<BinaryContentTypeList>378<BinaryContentType>379<Value>audio/*</Value>380</BinaryContentType>381<BinaryContentType>382<Value>image/*</Value>383</BinaryContentType>384<BinaryContentType>385<Value>video/*</Value>386</BinaryContentType>387<BinaryContentType>388<Value>application/pdf</Value>389</BinaryContentType>390<BinaryContentType>391<Value>application/zip</Value>392</BinaryContentType>393<BinaryContentType>394<Value>application/x-rar-compressed</Value>395</BinaryContentType>396<BinaryContentType>397<Value>application/x-dvi</Value>398</BinaryContentType>399<BinaryContentType>400<Value>application/x-shockwave-flash</Value>401</BinaryContentType>402<BinaryContentType>403<Value>application/msword</Value>404</BinaryContentType>405<BinaryContentType>406<Value>application/ogg</Value>407</BinaryContentType>408<BinaryContentType>409<Value>application/x-tar</Value>410</BinaryContentType>411<BinaryContentType>412<Value>application/octet-stream</Value>413</BinaryContentType>414</BinaryContentTypeList>415<HTMLContentTypeList>416<HTMLContentType>417<Value>text/html</Value>418</HTMLContentType>419<HTMLContentType>420<Value>html/*</Value>421</HTMLContentType>422<HTMLContentType>423<Value>application/xhtml+xml</Value>424</HTMLContentType>425</HTMLContentTypeList>426<TextContentTypeList>427<TextContentType>428<Value>text/plain</Value>429</TextContentType>430<TextContentType>431<Value>text/csv</Value>432</TextContentType>433<TextContentType>434<Value>text/css</Value>435</TextContentType>436<TextContentType>437<Value>text/javascript</Value>438</TextContentType>439<TextContentType>440<Value>application/javascript</Value>441</TextContentType>442<TextContentType>443<Value>application/x-javascript</Value>444</TextContentType>445<TextContentType>446<Value>application/json</Value>447</TextContentType>448<TextContentType>449<Value>application/x-httpd-php-source</Value>450</TextContentType>451</TextContentTypeList>452<XMLContentTypeList>453<XMLContentType>454<Value>application/xml-dtd</Value>455</XMLContentType>456<XMLContentType>457<Value>text/xml</Value>458</XMLContentType>459<XMLContentType>460<Value>application/soap+xml</Value>461</XMLContentType>462<XMLContentType>463<Value>application/xml</Value>464</XMLContentType>465</XMLContentTypeList>466<BrowserDownloadWhitelistList>467<BrowserDownloadWhitelist>468<Value>*.css</Value>469</BrowserDownloadWhitelist>470<BrowserDownloadWhitelist>471<Value>*.js</Value>472</BrowserDownloadWhitelist>473<BrowserDownloadWhitelist>474<Value>*.xml</Value>475</BrowserDownloadWhitelist>476<BrowserDownloadWhitelist>477<Value>*.dtd</Value>478</BrowserDownloadWhitelist>479<BrowserDownloadWhitelist>480<Value>*.axd</Value>481</BrowserDownloadWhitelist>482<BrowserDownloadWhitelist>483<Value>*.json</Value>484</BrowserDownloadWhitelist>485<BrowserDownloadWhitelist>486<Value>*/js/*</Value>487</BrowserDownloadWhitelist>488<BrowserDownloadWhitelist>489<Value>*/css/*</Value>490</BrowserDownloadWhitelist>491</BrowserDownloadWhitelistList>492<BrowserDoNotDownloadExtensionList>493<BrowserDoNotDownloadExtension>494<Value>pdf</Value>495</BrowserDoNotDownloadExtension>496<BrowserDoNotDownloadExtension>497<Value>doc</Value>498</BrowserDoNotDownloadExtension>499<BrowserDoNotDownloadExtension>500<Value>jpg</Value>501</BrowserDoNotDownloadExtension>502<BrowserDoNotDownloadExtension>503<Value>jpeg</Value>504</BrowserDoNotDownloadExtension>505<BrowserDoNotDownloadExtension>506<Value>gif</Value>507</BrowserDoNotDownloadExtension>508<BrowserDoNotDownloadExtension>509<Value>png</Value>510</BrowserDoNotDownloadExtension>511<BrowserDoNotDownloadExtension>512<Value>bmp</Value>513</BrowserDoNotDownloadExtension>514<BrowserDoNotDownloadExtension>515<Value>ico</Value>516</BrowserDoNotDownloadExtension>517<BrowserDoNotDownloadExtension>518<Value>exe</Value>519</BrowserDoNotDownloadExtension>520<BrowserDoNotDownloadExtension>521<Value>swf</Value>522</BrowserDoNotDownloadExtension>523<BrowserDoNotDownloadExtension>524<Value>mp3</Value>525</BrowserDoNotDownloadExtension>526<BrowserDoNotDownloadExtension>527<Value>mp4</Value>528</BrowserDoNotDownloadExtension>529<BrowserDoNotDownloadExtension>530<Value>wav</Value>531</BrowserDoNotDownloadExtension>532<BrowserDoNotDownloadExtension>533<Value>eot</Value>534</BrowserDoNotDownloadExtension>535<BrowserDoNotDownloadExtension>536<Value>ttf</Value>537</BrowserDoNotDownloadExtension>538<BrowserDoNotDownloadExtension>539<Value>woff</Value>540</BrowserDoNotDownloadExtension>541<BrowserDoNotDownloadExtension>542<Value>ico</Value>543</BrowserDoNotDownloadExtension>544<BrowserDoNotDownloadExtension>545<Value>svg</Value>546</BrowserDoNotDownloadExtension>547</BrowserDoNotDownloadExtensionList>548<BrowserDoNotDownloadContentTypeList>549<BrowserDoNotDownloadContentType>550<Value>audio/*</Value>551</BrowserDoNotDownloadContentType>552<BrowserDoNotDownloadContentType>553<Value>image/*</Value>554</BrowserDoNotDownloadContentType>555<BrowserDoNotDownloadContentType>556<Value>video/*</Value>557</BrowserDoNotDownloadContentType>558<BrowserDoNotDownloadContentType>559<Value>application/pdf</Value>560</BrowserDoNotDownloadContentType>561<BrowserDoNotDownloadContentType>562<Value>application/zip</Value>563</BrowserDoNotDownloadContentType>564<BrowserDoNotDownloadContentType>565<Value>application/x-rar-compressed</Value>566</BrowserDoNotDownloadContentType>567<BrowserDoNotDownloadContentType>568<Value>application/x-dvi</Value>569</BrowserDoNotDownloadContentType>570<BrowserDoNotDownloadContentType>571<Value>application/x-shockwave-flash</Value>572</BrowserDoNotDownloadContentType>573<BrowserDoNotDownloadContentType>574<Value>application/msword</Value>575</BrowserDoNotDownloadContentType>576<BrowserDoNotDownloadContentType>577<Value>application/ogg</Value>578</BrowserDoNotDownloadContentType>579<BrowserDoNotDownloadContentType>580<Value>application/x-tar</Value>581</BrowserDoNotDownloadContentType>582<BrowserDoNotDownloadContentType>583<Value>application/octet-stream</Value>584</BrowserDoNotDownloadContentType>585</BrowserDoNotDownloadContentTypeList>586</CrawlConfig>587<AttackerConfig>588<ParametersToAttackBeforeLimitingAttacks>100</ParametersToAttackBeforeLimitingAttacks>589<LinksToAttackBeforeLimitingAttacks>20</LinksToAttackBeforeLimitingAttacks>590<MaxSameNameParameterAttackPoints>10</MaxSameNameParameterAttackPoints>591<MaxSameCookieParameterAttackPoints>5</MaxSameCookieParameterAttackPoints>592<MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>593<MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>594<MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>595<ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>596<ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>597<MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>598<MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>599<ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>600<OutOfBandHost></OutOfBandHost>601<MaxSeverityForTrafficReduction>Low</MaxSeverityForTrafficReduction>602<MinResponseSizeForTrafficReduction>204800</MinResponseSizeForTrafficReduction>603<DefaultDoNotAttackParamList>604<DefaultDoNotAttackParam>605<ParameterName>606^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$607</ParameterName>608<MatchCriteria>Regex</MatchCriteria>609</DefaultDoNotAttackParam>610</DefaultDoNotAttackParamList>611</AttackerConfig>612<AttackPolicyConfig>613<Policy>All Modules</Policy>614<AttackPrioritization>Smart</AttackPrioritization>615<AttackDepth>Smart</AttackDepth>616<EnableAdvancedAttacks>0</EnableAdvancedAttacks>617<FalsePositiveRegex></FalsePositiveRegex>618<FalsePositiveFindingRegex></FalsePositiveFindingRegex>619<RootCauseIdExcludeList></RootCauseIdExcludeList>620<AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>621<EnforceEncoding>0</EnforceEncoding>622<AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>623<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>624<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>625<AttackModulePolicyList>626<AttackModulePolicy>627<Enabled>1</Enabled>628<ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>629<ModulePriority>High</ModulePriority>630<Severity>Informational</Severity>631<MaxVulnLimit>10</MaxVulnLimit>632<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>633<MaxVarianceLimit>2</MaxVarianceLimit>634<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>635<EnforceEncoding>0</EnforceEncoding>636<ApplyPolicySeverity>0</ApplyPolicySeverity>637<AttackPoints>Web Site</AttackPoints>638<ParameterLocations></ParameterLocations>639<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>640<DisplayName>Anonymous Access</DisplayName>641<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>642</AttackModulePolicy>643<AttackModulePolicy>644<Enabled>1</Enabled>645<ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>646<ModulePriority>High</ModulePriority>647<Severity>High</Severity>648<MaxVulnLimit>100</MaxVulnLimit>649<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>650<MaxVarianceLimit>3</MaxVarianceLimit>651<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>652<EnforceEncoding>0</EnforceEncoding>653<ApplyPolicySeverity>0</ApplyPolicySeverity>654<AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>655<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header656</ParameterLocations>657<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>658<DisplayName>Apache Struts 2 Framework Checks</DisplayName>659<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>660</AttackModulePolicy>661<AttackModulePolicy>662<Enabled>1</Enabled>663<ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>664<ModulePriority>High</ModulePriority>665<Severity>Informational</Severity>666<MaxVulnLimit>100</MaxVulnLimit>667<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>668<MaxVarianceLimit>3</MaxVarianceLimit>669<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>670<EnforceEncoding>0</EnforceEncoding>671<ApplyPolicySeverity>0</ApplyPolicySeverity>672<AttackPoints>Response Analysis</AttackPoints>673<ParameterLocations></ParameterLocations>674<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>675<DisplayName>Apache Struts Detection</DisplayName>676<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>677</AttackModulePolicy>678<AttackModulePolicy>679<Enabled>1</Enabled>680<ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>681<ModulePriority>High</ModulePriority>682<Severity>High</Severity>683<MaxVulnLimit>100</MaxVulnLimit>684<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>685<MaxVarianceLimit>4</MaxVarianceLimit>686<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>687<EnforceEncoding>0</EnforceEncoding>688<ApplyPolicySeverity>0</ApplyPolicySeverity>689<AttackPoints>Parameter</AttackPoints>690<ParameterLocations>Post</ParameterLocations>691<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>692<DisplayName>Arbitrary File Upload</DisplayName>693<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>694</AttackModulePolicy>695<AttackModulePolicy>696<Enabled>1</Enabled>697<ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>698<ModulePriority>Medium</ModulePriority>699<Severity>Low</Severity>700<MaxVulnLimit>25</MaxVulnLimit>701<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>702<MaxVarianceLimit>2</MaxVarianceLimit>703<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>704<EnforceEncoding>0</EnforceEncoding>705<ApplyPolicySeverity>0</ApplyPolicySeverity>706<AttackPoints>Directory</AttackPoints>707<ParameterLocations></ParameterLocations>708<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>709<DisplayName>ASP.NET Misconfiguration</DisplayName>710<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>711</AttackModulePolicy>712<AttackModulePolicy>713<Enabled>1</Enabled>714<ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>715<ModulePriority>Medium</ModulePriority>716<Severity>High</Severity>717<MaxVulnLimit>25</MaxVulnLimit>718<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>719<MaxVarianceLimit>4</MaxVarianceLimit>720<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>721<EnforceEncoding>0</EnforceEncoding>722<ApplyPolicySeverity>0</ApplyPolicySeverity>723<AttackPoints>Parameter</AttackPoints>724<ParameterLocations>Post|Cookie</ParameterLocations>725<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>726<DisplayName>ASP.NET Serialization</DisplayName>727<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>728</AttackModulePolicy>729<AttackModulePolicy>730<Enabled>1</Enabled>731<ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>732<ModulePriority>Medium</ModulePriority>733<Severity>Low</Severity>734<MaxVulnLimit>200</MaxVulnLimit>735<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>736<MaxVarianceLimit>2</MaxVarianceLimit>737<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>738<EnforceEncoding>0</EnforceEncoding>739<ApplyPolicySeverity>0</ApplyPolicySeverity>740<AttackPoints>Response Analysis</AttackPoints>741<ParameterLocations></ParameterLocations>742<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>743<DisplayName>Autocomplete attribute</DisplayName>744<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>745</AttackModulePolicy>746<AttackModulePolicy>747<Enabled>1</Enabled>748<ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>749<ModulePriority>High</ModulePriority>750<Severity>High</Severity>751<MaxVulnLimit>75</MaxVulnLimit>752<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>753<MaxVarianceLimit>4</MaxVarianceLimit>754<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>755<EnforceEncoding>0</EnforceEncoding>756<ApplyPolicySeverity>0</ApplyPolicySeverity>757<AttackPoints>Parameter</AttackPoints>758<ParameterLocations>Query|Post</ParameterLocations>759<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>760<DisplayName>Blind LDAP Injection</DisplayName>761<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>762</AttackModulePolicy>763<AttackModulePolicy>764<Enabled>1</Enabled>765<ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>766<ModulePriority>Medium</ModulePriority>767<Severity>Informational</Severity>768<MaxVulnLimit>100</MaxVulnLimit>769<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>770<MaxVarianceLimit>1</MaxVarianceLimit>771<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>772<EnforceEncoding>0</EnforceEncoding>773<ApplyPolicySeverity>0</ApplyPolicySeverity>774<AttackPoints>Response Analysis</AttackPoints>775<ParameterLocations></ParameterLocations>776<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>777<DisplayName>Browser Cache directive (web application performance)</DisplayName>778<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>779</AttackModulePolicy>780<AttackModulePolicy>781<Enabled>1</Enabled>782<ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>783<ModulePriority>Medium</ModulePriority>784<Severity>Low</Severity>785<MaxVulnLimit>150</MaxVulnLimit>786<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>787<MaxVarianceLimit>4</MaxVarianceLimit>788<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>789<EnforceEncoding>0</EnforceEncoding>790<ApplyPolicySeverity>0</ApplyPolicySeverity>791<AttackPoints>Response Analysis</AttackPoints>792<ParameterLocations></ParameterLocations>793<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>794<DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>795<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>796</AttackModulePolicy>797<AttackModulePolicy>798<Enabled>1</Enabled>799<ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>800<ModulePriority>High</ModulePriority>801<Severity>High</Severity>802<MaxVulnLimit>5</MaxVulnLimit>803<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>804<MaxVarianceLimit>2</MaxVarianceLimit>805<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>806<EnforceEncoding>0</EnforceEncoding>807<ApplyPolicySeverity>0</ApplyPolicySeverity>808<AttackPoints>Web Resource</AttackPoints>809<ParameterLocations></ParameterLocations>810<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>811<DisplayName>Brute Force (HTTP Auth)</DisplayName>812<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>813</AttackModulePolicy>814<AttackModulePolicy>815<Enabled>1</Enabled>816<ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>817<ModulePriority>High</ModulePriority>818<Severity>High</Severity>819<MaxVulnLimit>5</MaxVulnLimit>820<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>821<MaxVarianceLimit>2</MaxVarianceLimit>822<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>823<EnforceEncoding>0</EnforceEncoding>824<ApplyPolicySeverity>0</ApplyPolicySeverity>825<AttackPoints>Parameter</AttackPoints>826<ParameterLocations>Query|Post</ParameterLocations>827<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>828<DisplayName>Brute Force (Form Auth)</DisplayName>829<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>830</AttackModulePolicy>831<AttackModulePolicy>832<Enabled>1</Enabled>833<ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>834<ModulePriority>High</ModulePriority>835<Severity>High</Severity>836<MaxVulnLimit>250</MaxVulnLimit>837<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>838<MaxVarianceLimit>4</MaxVarianceLimit>839<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>840<EnforceEncoding>0</EnforceEncoding>841<ApplyPolicySeverity>0</ApplyPolicySeverity>842<AttackPoints>Parameter</AttackPoints>843<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>844<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>845<DisplayName>Blind SQL</DisplayName>846<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>847</AttackModulePolicy>848<AttackModulePolicy>849<Enabled>1</Enabled>850<ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>851<ModulePriority>Low</ModulePriority>852<Severity>Low</Severity>853<MaxVulnLimit>100</MaxVulnLimit>854<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>855<MaxVarianceLimit>4</MaxVarianceLimit>856<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>857<EnforceEncoding>0</EnforceEncoding>858<ApplyPolicySeverity>0</ApplyPolicySeverity>859<AttackPoints>Directory</AttackPoints>860<ParameterLocations></ParameterLocations>861<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>862<DisplayName>Clients Cross-Domain Policy Files</DisplayName>863<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>864</AttackModulePolicy>865<AttackModulePolicy>866<Enabled>1</Enabled>867<ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>868<ModulePriority>Low</ModulePriority>869<Severity>Informational</Severity>870<MaxVulnLimit>100</MaxVulnLimit>871<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>872<MaxVarianceLimit>4</MaxVarianceLimit>873<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>874<EnforceEncoding>0</EnforceEncoding>875<ApplyPolicySeverity>0</ApplyPolicySeverity>876<AttackPoints>Response Analysis</AttackPoints>877<ParameterLocations></ParameterLocations>878<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>879<DisplayName>Information Disclosure in comments</DisplayName>880<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>881</AttackModulePolicy>882<AttackModulePolicy>883<Enabled>1</Enabled>884<ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>885<ModulePriority>Medium</ModulePriority>886<Severity>Low</Severity>887<MaxVulnLimit>50</MaxVulnLimit>888<MaxPerWebSiteVulnLimit>20</MaxPerWebSiteVulnLimit>889<MaxVarianceLimit>10</MaxVarianceLimit>890<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>891<EnforceEncoding>0</EnforceEncoding>892<ApplyPolicySeverity>0</ApplyPolicySeverity>893<AttackPoints>Response Analysis</AttackPoints>894<ParameterLocations></ParameterLocations>895<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>896<DisplayName>Cookie attributes</DisplayName>897<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>898</AttackModulePolicy>899<AttackModulePolicy>900<Enabled>1</Enabled>901<ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>902<ModulePriority>Low</ModulePriority>903<Severity>Low</Severity>904<MaxVulnLimit>100</MaxVulnLimit>905<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>906<MaxVarianceLimit>5</MaxVarianceLimit>907<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>908<EnforceEncoding>0</EnforceEncoding>909<ApplyPolicySeverity>0</ApplyPolicySeverity>910<AttackPoints>Web Resource|Response Analysis</AttackPoints>911<ParameterLocations></ParameterLocations>912<RequestOriginations>AJAX</RequestOriginations>913<DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>914<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>915</AttackModulePolicy>916<AttackModulePolicy>917<Enabled>1</Enabled>918<ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>919<ModulePriority>Low</ModulePriority>920<Severity>Medium</Severity>921<MaxVulnLimit>25</MaxVulnLimit>922<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>923<MaxVarianceLimit>2</MaxVarianceLimit>924<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>925<EnforceEncoding>0</EnforceEncoding>926<ApplyPolicySeverity>0</ApplyPolicySeverity>927<AttackPoints>Response Analysis</AttackPoints>928<ParameterLocations></ParameterLocations>929<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>930<DisplayName>Credentials over an insecure channel</DisplayName>931<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>932</AttackModulePolicy>933<AttackModulePolicy>934<Enabled>1</Enabled>935<ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>936<ModulePriority>Medium</ModulePriority>937<Severity>Informational</Severity>938<MaxVulnLimit>100</MaxVulnLimit>939<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>940<MaxVarianceLimit>4</MaxVarianceLimit>941<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>942<EnforceEncoding>0</EnforceEncoding>943<ApplyPolicySeverity>0</ApplyPolicySeverity>944<AttackPoints>Response Analysis</AttackPoints>945<ParameterLocations></ParameterLocations>946<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>947<DisplayName>Content Security Policy Header</DisplayName>948<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>949</AttackModulePolicy>950<AttackModulePolicy>951<Enabled>1</Enabled>952<ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>953<ModulePriority>Low</ModulePriority>954<Severity>Low</Severity>955<MaxVulnLimit>250</MaxVulnLimit>956<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>957<MaxVarianceLimit>2</MaxVarianceLimit>958<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>959<EnforceEncoding>0</EnforceEncoding>960<ApplyPolicySeverity>0</ApplyPolicySeverity>961<AttackPoints>Web Resource</AttackPoints>962<ParameterLocations></ParameterLocations>963<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>964<DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>965<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>966</AttackModulePolicy>967<AttackModulePolicy>968<Enabled>0</Enabled>969<ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>970<ModulePriority>Medium</ModulePriority>971<Severity>Informational</Severity>972<MaxVulnLimit>20</MaxVulnLimit>973<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>974<MaxVarianceLimit>1</MaxVarianceLimit>975<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>976<EnforceEncoding>0</EnforceEncoding>977<ApplyPolicySeverity>0</ApplyPolicySeverity>978<AttackPoints>Directory</AttackPoints>979<ParameterLocations></ParameterLocations>980<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>981<DisplayName>Custom Directory Module</DisplayName>982<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>983</AttackModulePolicy>984<AttackModulePolicy>985<Enabled>0</Enabled>986<ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>987<ModulePriority>Medium</ModulePriority>988<Severity>Informational</Severity>989<MaxVulnLimit>20</MaxVulnLimit>990<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>991<MaxVarianceLimit>1</MaxVarianceLimit>992<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>993<EnforceEncoding>0</EnforceEncoding>994<ApplyPolicySeverity>0</ApplyPolicySeverity>995<AttackPoints>Parameter</AttackPoints>996<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header997</ParameterLocations>998<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>999<DisplayName>Custom Parameter Module</DisplayName>1000<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1001</AttackModulePolicy>1002<AttackModulePolicy>1003<Enabled>0</Enabled>1004<ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>1005<ModulePriority>Medium</ModulePriority>1006<Severity>Informational</Severity>1007<MaxVulnLimit>20</MaxVulnLimit>1008<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1009<MaxVarianceLimit>1</MaxVarianceLimit>1010<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1011<EnforceEncoding>0</EnforceEncoding>1012<ApplyPolicySeverity>0</ApplyPolicySeverity>1013<AttackPoints>Response Analysis</AttackPoints>1014<ParameterLocations></ParameterLocations>1015<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1016<DisplayName>Custom Passive Module</DisplayName>1017<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1018</AttackModulePolicy>1019<AttackModulePolicy>1020<Enabled>1</Enabled>1021<ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>1022<ModulePriority>Medium</ModulePriority>1023<Severity>Low</Severity>1024<MaxVulnLimit>250</MaxVulnLimit>1025<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1026<MaxVarianceLimit>1</MaxVarianceLimit>1027<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1028<EnforceEncoding>0</EnforceEncoding>1029<ApplyPolicySeverity>0</ApplyPolicySeverity>1030<AttackPoints>Directory</AttackPoints>1031<ParameterLocations></ParameterLocations>1032<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1033<DisplayName>Directory Indexing</DisplayName>1034<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1035</AttackModulePolicy>1036<AttackModulePolicy>1037<Enabled>1</Enabled>1038<ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>1039<ModulePriority>Low</ModulePriority>1040<Severity>Informational</Severity>1041<MaxVulnLimit>150</MaxVulnLimit>1042<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1043<MaxVarianceLimit>4</MaxVarianceLimit>1044<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1045<EnforceEncoding>0</EnforceEncoding>1046<ApplyPolicySeverity>0</ApplyPolicySeverity>1047<AttackPoints>Response Analysis</AttackPoints>1048<ParameterLocations></ParameterLocations>1049<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1050<DisplayName>Email Disclosure</DisplayName>1051<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1052</AttackModulePolicy>1053<AttackModulePolicy>1054<Enabled>1</Enabled>1055<ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>1056<ModulePriority>High</ModulePriority>1057<Severity>High</Severity>1058<MaxVulnLimit>100</MaxVulnLimit>1059<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1060<MaxVarianceLimit>4</MaxVarianceLimit>1061<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1062<EnforceEncoding>0</EnforceEncoding>1063<ApplyPolicySeverity>0</ApplyPolicySeverity>1064<AttackPoints>Parameter</AttackPoints>1065<ParameterLocations>Path|Query|Post</ParameterLocations>1066<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1067<DisplayName>Expression Language Injection</DisplayName>1068<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1069</AttackModulePolicy>1070<AttackModulePolicy>1071<Enabled>1</Enabled>1072<ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>1073<ModulePriority>Low</ModulePriority>1074<Severity>Low</Severity>1075<MaxVulnLimit>100</MaxVulnLimit>1076<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1077<MaxVarianceLimit>2</MaxVarianceLimit>1078<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1079<EnforceEncoding>0</EnforceEncoding>1080<ApplyPolicySeverity>0</ApplyPolicySeverity>1081<AttackPoints>Parameter</AttackPoints>1082<ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>1083<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1084<DisplayName>Forced Browsing</DisplayName>1085<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1086</AttackModulePolicy>1087<AttackModulePolicy>1088<Enabled>1</Enabled>1089<ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>1090<ModulePriority>Medium</ModulePriority>1091<Severity>Low</Severity>1092<MaxVulnLimit>200</MaxVulnLimit>1093<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1094<MaxVarianceLimit>2</MaxVarianceLimit>1095<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1096<EnforceEncoding>0</EnforceEncoding>1097<ApplyPolicySeverity>0</ApplyPolicySeverity>1098<AttackPoints>Response Analysis</AttackPoints>1099<ParameterLocations></ParameterLocations>1100<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>1101<DisplayName>Sensitive Data Exposure</DisplayName>1102<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1103</AttackModulePolicy>1104<AttackModulePolicy>1105<Enabled>1</Enabled>1106<ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>1107<ModulePriority>High</ModulePriority>1108<Severity>Low</Severity>1109<MaxVulnLimit>5</MaxVulnLimit>1110<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>1111<MaxVarianceLimit>4</MaxVarianceLimit>1112<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1113<EnforceEncoding>0</EnforceEncoding>1114<ApplyPolicySeverity>0</ApplyPolicySeverity>1115<AttackPoints>Web Resource</AttackPoints>1116<ParameterLocations></ParameterLocations>1117<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1118<DisplayName>Form Session Strength</DisplayName>1119<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1120</AttackModulePolicy>1121<AttackModulePolicy>1122<Enabled>1</Enabled>1123<ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>1124<ModulePriority>High</ModulePriority>1125<Severity>High</Severity>1126<MaxVulnLimit>25</MaxVulnLimit>1127<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1128<MaxVarianceLimit>50</MaxVarianceLimit>1129<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1130<EnforceEncoding>0</EnforceEncoding>1131<ApplyPolicySeverity>0</ApplyPolicySeverity>1132<AttackPoints>Web Site</AttackPoints>1133<ParameterLocations></ParameterLocations>1134<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1135<DisplayName>FrontPage Checks</DisplayName>1136<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1137</AttackModulePolicy>1138<AttackModulePolicy>1139<Enabled>1</Enabled>1140<ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>1141<ModulePriority>High</ModulePriority>1142<Severity>High</Severity>1143<MaxVulnLimit>25</MaxVulnLimit>1144<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1145<MaxVarianceLimit>1</MaxVarianceLimit>1146<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1147<EnforceEncoding>0</EnforceEncoding>1148<ApplyPolicySeverity>0</ApplyPolicySeverity>1149<AttackPoints>Web Site</AttackPoints>1150<ParameterLocations></ParameterLocations>1151<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1152<DisplayName>Heartbleed Check</DisplayName>1153<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1154</AttackModulePolicy>1155<AttackModulePolicy>1156<Enabled>1</Enabled>1157<ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>1158<ModulePriority>Low</ModulePriority>1159<Severity>Informational</Severity>1160<MaxVulnLimit>20</MaxVulnLimit>1161<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>1162<MaxVarianceLimit>1</MaxVarianceLimit>1163<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1164<EnforceEncoding>0</EnforceEncoding>1165<ApplyPolicySeverity>0</ApplyPolicySeverity>1166<AttackPoints>Response Analysis</AttackPoints>1167<ParameterLocations></ParameterLocations>1168<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1169<DisplayName>HTTP Strict Transport Security</DisplayName>1170<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1171</AttackModulePolicy>1172<AttackModulePolicy>1173<Enabled>1</Enabled>1174<ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>1175<ModulePriority>Low</ModulePriority>1176<Severity>Low</Severity>1177<MaxVulnLimit>20</MaxVulnLimit>1178<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>1179<MaxVarianceLimit>4</MaxVarianceLimit>1180<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1181<EnforceEncoding>0</EnforceEncoding>1182<ApplyPolicySeverity>0</ApplyPolicySeverity>1183<AttackPoints>Response Analysis</AttackPoints>1184<ParameterLocations></ParameterLocations>1185<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1186<DisplayName>HTTP Authentication over insecure channel</DisplayName>1187<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1188</AttackModulePolicy>1189<AttackModulePolicy>1190<Enabled>1</Enabled>1191<ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>1192<ModulePriority>Low</ModulePriority>1193<Severity>Low</Severity>1194<MaxVulnLimit>200</MaxVulnLimit>1195<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1196<MaxVarianceLimit>1</MaxVarianceLimit>1197<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1198<EnforceEncoding>0</EnforceEncoding>1199<ApplyPolicySeverity>0</ApplyPolicySeverity>1200<AttackPoints>Web Resource</AttackPoints>1201<ParameterLocations></ParameterLocations>1202<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1203<DisplayName>HTTPS Downgrade</DisplayName>1204<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1205</AttackModulePolicy>1206<AttackModulePolicy>1207<Enabled>1</Enabled>1208<ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>1209<ModulePriority>Medium</ModulePriority>1210<Severity>Informational</Severity>1211<MaxVulnLimit>200</MaxVulnLimit>1212<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1213<MaxVarianceLimit>4</MaxVarianceLimit>1214<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1215<EnforceEncoding>0</EnforceEncoding>1216<ApplyPolicySeverity>0</ApplyPolicySeverity>1217<AttackPoints>Response Analysis</AttackPoints>1218<ParameterLocations></ParameterLocations>1219<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1220<DisplayName>HTTP Headers</DisplayName>1221<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1222</AttackModulePolicy>1223<AttackModulePolicy>1224<Enabled>1</Enabled>1225<ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>1226<ModulePriority>High</ModulePriority>1227<Severity>High</Severity>1228<MaxVulnLimit>200</MaxVulnLimit>1229<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1230<MaxVarianceLimit>4</MaxVarianceLimit>1231<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1232<EnforceEncoding>0</EnforceEncoding>1233<ApplyPolicySeverity>0</ApplyPolicySeverity>1234<AttackPoints>Parameter</AttackPoints>1235<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header1236</ParameterLocations>1237<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1238<DisplayName>HTTP Response Splitting</DisplayName>1239<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1240</AttackModulePolicy>1241<AttackModulePolicy>1242<Enabled>1</Enabled>1243<ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>1244<ModulePriority>Low</ModulePriority>1245<Severity>Low</Severity>1246<MaxVulnLimit>200</MaxVulnLimit>1247<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1248<MaxVarianceLimit>1</MaxVarianceLimit>1249<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1250<EnforceEncoding>0</EnforceEncoding>1251<ApplyPolicySeverity>0</ApplyPolicySeverity>1252<AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>1253<ParameterLocations></ParameterLocations>1254<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1255<DisplayName>HTTPS Everywhere</DisplayName>1256<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1257</AttackModulePolicy>1258<AttackModulePolicy>1259<Enabled>1</Enabled>1260<ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>1261<ModulePriority>Low</ModulePriority>1262<Severity>Informational</Severity>1263<MaxVulnLimit>20</MaxVulnLimit>1264<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>1265<MaxVarianceLimit>1</MaxVarianceLimit>1266<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1267<EnforceEncoding>0</EnforceEncoding>1268<ApplyPolicySeverity>0</ApplyPolicySeverity>1269<AttackPoints>Web Resource</AttackPoints>1270<ParameterLocations></ParameterLocations>1271<RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>1272<DisplayName>HTTP User-Agent Check</DisplayName>1273<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1274</AttackModulePolicy>1275<AttackModulePolicy>1276<Enabled>1</Enabled>1277<ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>1278<ModulePriority>Low</ModulePriority>1279<Severity>Informational</Severity>1280<MaxVulnLimit>500</MaxVulnLimit>1281<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>1282<MaxVarianceLimit>4</MaxVarianceLimit>1283<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1284<EnforceEncoding>0</EnforceEncoding>1285<ApplyPolicySeverity>0</ApplyPolicySeverity>1286<AttackPoints>Response Analysis</AttackPoints>1287<ParameterLocations></ParameterLocations>1288<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1289<DisplayName>Information Disclosure in response</DisplayName>1290<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1291</AttackModulePolicy>1292<AttackModulePolicy>1293<Enabled>1</Enabled>1294<ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>1295<ModulePriority>High</ModulePriority>1296<Severity>Low</Severity>1297<MaxVulnLimit>500</MaxVulnLimit>1298<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>1299<MaxVarianceLimit>4</MaxVarianceLimit>1300<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>1301<EnforceEncoding>0</EnforceEncoding>1302<ApplyPolicySeverity>0</ApplyPolicySeverity>1303<AttackPoints>Response Analysis</AttackPoints>1304<ParameterLocations></ParameterLocations>1305<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1306<DisplayName>Information Leakage in responses</DisplayName>1307<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1308</AttackModulePolicy>1309<AttackModulePolicy>1310<Enabled>1</Enabled>1311<ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>1312<ModulePriority>Low</ModulePriority>1313<Severity>Low</Severity>1314<MaxVulnLimit>100</MaxVulnLimit>1315<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1316<MaxVarianceLimit>4</MaxVarianceLimit>1317<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1318<EnforceEncoding>0</EnforceEncoding>1319<ApplyPolicySeverity>0</ApplyPolicySeverity>1320<AttackPoints>Web Resource</AttackPoints>1321<ParameterLocations></ParameterLocations>1322<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1323<DisplayName>Java Grinder</DisplayName>1324<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1325</AttackModulePolicy>1326<AttackModulePolicy>1327<Enabled>1</Enabled>1328<ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>1329<ModulePriority>Low</ModulePriority>1330<Severity>Informational</Severity>1331<MaxVulnLimit>100</MaxVulnLimit>1332<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>1333<MaxVarianceLimit>4</MaxVarianceLimit>1334<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1335<EnforceEncoding>0</EnforceEncoding>1336<ApplyPolicySeverity>0</ApplyPolicySeverity>1337<AttackPoints>Response Analysis</AttackPoints>1338<ParameterLocations></ParameterLocations>1339<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>1340<DisplayName>JavaScript Memory Leaks</DisplayName>1341<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1342</AttackModulePolicy>1343<AttackModulePolicy>1344<Enabled>1</Enabled>1345<ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>1346<ModulePriority>High</ModulePriority>1347<Severity>High</Severity>1348<MaxVulnLimit>100</MaxVulnLimit>1349<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>1350<MaxVarianceLimit>4</MaxVarianceLimit>1351<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1352<EnforceEncoding>0</EnforceEncoding>1353<ApplyPolicySeverity>0</ApplyPolicySeverity>1354<AttackPoints>Parameter</AttackPoints>1355<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>1356<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1357<DisplayName>LDAP Injection</DisplayName>1358<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1359</AttackModulePolicy>1360<AttackModulePolicy>1361<Enabled>1</Enabled>1362<ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>1363<ModulePriority>High</ModulePriority>1364<Severity>Informational</Severity>1365<MaxVulnLimit>250</MaxVulnLimit>1366<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1367<MaxVarianceLimit>4</MaxVarianceLimit>1368<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1369<EnforceEncoding>0</EnforceEncoding>1370<ApplyPolicySeverity>0</ApplyPolicySeverity>1371<AttackPoints>Response Analysis</AttackPoints>1372<ParameterLocations></ParameterLocations>1373<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>1374<DisplayName>Local Storage Usage</DisplayName>1375<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1376</AttackModulePolicy>1377<AttackModulePolicy>1378<Enabled>1</Enabled>1379<ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>1380<ModulePriority>Medium</ModulePriority>1381<Severity>Low</Severity>1382<MaxVulnLimit>100</MaxVulnLimit>1383<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1384<MaxVarianceLimit>4</MaxVarianceLimit>1385<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1386<EnforceEncoding>0</EnforceEncoding>1387<ApplyPolicySeverity>0</ApplyPolicySeverity>1388<AttackPoints>Parameter|Response Analysis</AttackPoints>1389<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>1390<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1391<DisplayName>Business logic abuse attacks</DisplayName>1392<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1393</AttackModulePolicy>1394<AttackModulePolicy>1395<Enabled>1</Enabled>1396<ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>1397<ModulePriority>High</ModulePriority>1398<Severity>High</Severity>1399<MaxVulnLimit>10</MaxVulnLimit>1400<MaxPerWebSiteVulnLimit>1</MaxPerWebSiteVulnLimit>1401<MaxVarianceLimit>1</MaxVarianceLimit>1402<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1403<EnforceEncoding>0</EnforceEncoding>1404<ApplyPolicySeverity>0</ApplyPolicySeverity>1405<AttackPoints>Parameter</AttackPoints>1406<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>1407<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1408<DisplayName>Nginx NULL code</DisplayName>1409<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1410</AttackModulePolicy>1411<AttackModulePolicy>1412<Enabled>1</Enabled>1413<ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>1414<ModulePriority>High</ModulePriority>1415<Severity>High</Severity>1416<MaxVulnLimit>500</MaxVulnLimit>1417<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>1418<MaxVarianceLimit>4</MaxVarianceLimit>1419<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1420<EnforceEncoding>0</EnforceEncoding>1421<ApplyPolicySeverity>0</ApplyPolicySeverity>1422<AttackPoints>Parameter</AttackPoints>1423<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>1424<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1425<DisplayName>NoSQLi Injection</DisplayName>1426<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1427</AttackModulePolicy>1428<AttackModulePolicy>1429<Enabled>1</Enabled>1430<ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>1431<ModulePriority>High</ModulePriority>1432<Severity>High</Severity>1433<MaxVulnLimit>250</MaxVulnLimit>1434<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1435<MaxVarianceLimit>4</MaxVarianceLimit>1436<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1437<EnforceEncoding>0</EnforceEncoding>1438<ApplyPolicySeverity>0</ApplyPolicySeverity>1439<AttackPoints>Parameter</AttackPoints>1440<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>1441<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1442<DisplayName>Blind NoSQLi</DisplayName>1443<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1444</AttackModulePolicy>1445<AttackModulePolicy>1446<Enabled>1</Enabled>1447<ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>1448<ModulePriority>Medium</ModulePriority>1449<Severity>High</Severity>1450<MaxVulnLimit>200</MaxVulnLimit>1451<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1452<MaxVarianceLimit>4</MaxVarianceLimit>1453<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1454<EnforceEncoding>0</EnforceEncoding>1455<ApplyPolicySeverity>0</ApplyPolicySeverity>1456<AttackPoints>Parameter</AttackPoints>1457<ParameterLocations>File|Path|Query|Post</ParameterLocations>1458<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1459<DisplayName>OS Commanding</DisplayName>1460<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1461</AttackModulePolicy>1462<AttackModulePolicy>1463<Enabled>1</Enabled>1464<ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>1465<ModulePriority>High</ModulePriority>1466<Severity>High</Severity>1467<MaxVulnLimit>250</MaxVulnLimit>1468<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1469<MaxVarianceLimit>5</MaxVarianceLimit>1470<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1471<EnforceEncoding>0</EnforceEncoding>1472<ApplyPolicySeverity>0</ApplyPolicySeverity>1473<AttackPoints>Parameter</AttackPoints>1474<ParameterLocations>Query|Post</ParameterLocations>1475<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1476<DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>1477<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1478</AttackModulePolicy>1479<AttackModulePolicy>1480<Enabled>1</Enabled>1481<ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>1482<ModulePriority>High</ModulePriority>1483<Severity>Medium</Severity>1484<MaxVulnLimit>250</MaxVulnLimit>1485<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1486<MaxVarianceLimit>5</MaxVarianceLimit>1487<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1488<EnforceEncoding>0</EnforceEncoding>1489<ApplyPolicySeverity>0</ApplyPolicySeverity>1490<AttackPoints>Parameter</AttackPoints>1491<ParameterLocations>Query|Post</ParameterLocations>1492<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1493<DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>1494<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1495</AttackModulePolicy>1496<AttackModulePolicy>1497<Enabled>1</Enabled>1498<ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>1499<ModulePriority>High</ModulePriority>1500<Severity>Medium</Severity>1501<MaxVulnLimit>500</MaxVulnLimit>1502<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>1503<MaxVarianceLimit>4</MaxVarianceLimit>1504<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1505<EnforceEncoding>0</EnforceEncoding>1506<ApplyPolicySeverity>0</ApplyPolicySeverity>1507<AttackPoints>Parameter</AttackPoints>1508<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>1509<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1510<DisplayName>Parameter Fuzzing</DisplayName>1511<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1512</AttackModulePolicy>1513<AttackModulePolicy>1514<Enabled>1</Enabled>1515<ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>1516<ModulePriority>High</ModulePriority>1517<Severity>Low</Severity>1518<MaxVulnLimit>10</MaxVulnLimit>1519<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>1520<MaxVarianceLimit>2</MaxVarianceLimit>1521<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>1522<EnforceEncoding>0</EnforceEncoding>1523<ApplyPolicySeverity>0</ApplyPolicySeverity>1524<AttackPoints>Response Analysis</AttackPoints>1525<ParameterLocations></ParameterLocations>1526<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1527<DisplayName>Credentials stored in clear text in a cookie.</DisplayName>1528<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1529</AttackModulePolicy>1530<AttackModulePolicy>1531<Enabled>1</Enabled>1532<ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>1533<ModulePriority>Medium</ModulePriority>1534<Severity>Informational</Severity>1535<MaxVulnLimit>200</MaxVulnLimit>1536<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1537<MaxVarianceLimit>10</MaxVarianceLimit>1538<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1539<EnforceEncoding>0</EnforceEncoding>1540<ApplyPolicySeverity>0</ApplyPolicySeverity>1541<AttackPoints>Response Analysis</AttackPoints>1542<ParameterLocations></ParameterLocations>1543<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>1544<DisplayName>Collecting Sensitive Personal Information</DisplayName>1545<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1546</AttackModulePolicy>1547<AttackModulePolicy>1548<Enabled>1</Enabled>1549<ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>1550<ModulePriority>High</ModulePriority>1551<Severity>Medium</Severity>1552<MaxVulnLimit>100</MaxVulnLimit>1553<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1554<MaxVarianceLimit>4</MaxVarianceLimit>1555<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1556<EnforceEncoding>0</EnforceEncoding>1557<ApplyPolicySeverity>0</ApplyPolicySeverity>1558<AttackPoints>Parameter</AttackPoints>1559<ParameterLocations>Query|Post|Cookie</ParameterLocations>1560<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1561<DisplayName>PHP Code Execution</DisplayName>1562<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1563</AttackModulePolicy>1564<AttackModulePolicy>1565<Enabled>1</Enabled>1566<ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>1567<ModulePriority>High</ModulePriority>1568<Severity>Low</Severity>1569<MaxVulnLimit>4</MaxVulnLimit>1570<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>1571<MaxVarianceLimit>4</MaxVarianceLimit>1572<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1573<EnforceEncoding>0</EnforceEncoding>1574<ApplyPolicySeverity>0</ApplyPolicySeverity>1575<AttackPoints>Web Resource</AttackPoints>1576<ParameterLocations></ParameterLocations>1577<RequestOriginations>HTML</RequestOriginations>1578<DisplayName>Privacy Policy Check</DisplayName>1579<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1580</AttackModulePolicy>1581<AttackModulePolicy>1582<Enabled>1</Enabled>1583<ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>1584<ModulePriority>Low</ModulePriority>1585<Severity>Informational</Severity>1586<MaxVulnLimit>250</MaxVulnLimit>1587<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1588<MaxVarianceLimit>10</MaxVarianceLimit>1589<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1590<EnforceEncoding>0</EnforceEncoding>1591<ApplyPolicySeverity>0</ApplyPolicySeverity>1592<AttackPoints>Response Analysis</AttackPoints>1593<ParameterLocations></ParameterLocations>1594<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1595<DisplayName>Privacy Disclosure</DisplayName>1596<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1597</AttackModulePolicy>1598<AttackModulePolicy>1599<Enabled>1</Enabled>1600<ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>1601<ModulePriority>Medium</ModulePriority>1602<Severity>Low</Severity>1603<MaxVulnLimit>10</MaxVulnLimit>1604<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>1605<MaxVarianceLimit>4</MaxVarianceLimit>1606<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1607<EnforceEncoding>0</EnforceEncoding>1608<ApplyPolicySeverity>0</ApplyPolicySeverity>1609<AttackPoints>Web Resource|Response Analysis</AttackPoints>1610<ParameterLocations></ParameterLocations>1611<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1612<DisplayName>Privilege Escalation</DisplayName>1613<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1614</AttackModulePolicy>1615<AttackModulePolicy>1616<Enabled>1</Enabled>1617<ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>1618<ModulePriority>Low</ModulePriority>1619<Severity>Informational</Severity>1620<MaxVulnLimit>200</MaxVulnLimit>1621<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1622<MaxVarianceLimit>4</MaxVarianceLimit>1623<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1624<EnforceEncoding>0</EnforceEncoding>1625<ApplyPolicySeverity>0</ApplyPolicySeverity>1626<AttackPoints>Response Analysis</AttackPoints>1627<ParameterLocations></ParameterLocations>1628<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1629<DisplayName>Profanity</DisplayName>1630<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1631</AttackModulePolicy>1632<AttackModulePolicy>1633<Enabled>1</Enabled>1634<ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>1635<ModulePriority>Low</ModulePriority>1636<Severity>Informational</Severity>1637<MaxVulnLimit>500</MaxVulnLimit>1638<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>1639<MaxVarianceLimit>4</MaxVarianceLimit>1640<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1641<EnforceEncoding>0</EnforceEncoding>1642<ApplyPolicySeverity>0</ApplyPolicySeverity>1643<AttackPoints>Parameter</AttackPoints>1644<ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>1645<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1646<DisplayName>Reflection</DisplayName>1647<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1648</AttackModulePolicy>1649<AttackModulePolicy>1650<Enabled>1</Enabled>1651<ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>1652<ModulePriority>Medium</ModulePriority>1653<Severity>Medium</Severity>1654<MaxVulnLimit>1000</MaxVulnLimit>1655<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>1656<MaxVarianceLimit>4</MaxVarianceLimit>1657<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1658<EnforceEncoding>0</EnforceEncoding>1659<ApplyPolicySeverity>0</ApplyPolicySeverity>1660<AttackPoints>Directory|File|Parameter</AttackPoints>1661<ParameterLocations>Query|Post|Cookie</ParameterLocations>1662<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1663<DisplayName>File Inclusion</DisplayName>1664<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1665</AttackModulePolicy>1666<AttackModulePolicy>1667<Enabled>1</Enabled>1668<ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>1669<ModulePriority>Low</ModulePriority>1670<Severity>Informational</Severity>1671<MaxVulnLimit>50</MaxVulnLimit>1672<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1673<MaxVarianceLimit>2</MaxVarianceLimit>1674<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1675<EnforceEncoding>0</EnforceEncoding>1676<ApplyPolicySeverity>0</ApplyPolicySeverity>1677<AttackPoints>Web Resource</AttackPoints>1678<ParameterLocations></ParameterLocations>1679<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1680<DisplayName>HTTP Verb Tampering</DisplayName>1681<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1682</AttackModulePolicy>1683<AttackModulePolicy>1684<Enabled>1</Enabled>1685<ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>1686<ModulePriority>Low</ModulePriority>1687<Severity>Low</Severity>1688<MaxVulnLimit>200</MaxVulnLimit>1689<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1690<MaxVarianceLimit>10</MaxVarianceLimit>1691<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1692<EnforceEncoding>0</EnforceEncoding>1693<ApplyPolicySeverity>0</ApplyPolicySeverity>1694<AttackPoints>Web Site|Directory|File</AttackPoints>1695<ParameterLocations></ParameterLocations>1696<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1697<DisplayName>Predictable Resource Location</DisplayName>1698<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1699</AttackModulePolicy>1700<AttackModulePolicy>1701<Enabled>1</Enabled>1702<ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>1703<ModulePriority>Medium</ModulePriority>1704<Severity>Medium</Severity>1705<MaxVulnLimit>250</MaxVulnLimit>1706<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1707<MaxVarianceLimit>4</MaxVarianceLimit>1708<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1709<EnforceEncoding>0</EnforceEncoding>1710<ApplyPolicySeverity>0</ApplyPolicySeverity>1711<AttackPoints>Parameter</AttackPoints>1712<ParameterLocations>Query</ParameterLocations>1713<RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>1714<DisplayName>Reverse Clickjacking</DisplayName>1715<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1716</AttackModulePolicy>1717<AttackModulePolicy>1718<Enabled>1</Enabled>1719<ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>1720<ModulePriority>High</ModulePriority>1721<Severity>Low</Severity>1722<MaxVulnLimit>25</MaxVulnLimit>1723<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1724<MaxVarianceLimit>1</MaxVarianceLimit>1725<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1726<EnforceEncoding>0</EnforceEncoding>1727<ApplyPolicySeverity>0</ApplyPolicySeverity>1728<AttackPoints>Web Site</AttackPoints>1729<ParameterLocations></ParameterLocations>1730<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1731<DisplayName>Reverse Proxy</DisplayName>1732<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1733</AttackModulePolicy>1734<AttackModulePolicy>1735<Enabled>1</Enabled>1736<ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>1737<ModulePriority>Low</ModulePriority>1738<Severity>Low</Severity>1739<MaxVulnLimit>200</MaxVulnLimit>1740<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1741<MaxVarianceLimit>4</MaxVarianceLimit>1742<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1743<EnforceEncoding>0</EnforceEncoding>1744<ApplyPolicySeverity>0</ApplyPolicySeverity>1745<AttackPoints>Response Analysis</AttackPoints>1746<ParameterLocations></ParameterLocations>1747<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1748<DisplayName>Information Disclosure in scripts</DisplayName>1749<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1750</AttackModulePolicy>1751<AttackModulePolicy>1752<Enabled>1</Enabled>1753<ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>1754<ModulePriority>Low</ModulePriority>1755<Severity>Informational</Severity>1756<MaxVulnLimit>250</MaxVulnLimit>1757<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1758<MaxVarianceLimit>3</MaxVarianceLimit>1759<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1760<EnforceEncoding>0</EnforceEncoding>1761<ApplyPolicySeverity>0</ApplyPolicySeverity>1762<AttackPoints>Response Analysis</AttackPoints>1763<ParameterLocations></ParameterLocations>1764<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1765<DisplayName>Secure and non-secure content mix</DisplayName>1766<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1767</AttackModulePolicy>1768<AttackModulePolicy>1769<Enabled>1</Enabled>1770<ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>1771<ModulePriority>Low</ModulePriority>1772<Severity>Low</Severity>1773<MaxVulnLimit>100</MaxVulnLimit>1774<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1775<MaxVarianceLimit>4</MaxVarianceLimit>1776<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1777<EnforceEncoding>0</EnforceEncoding>1778<ApplyPolicySeverity>0</ApplyPolicySeverity>1779<AttackPoints>Response Analysis</AttackPoints>1780<ParameterLocations></ParameterLocations>1781<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>1782<DisplayName>Sensitive data over an insecure channel</DisplayName>1783<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1784</AttackModulePolicy>1785<AttackModulePolicy>1786<Enabled>1</Enabled>1787<ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>1788<ModulePriority>High</ModulePriority>1789<Severity>Informational</Severity>1790<MaxVulnLimit>10</MaxVulnLimit>1791<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>1792<MaxVarianceLimit>1</MaxVarianceLimit>1793<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1794<EnforceEncoding>0</EnforceEncoding>1795<ApplyPolicySeverity>0</ApplyPolicySeverity>1796<AttackPoints>Web Site|Response Analysis</AttackPoints>1797<ParameterLocations></ParameterLocations>1798<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1799<DisplayName>Server Configuration</DisplayName>1800<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1801</AttackModulePolicy>1802<AttackModulePolicy>1803<Enabled>1</Enabled>1804<ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>1805<ModulePriority>Medium</ModulePriority>1806<Severity>Medium</Severity>1807<MaxVulnLimit>150</MaxVulnLimit>1808<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1809<MaxVarianceLimit>4</MaxVarianceLimit>1810<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1811<EnforceEncoding>0</EnforceEncoding>1812<ApplyPolicySeverity>0</ApplyPolicySeverity>1813<AttackPoints>Parameter</AttackPoints>1814<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header1815</ParameterLocations>1816<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>1817<DisplayName>Server Side Include (SSI) Injection</DisplayName>1818<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1819</AttackModulePolicy>1820<AttackModulePolicy>1821<Enabled>1</Enabled>1822<ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>1823<ModulePriority>High</ModulePriority>1824<Severity>High</Severity>1825<MaxVulnLimit>250</MaxVulnLimit>1826<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1827<MaxVarianceLimit>4</MaxVarianceLimit>1828<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1829<EnforceEncoding>0</EnforceEncoding>1830<ApplyPolicySeverity>0</ApplyPolicySeverity>1831<AttackPoints>Directory|File|Parameter</AttackPoints>1832<ParameterLocations>Query|Post|Cookie</ParameterLocations>1833<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1834<DisplayName>Server Side Request Forgery</DisplayName>1835<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1836</AttackModulePolicy>1837<AttackModulePolicy>1838<Enabled>1</Enabled>1839<ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>1840<ModulePriority>High</ModulePriority>1841<Severity>High</Severity>1842<MaxVulnLimit>200</MaxVulnLimit>1843<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1844<MaxVarianceLimit>4</MaxVarianceLimit>1845<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1846<EnforceEncoding>0</EnforceEncoding>1847<ApplyPolicySeverity>0</ApplyPolicySeverity>1848<AttackPoints>Parameter</AttackPoints>1849<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>1850<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1851<DisplayName>Server Side Template Injection</DisplayName>1852<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1853</AttackModulePolicy>1854<AttackModulePolicy>1855<Enabled>1</Enabled>1856<ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>1857<ModulePriority>High</ModulePriority>1858<Severity>Medium</Severity>1859<MaxVulnLimit>25</MaxVulnLimit>1860<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1861<MaxVarianceLimit>2</MaxVarianceLimit>1862<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1863<EnforceEncoding>0</EnforceEncoding>1864<ApplyPolicySeverity>0</ApplyPolicySeverity>1865<AttackPoints>Web Resource</AttackPoints>1866<ParameterLocations></ParameterLocations>1867<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1868<DisplayName>Session Fixation</DisplayName>1869<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1870</AttackModulePolicy>1871<AttackModulePolicy>1872<Enabled>1</Enabled>1873<ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>1874<ModulePriority>Low</ModulePriority>1875<Severity>Low</Severity>1876<MaxVulnLimit>10</MaxVulnLimit>1877<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>1878<MaxVarianceLimit>1</MaxVarianceLimit>1879<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1880<EnforceEncoding>0</EnforceEncoding>1881<ApplyPolicySeverity>0</ApplyPolicySeverity>1882<AttackPoints>Parameter</AttackPoints>1883<ParameterLocations>Directory|Path|Query</ParameterLocations>1884<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>1885<DisplayName>HTTP Query Session Check</DisplayName>1886<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1887</AttackModulePolicy>1888<AttackModulePolicy>1889<Enabled>1</Enabled>1890<ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>1891<ModulePriority>Medium</ModulePriority>1892<Severity>Low</Severity>1893<MaxVulnLimit>10</MaxVulnLimit>1894<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>1895<MaxVarianceLimit>4</MaxVarianceLimit>1896<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1897<EnforceEncoding>0</EnforceEncoding>1898<ApplyPolicySeverity>0</ApplyPolicySeverity>1899<AttackPoints>Web Resource</AttackPoints>1900<ParameterLocations></ParameterLocations>1901<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1902<DisplayName>Session Strength</DisplayName>1903<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1904</AttackModulePolicy>1905<AttackModulePolicy>1906<Enabled>1</Enabled>1907<ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>1908<ModulePriority>Medium</ModulePriority>1909<Severity>Low</Severity>1910<MaxVulnLimit>50</MaxVulnLimit>1911<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1912<MaxVarianceLimit>4</MaxVarianceLimit>1913<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1914<EnforceEncoding>0</EnforceEncoding>1915<ApplyPolicySeverity>0</ApplyPolicySeverity>1916<AttackPoints>Response Analysis</AttackPoints>1917<ParameterLocations></ParameterLocations>1918<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1919<DisplayName>Session Upgrade</DisplayName>1920<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1921</AttackModulePolicy>1922<AttackModulePolicy>1923<Enabled>1</Enabled>1924<ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>1925<ModulePriority>Low</ModulePriority>1926<Severity>Medium</Severity>1927<MaxVulnLimit>100</MaxVulnLimit>1928<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1929<MaxVarianceLimit>4</MaxVarianceLimit>1930<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1931<EnforceEncoding>0</EnforceEncoding>1932<ApplyPolicySeverity>0</ApplyPolicySeverity>1933<AttackPoints>File</AttackPoints>1934<ParameterLocations></ParameterLocations>1935<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1936<DisplayName>Source Code Disclosure</DisplayName>1937<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1938</AttackModulePolicy>1939<AttackModulePolicy>1940<Enabled>1</Enabled>1941<ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>1942<ModulePriority>High</ModulePriority>1943<Severity>Low</Severity>1944<MaxVulnLimit>250</MaxVulnLimit>1945<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>1946<MaxVarianceLimit>4</MaxVarianceLimit>1947<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>1948<EnforceEncoding>0</EnforceEncoding>1949<ApplyPolicySeverity>0</ApplyPolicySeverity>1950<AttackPoints>Response Analysis</AttackPoints>1951<ParameterLocations></ParameterLocations>1952<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1953<DisplayName>SQL Information Leakage</DisplayName>1954<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1955</AttackModulePolicy>1956<AttackModulePolicy>1957<Enabled>1</Enabled>1958<ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>1959<ModulePriority>High</ModulePriority>1960<Severity>High</Severity>1961<MaxVulnLimit>500</MaxVulnLimit>1962<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>1963<MaxVarianceLimit>4</MaxVarianceLimit>1964<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1965<EnforceEncoding>0</EnforceEncoding>1966<ApplyPolicySeverity>0</ApplyPolicySeverity>1967<AttackPoints>Parameter</AttackPoints>1968<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>1969<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1970<DisplayName>SQL Injection</DisplayName>1971<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1972</AttackModulePolicy>1973<AttackModulePolicy>1974<Enabled>1</Enabled>1975<ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>1976<ModulePriority>High</ModulePriority>1977<Severity>High</Severity>1978<MaxVulnLimit>25</MaxVulnLimit>1979<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>1980<MaxVarianceLimit>4</MaxVarianceLimit>1981<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1982<EnforceEncoding>0</EnforceEncoding>1983<ApplyPolicySeverity>0</ApplyPolicySeverity>1984<AttackPoints>Parameter</AttackPoints>1985<ParameterLocations>Path|Query|Post</ParameterLocations>1986<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>1987<DisplayName>SQL Injection Auth Bypass</DisplayName>1988<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>1989</AttackModulePolicy>1990<AttackModulePolicy>1991<Enabled>1</Enabled>1992<ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>1993<ModulePriority>Medium</ModulePriority>1994<Severity>Medium</Severity>1995<MaxVulnLimit>100</MaxVulnLimit>1996<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>1997<MaxVarianceLimit>4</MaxVarianceLimit>1998<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>1999<EnforceEncoding>0</EnforceEncoding>2000<ApplyPolicySeverity>0</ApplyPolicySeverity>2001<AttackPoints>Response Analysis</AttackPoints>2002<ParameterLocations></ParameterLocations>2003<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>2004<DisplayName>SQL Parameter Check</DisplayName>2005<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>2006</AttackModulePolicy>2007<AttackModulePolicy>2008<Enabled>1</Enabled>2009<ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>2010<ModulePriority>Medium</ModulePriority>2011<Severity>Informational</Severity>2012<MaxVulnLimit>25</MaxVulnLimit>2013<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>2014<MaxVarianceLimit>100</MaxVarianceLimit>2015<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>2016<EnforceEncoding>0</EnforceEncoding>2017<ApplyPolicySeverity>0</ApplyPolicySeverity>2018<AttackPoints>Web Site</AttackPoints>2019<ParameterLocations></ParameterLocations>2020<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>2021<DisplayName>SSL Strength</DisplayName>2022<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>2023</AttackModulePolicy>2024<AttackModulePolicy>2025<Enabled>1</Enabled>2026<ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>2027<ModulePriority>Medium</ModulePriority>2028<Severity>Informational</Severity>2029<MaxVulnLimit>50</MaxVulnLimit>2030<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>2031<MaxVarianceLimit>20</MaxVarianceLimit>2032<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>2033<EnforceEncoding>0</EnforceEncoding>2034<ApplyPolicySeverity>0</ApplyPolicySeverity>2035<AttackPoints>Web Site</AttackPoints>2036<ParameterLocations></ParameterLocations>2037<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>2038<DisplayName>Subdomain discovery</DisplayName>2039<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>2040</AttackModulePolicy>2041<AttackModulePolicy>2042<Enabled>1</Enabled>2043<ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>2044<ModulePriority>Low</ModulePriority>2045<Severity>Low</Severity>2046<MaxVulnLimit>100</MaxVulnLimit>2047<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>2048<MaxVarianceLimit>4</MaxVarianceLimit>2049<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>2050<EnforceEncoding>0</EnforceEncoding>2051<ApplyPolicySeverity>0</ApplyPolicySeverity>2052<AttackPoints>Response Analysis</AttackPoints>2053<ParameterLocations></ParameterLocations>2054<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>2055<DisplayName>Subresource Integrity</DisplayName>2056<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>2057</AttackModulePolicy>2058<AttackModulePolicy>2059<Enabled>1</Enabled>2060<ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>