Scan Config XML Breakout | AppSpider Documentation
Scan Config XML Breakout
Below is a sample of an XML config. This allows a user to granularly set each setting within a config when adding, updating or submitting a config to either the AppSpider Enterprise REST API or directly to the engine itself.
ScanConfig is the top-level structure in the Scan Configuration File and contains all elements of the config to be submitted. For Example:
-
Name sets the name for the config
-
AppVersion identifies which version of AppSpider the config was written for (defaults to the current major version of the Scan Engine)
-
Log is a binary field to tell the engine to enable or disable logging (defaults to “1”)
- 1 - Enables Logging
- 2 - Disables Logging
A full breakout of all XML elements contained in a scan config can be found at Scan Configuration Parameters
⚠️
Caution
All elements must be submitted for the XML to be considered a “well-formed” request. Failure to include any element will result in the request being dropped
XML File example
<ScanConfig>
<Name>webscantest</Name>
<AppVersion>7.0</AppVersion>
<Log>1</Log>
<DetailedLogging>0</DetailedLogging>
<IncludeTraffic>0</IncludeTraffic>
<WindowsErrors>0</WindowsErrors>
<UseSystemDsn>0</UseSystemDsn>
<Recrawl>0</Recrawl>
<PauseOnRecoverableError>1</PauseOnRecoverableError>
<DisplayImminentLicenseExpiryMessage>1</DisplayImminentLicenseExpiryMessage>
<ExecuteCommandLineURL></ExecuteCommandLineURL>
<NotifyScanDoneURL></NotifyScanDoneURL>
<JavaScriptEngine>Chrome</JavaScriptEngine>
<MaxDatabaseSize>1073741824</MaxDatabaseSize>
<MaxTrafficFiles>0</MaxTrafficFiles>
<CrawlConfig>
<MaxDomain>100</MaxDomain>
<MaxCrawlResults>5000</MaxCrawlResults>
<MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults>
<MaxPerDirCrawlResults>400</MaxPerDirCrawlResults>
<MaxPerLinkCrawlResults>40</MaxPerLinkCrawlResults>
<MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult>
<MaxPerDirChildNodes>300</MaxPerDirChildNodes>
<MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults>
<MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount>
<MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults>
<MaxPerQueryCrawlResults>100</MaxPerQueryCrawlResults>
<RecursionDepth>2</RecursionDepth>
<MaxDirDepth>15</MaxDirDepth>
<DiscoveryDepth>-1</DiscoveryDepth>
<UrlRepetitionTolerance>15</UrlRepetitionTolerance>
<SequenceRepetitionTolerance>3</SequenceRepetitionTolerance>
<MaxReportedImages>500</MaxReportedImages>
<MaxReportedLinks>2500</MaxReportedLinks>
<MaxReportedComments>500</MaxReportedComments>
<MaxReportedScripts>500</MaxReportedScripts>
<MaxReportedEmails>500</MaxReportedEmails>
<MaxReportedForms>500</MaxReportedForms>
<MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout>
<MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout>
<MaxBrowserDOMDepth>2</MaxBrowserDOMDepth>
<MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink>
<MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult>
<MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM>
<MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount>
<NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold>
<MaxCookiesFromJavascript>100</MaxCookiesFromJavascript>
<MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript>
<MaxDaysThresholdGoodTraffic>7</MaxDaysThresholdGoodTraffic>
<CrawlPrioritization>Smart</CrawlPrioritization>
<FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File
(or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex>
<ServerErrorRegex></ServerErrorRegex>
<InvalidURLRegexAttack>
<![CDATA[['"\(\)<>]|\d([-+]|%2[bd])\d|repeat\(|alert\(|/x\w{7}\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]>
</InvalidURLRegexAttack>
<InvalidURLRegexCrawl>
<![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]>
</InvalidURLRegexCrawl>
<PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex>
<LockCookies>0</LockCookies>
<CaseSensitivity>Case Sensitive</CaseSensitivity>
<UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites>
<SaveReferences>0</SaveReferences>
<UseBrowser>1</UseBrowser>
<ShowBrowser>0</ShowBrowser>
<StayOnPort>0</StayOnPort>
<RestrictToMacro>0</RestrictToMacro>
<RestrictToManualCrawling>0</RestrictToManualCrawling>
<RestrictToSeedList>0</RestrictToSeedList>
<RestrictToWebService>0</RestrictToWebService>
<RestrictToSelenium>0</RestrictToSelenium>
<RestrictToSwagger>0</RestrictToSwagger>
<RestrictToAgentRoutes>0</RestrictToAgentRoutes>
<ImportCookiesFromTraffic>0</ImportCookiesFromTraffic>
<PageEqualThreshhold>0.95</PageEqualThreshhold>
<PageSimilarThreshhold>0.8</PageSimilarThreshhold>
<ExperimentalCrawling>Disabled</ExperimentalCrawling>
<Flash>1</Flash>
<EnableAdvancedParsers>1</EnableAdvancedParsers>
<SearchForUrls>1</SearchForUrls>
<CookieCommaSeparator>1</CookieCommaSeparator>
<MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead>
<BlacklistContactForms>0</BlacklistContactForms>
<EnableRobotstxtSitemapCrawling>0</EnableRobotstxtSitemapCrawling>
<LogDomContents>0</LogDomContents>
<UseBrowserResponseCaching>1</UseBrowserResponseCaching>
<FrameworksCrawlConfig>
<EnableFrameworksCrawling>1</EnableFrameworksCrawling>
<FrameworkConfigList>
<FrameworkConfig>
<Name>ReactJS</Name>
<DefaultConfigVersion>2</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>1</HEAD>
<DetectionRegex>createReactRootIndex</DetectionRegex>
<HealthcheckString>react</HealthcheckString>
<FileName>fm.react.min.js</FileName>
<GetAllEventsScript>window.fm.react.getAllEvents('appspider');</GetAllEventsScript>
<GetAllEventsDelay>0</GetAllEventsDelay>
<GetVersionStringScript></GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>AngularJS</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>ng-controller</DetectionRegex>
<HealthcheckString>angular</HealthcheckString>
<FileName>angular-hook-bundle.min.js</FileName>
<GetAllEventsScript>NG_HOOK.getAllNgEvents();</GetAllEventsScript>
<GetAllEventsDelay>0</GetAllEventsDelay>
<GetVersionStringScript>NG_HOOK.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>KnockoutJS</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>data-bind</DetectionRegex>
<HealthcheckString>ko</HealthcheckString>
<FileName>ko-hook-bundle.min.js</FileName>
<GetAllEventsScript>KO_HOOK.getAllKOEvents();</GetAllEventsScript>
<GetAllEventsDelay>5000</GetAllEventsDelay>
<GetVersionStringScript>KO_HOOK.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>AngularLib</Name>
<DefaultConfigVersion>2</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>(?-i)angular(?!\w)</DetectionRegex>
<HealthcheckString></HealthcheckString>
<FileName>angular-4-hook-bundle.min.js</FileName>
<GetAllEventsScript>NG_HOOK_LIB.getAllAngularFmEvents();</GetAllEventsScript>
<GetAllEventsDelay>6000</GetAllEventsDelay>
<GetVersionStringScript>NG_HOOK_LIB.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>ReactLib</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>react-text</DetectionRegex>
<HealthcheckString></HealthcheckString>
<FileName>react-hook-bundle.min.js</FileName>
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactEvents();</GetAllEventsScript>
<GetAllEventsDelay>8000</GetAllEventsDelay>
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>ReactTwo</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>(?-i)"react[.][a-df-z][a-z]+"</DetectionRegex>
<HealthcheckString></HealthcheckString>
<FileName>react-hook-bundle.min.js</FileName>
<GetAllEventsScript>REACT_HOOK_LIB.getAllReactTwoEvents();</GetAllEventsScript>
<GetAllEventsDelay>8000</GetAllEventsDelay>
<GetVersionStringScript>REACT_HOOK_LIB.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>OpenUI5</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>(?-i)sap-ui-debug</DetectionRegex>
<HealthcheckString></HealthcheckString>
<FileName>sap-open-ui5-hook-bundle.min.js</FileName>
<GetAllEventsScript>OPEN_UI5_HOOK_LIB.getAllOPENUI5Events();</GetAllEventsScript>
<GetAllEventsDelay>5000</GetAllEventsDelay>
<GetVersionStringScript>OPEN_UI5_HOOK_LIB.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>Vue</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>(?-i)__VUE_SSR_CONTEXT__</DetectionRegex>
<HealthcheckString></HealthcheckString>
<FileName>vue-hook-bundle.min.js</FileName>
<GetAllEventsScript>VUE_HOOK_LIB.getAllVueEvents();</GetAllEventsScript>
<GetAllEventsDelay>5000</GetAllEventsDelay>
<GetVersionStringScript>VUE_HOOK_LIB.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>Ember</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>(?-i)EMBER_LOAD_HOOKS</DetectionRegex>
<HealthcheckString></HealthcheckString>
<FileName>ember-hook-bundle.min.js</FileName>
<GetAllEventsScript>EMBER_HOOK_LIB.getAllEmberEvents();</GetAllEventsScript>
<GetAllEventsDelay>5000</GetAllEventsDelay>
<GetVersionStringScript>EMBER_HOOK_LIB.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
<FrameworkConfig>
<Name>Backbone</Name>
<DefaultConfigVersion>1</DefaultConfigVersion>
<Enabled>1</Enabled>
<HEAD>0</HEAD>
<DetectionRegex>(?-i)Backbone</DetectionRegex>
<HealthcheckString></HealthcheckString>
<FileName>backbone-hook-bundle.min.js</FileName>
<GetAllEventsScript>BACKBONE_HOOK_LIB.getAllBackboneEvents();</GetAllEventsScript>
<GetAllEventsDelay>5000</GetAllEventsDelay>
<GetVersionStringScript>BACKBONE_HOOK_LIB.getVersionString();</GetVersionStringScript>
</FrameworkConfig>
</FrameworkConfigList>
</FrameworksCrawlConfig>
<SeedUrlList>
<SeedUrl>
<Value>http://www.webscantest.com/</Value>
</SeedUrl>
</SeedUrlList>
<ScopeConstraintList>
<ScopeConstraint>
<URL>http://www.webscantest.com/*</URL>
<Method>All</Method>
<MatchCriteria>Wildcard</MatchCriteria>
<Exclusion>Include</Exclusion>
</ScopeConstraint>
<ScopeConstraint>
<URL>http://*.www.webscantest.com/*</URL>
<Method>All</Method>
<MatchCriteria>Wildcard</MatchCriteria>
<Exclusion>Include</Exclusion>
</ScopeConstraint>
</ScopeConstraintList>
<BlackListExtensionList>
<BlackListExtension>
<Value>css</Value>
</BlackListExtension>
<BlackListExtension>
<Value>axd</Value>
</BlackListExtension>
</BlackListExtensionList>
<GrayListExtensionList>
<GrayListExtension>
<Value>pdf</Value>
</GrayListExtension>
<GrayListExtension>
<Value>doc</Value>
</GrayListExtension>
<GrayListExtension>
<Value>jpg</Value>
</GrayListExtension>
<GrayListExtension>
<Value>jpeg</Value>
</GrayListExtension>
<GrayListExtension>
<Value>gif</Value>
</GrayListExtension>
<GrayListExtension>
<Value>png</Value>
</GrayListExtension>
<GrayListExtension>
<Value>bmp</Value>
</GrayListExtension>
<GrayListExtension>
<Value>ico</Value>
</GrayListExtension>
<GrayListExtension>
<Value>js</Value>
</GrayListExtension>
<GrayListExtension>
<Value>tiff</Value>
</GrayListExtension>
<GrayListExtension>
<Value>eot</Value>
</GrayListExtension>
<GrayListExtension>
<Value>ttf</Value>
</GrayListExtension>
<GrayListExtension>
<Value>mid</Value>
</GrayListExtension>
<GrayListExtension>
<Value>midi</Value>
</GrayListExtension>
<GrayListExtension>
<Value>mp3</Value>
</GrayListExtension>
<GrayListExtension>
<Value>mpeg</Value>
</GrayListExtension>
<GrayListExtension>
<Value>wav</Value>
</GrayListExtension>
<GrayListExtension>
<Value>avi</Value>
</GrayListExtension>
<GrayListExtension>
<Value>woff</Value>
</GrayListExtension>
<GrayListExtension>
<Value>svg</Value>
</GrayListExtension>
</GrayListExtensionList>
<BinaryExtensionList>
<BinaryExtension>
<Value>fla</Value>
</BinaryExtension>
<BinaryExtension>
<Value>swf</Value>
</BinaryExtension>
<BinaryExtension>
<Value>pdf</Value>
</BinaryExtension>
<BinaryExtension>
<Value>doc</Value>
</BinaryExtension>
<BinaryExtension>
<Value>jpg</Value>
</BinaryExtension>
<BinaryExtension>
<Value>jpeg</Value>
</BinaryExtension>
<BinaryExtension>
<Value>gif</Value>
</BinaryExtension>
<BinaryExtension>
<Value>png</Value>
</BinaryExtension>
<BinaryExtension>
<Value>bmp</Value>
</BinaryExtension>
<BinaryExtension>
<Value>ico</Value>
</BinaryExtension>
<BinaryExtension>
<Value>dll</Value>
</BinaryExtension>
<BinaryExtension>
<Value>exe</Value>
</BinaryExtension>
<BinaryExtension>
<Value>eot</Value>
</BinaryExtension>
<BinaryExtension>
<Value>ttf</Value>
</BinaryExtension>
<BinaryExtension>
<Value>mp3</Value>
</BinaryExtension>
<BinaryExtension>
<Value>mp4</Value>
</BinaryExtension>
<BinaryExtension>
<Value>wav</Value>
</BinaryExtension>
<BinaryExtension>
<Value>woff</Value>
</BinaryExtension>
<BinaryExtension>
<Value>svg</Value>
</BinaryExtension>
</BinaryExtensionList>
<TextExtensionList>
<TextExtension>
<Value>txt</Value>
</TextExtension>
<TextExtension>
<Value>js</Value>
</TextExtension>
<TextExtension>
<Value>css</Value>
</TextExtension>
<TextExtension>
<Value>json</Value>
</TextExtension>
</TextExtensionList>
<BinaryContentTypeList>
<BinaryContentType>
<Value>audio/*</Value>
</BinaryContentType>
<BinaryContentType>
<Value>image/*</Value>
</BinaryContentType>
<BinaryContentType>
<Value>video/*</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/pdf</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/zip</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/x-rar-compressed</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/x-dvi</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/x-shockwave-flash</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/msword</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/ogg</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/x-tar</Value>
</BinaryContentType>
<BinaryContentType>
<Value>application/octet-stream</Value>
</BinaryContentType>
</BinaryContentTypeList>
<HTMLContentTypeList>
<HTMLContentType>
<Value>text/html</Value>
</HTMLContentType>
<HTMLContentType>
<Value>html/*</Value>
</HTMLContentType>
<HTMLContentType>
<Value>application/xhtml+xml</Value>
</HTMLContentType>
</HTMLContentTypeList>
<TextContentTypeList>
<TextContentType>
<Value>text/plain</Value>
</TextContentType>
<TextContentType>
<Value>text/csv</Value>
</TextContentType>
<TextContentType>
<Value>text/css</Value>
</TextContentType>
<TextContentType>
<Value>text/javascript</Value>
</TextContentType>
<TextContentType>
<Value>application/javascript</Value>
</TextContentType>
<TextContentType>
<Value>application/x-javascript</Value>
</TextContentType>
<TextContentType>
<Value>application/json</Value>
</TextContentType>
<TextContentType>
<Value>application/x-httpd-php-source</Value>
</TextContentType>
</TextContentTypeList>
<XMLContentTypeList>
<XMLContentType>
<Value>application/xml-dtd</Value>
</XMLContentType>
<XMLContentType>
<Value>text/xml</Value>
</XMLContentType>
<XMLContentType>
<Value>application/soap+xml</Value>
</XMLContentType>
<XMLContentType>
<Value>application/xml</Value>
</XMLContentType>
</XMLContentTypeList>
<BrowserDownloadWhitelistList>
<BrowserDownloadWhitelist>
<Value>*.css</Value>
</BrowserDownloadWhitelist>
<BrowserDownloadWhitelist>
<Value>*.js</Value>
</BrowserDownloadWhitelist>
<BrowserDownloadWhitelist>
<Value>*.xml</Value>
</BrowserDownloadWhitelist>
<BrowserDownloadWhitelist>
<Value>*.dtd</Value>
</BrowserDownloadWhitelist>
<BrowserDownloadWhitelist>
<Value>*.axd</Value>
</BrowserDownloadWhitelist>
<BrowserDownloadWhitelist>
<Value>*.json</Value>
</BrowserDownloadWhitelist>
<BrowserDownloadWhitelist>
<Value>*/js/*</Value>
</BrowserDownloadWhitelist>
<BrowserDownloadWhitelist>
<Value>*/css/*</Value>
</BrowserDownloadWhitelist>
</BrowserDownloadWhitelistList>
<BrowserDoNotDownloadExtensionList>
<BrowserDoNotDownloadExtension>
<Value>pdf</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>doc</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>jpg</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>jpeg</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>gif</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>png</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>bmp</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>ico</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>exe</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>swf</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>mp3</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>mp4</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>wav</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>eot</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>ttf</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>woff</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>ico</Value>
</BrowserDoNotDownloadExtension>
<BrowserDoNotDownloadExtension>
<Value>svg</Value>
</BrowserDoNotDownloadExtension>
</BrowserDoNotDownloadExtensionList>
<BrowserDoNotDownloadContentTypeList>
<BrowserDoNotDownloadContentType>
<Value>audio/*</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>image/*</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>video/*</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/pdf</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/zip</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/x-rar-compressed</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/x-dvi</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/x-shockwave-flash</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/msword</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/ogg</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/x-tar</Value>
</BrowserDoNotDownloadContentType>
<BrowserDoNotDownloadContentType>
<Value>application/octet-stream</Value>
</BrowserDoNotDownloadContentType>
</BrowserDoNotDownloadContentTypeList>
</CrawlConfig>
<AttackerConfig>
<ParametersToAttackBeforeLimitingAttacks>100</ParametersToAttackBeforeLimitingAttacks>
<LinksToAttackBeforeLimitingAttacks>20</LinksToAttackBeforeLimitingAttacks>
<MaxSameNameParameterAttackPoints>10</MaxSameNameParameterAttackPoints>
<MaxSameCookieParameterAttackPoints>5</MaxSameCookieParameterAttackPoints>
<MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>
<MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink>
<MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink>
<ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings>
<ApplyCrawlerConstraints>1</ApplyCrawlerConstraints>
<MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks>
<MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks>
<ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings>
<OutOfBandHost></OutOfBandHost>
<MaxSeverityForTrafficReduction>Low</MaxSeverityForTrafficReduction>
<MinResponseSizeForTrafficReduction>204800</MinResponseSizeForTrafficReduction>
<DefaultDoNotAttackParamList>
<DefaultDoNotAttackParam>
<ParameterName>
^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$
</ParameterName>
<MatchCriteria>Regex</MatchCriteria>
</DefaultDoNotAttackParam>
</DefaultDoNotAttackParamList>
</AttackerConfig>
<AttackPolicyConfig>
<Policy>All Modules</Policy>
<AttackPrioritization>Smart</AttackPrioritization>
<AttackDepth>Smart</AttackDepth>
<EnableAdvancedAttacks>0</EnableAdvancedAttacks>
<FalsePositiveRegex></FalsePositiveRegex>
<FalsePositiveFindingRegex></FalsePositiveFindingRegex>
<RootCauseIdExcludeList></RootCauseIdExcludeList>
<AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders>
<EnforceEncoding>0</EnforceEncoding>
<AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations>
<AttackModulePolicyList>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>10</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Anonymous Access</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>3</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Apache Struts 2 Framework Checks</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>3</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Apache Struts Detection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Arbitrary File Upload</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>ASP.NET Misconfiguration</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>ASP.NET Serialization</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Autocomplete attribute</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>75</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Blind LDAP Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Browser Cache directive (web application performance)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>150</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>5</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Brute Force (HTTP Auth)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>5</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Brute Force (Form Auth)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Blind SQL</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Clients Cross-Domain Policy Files</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Information Disclosure in comments</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>50</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>20</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>10</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Cookie attributes</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>5</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>AJAX</RequestOriginations>
<DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>Credentials over an insecure channel</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Content Security Policy Header</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>0</Enabled>
<ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>20</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Custom Directory Module</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>0</Enabled>
<ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>20</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Custom Parameter Module</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>0</Enabled>
<ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>20</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Custom Passive Module</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Directory Indexing</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>150</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Email Disclosure</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Expression Language Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Forced Browsing</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>Sensitive Data Exposure</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>5</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Form Session Strength</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>50</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>FrontPage Checks</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Heartbleed Check</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>20</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTP Strict Transport Security</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>20</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTP Authentication over insecure channel</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTPS Downgrade</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTP Headers</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTP Response Splitting</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTPS Everywhere</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>20</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTP User-Agent Check</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>500</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Information Disclosure in response</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>500</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Information Leakage in responses</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Java Grinder</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>JavaScript Memory Leaks</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>LDAP Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
<DisplayName>Local Storage Usage</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter|Response Analysis</AttackPoints>
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Business logic abuse attacks</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>10</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>1</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Nginx NULL code</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>0DB5A1594A064363BA729F5E8E50B04B</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>500</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>NoSQLi Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>A00A59F53CEF42AA9320B6CF5E78CA26</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Blind NoSQLi</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>File|Path|Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>OS Commanding</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>5</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>5</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>500</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Parameter Fuzzing</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>10</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Credentials stored in clear text in a cookie.</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>10</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>Collecting Sensitive Personal Information</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>PHP Code Execution</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>4</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML</RequestOriginations>
<DisplayName>Privacy Policy Check</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>10</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Privacy Disclosure</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>10</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource|Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Privilege Escalation</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Profanity</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>500</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Reflection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>1000</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory|File|Parameter</AttackPoints>
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>File Inclusion</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>50</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTP Verb Tampering</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>10</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site|Directory|File</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Predictable Resource Location</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Query</ParameterLocations>
<RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
<DisplayName>Reverse Clickjacking</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Reverse Proxy</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>Information Disclosure in scripts</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>3</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Secure and non-secure content mix</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>Sensitive data over an insecure channel</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>10</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site|Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Server Configuration</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>150</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header
</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
<DisplayName>Server Side Include (SSI) Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory|File|Parameter</AttackPoints>
<ParameterLocations>Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Server Side Request Forgery</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>200</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Server Side Template Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Session Fixation</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>10</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>1</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|Path|Query</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|RecrawlTraffic</RequestOriginations>
<DisplayName>HTTP Query Session Check</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>10</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Session Strength</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>50</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Session Upgrade</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>File</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Source Code Disclosure</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>SQL Information Leakage</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>500</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>SQL Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>SQL Injection Auth Bypass</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>SQL Parameter Check</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>C5805272001249A095A48F2E56240C10</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>100</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>SSL Strength</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>50</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>20</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Subdomain discovery</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>Subresource Integrity</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>40</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Unvalidated Redirect</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>B69E83831D26496BB2CC0C0D70181EC3</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>40</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>URL rewriting</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>4DE84100F31849A7B845FE5F62D2FD7A</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|RecrawlTraffic</RequestOriginations>
<DisplayName>ASP.NET ViewState security</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>0BE4C251F44C4CF1924104ADFD86289C</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|Flash|Silverlight|RecrawlTraffic</RequestOriginations>
<DisplayName>Web Beacon</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>667629EC1FDC4C6D98B5F4031717BB9B</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Directory</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Web DAV Flaws Check</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>74FB936F2BBA499F8D0AF3B7A29B4F9E</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Low</Severity>
<MaxVulnLimit>30</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Site</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Cross-site tracing (XST)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>377030BFE58A4F01A112295D32A0744C</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Web Service Parameter Fuzzing</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>8399FA8EDF5C41BC9D3CF85DC23DC26B</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>20</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>X-Content-Type-Options</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>3E2E60F7D0E04D8596918C2D1F639064</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>50</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>X-Frame-Options</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>615D72F401BC447AB4A2139654BC9945</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>X-XSS-Protection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>ABFA075919804435A25A22A8CAC191DF</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post|Cookie</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
<DisplayName>XML External Entity Attack</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>BBE9F36A88A944ECB837D5193D356E4C</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Path|Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>XPath Injection</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>6CEF426D33514825B50741616DB2120B</ModuleId>
<ModulePriority>Low</ModulePriority>
<Severity>Informational</Severity>
<MaxVulnLimit>25</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>2</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>X-Powered-By</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>46A8FE469F6C44BFB9946C021A2BCDC8</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
<DisplayName>Cross-site scripting (XSS), (DOM based)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>BD57F92E956A493DA39ADDF215B29D96</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Web Resource</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>AJAX</RequestOriginations>
<DisplayName>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>62AA6A08FA764E209551B4A4C479F08D</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>100</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Response Analysis</AttackPoints>
<ParameterLocations></ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
<DisplayName>Persistent Cross-site scripting (XSS) (passive)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>050ABD8CF99F4EE4AA18C12F06FA3051</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>High</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>5</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Persistent Cross-site scripting (XSS), (active)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>ABEB2E590AA24A39BB6FE7DBD6338277</ModuleId>
<ModulePriority>High</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>400</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>150</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>5</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST|RecrawlTraffic</RequestOriginations>
<DisplayName>Reflected Cross-site scripting (XSS)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
<AttackModulePolicy>
<Enabled>1</Enabled>
<ModuleId>FFBF4640C8A4475E93E099018951B409</ModuleId>
<ModulePriority>Medium</ModulePriority>
<Severity>Medium</Severity>
<MaxVulnLimit>250</MaxVulnLimit>
<MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit>
<MaxVarianceLimit>4</MaxVarianceLimit>
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
<EnforceEncoding>0</EnforceEncoding>
<ApplyPolicySeverity>0</ApplyPolicySeverity>
<AttackPoints>Parameter</AttackPoints>
<ParameterLocations>File|Query|Post</ParameterLocations>
<RequestOriginations>HTML|Form|AJAX|RecrawlTraffic</RequestOriginations>
<DisplayName>Reflected Cross-site scripting (XSS), (simple)</DisplayName>
<MaximumConcurrentAttackTasks>10</MaximumConcurrentAttackTasks>
</AttackModulePolicy>
</AttackModulePolicyList>
</AttackPolicyConfig>
<AnalyzerConfig>
<Enabled>0</Enabled>
<NotExistingFilePath>/aaaaaaaa.aaa</NotExistingFilePath>
<NotExistingDirPath>/aaaaaaaa/</NotExistingDirPath>
<AppendToOriginalValue>1</AppendToOriginalValue>
<ReplaceOriginalValue>0</ReplaceOriginalValue>
</AnalyzerConfig>
<AuthConfig>
<Type>Form</Type>
<HttpAuth>0</HttpAuth>
<OAuth>0</OAuth>
<ReloginAfterSessionLoss>1</ReloginAfterSessionLoss>
<LogoutDetection>1</LogoutDetection>
<UserAssistance>0</UserAssistance>
<AssumeSuccessfulLogin>0</AssumeSuccessfulLogin>
<VerifyNotLoggedin>1</VerifyNotLoggedin>
<PostponeLoginAction>1</PostponeLoginAction>
<CreateNonAuthenticatedSession>0</CreateNonAuthenticatedSession>
<TreatFailedReloginAsError>1</TreatFailedReloginAsError>
<RestartProxyBeforeRelogin>0</RestartProxyBeforeRelogin>
<TemplateLoginMacro>0</TemplateLoginMacro>
<BlacklistSinglePasswordForms>0</BlacklistSinglePasswordForms>
<BlacklistMultiPasswordForms>1</BlacklistMultiPasswordForms>
<ResetCookies>1</ResetCookies>
<AccountType>Restricted</AccountType>
<UsernameForm>admin</UsernameForm>
<PasswordForm>
FF7CF70CAE791A3B49FF16F4F97F566C661AFFA277EAA8DFFBF53AFFCC7554E4D013706DFFEC81A95B2CAEF2E9FF6F76CA0FA1B24DEF00FEFDEEFF200F320F0407445FCCD1
</PasswordForm>
<UsernameHttp></UsernameHttp>
<PasswordHttp></PasswordHttp>
<AutoLogonSecurity>Medium</AutoLogonSecurity>
<LoginLinkRegex>((log|sign)[ -]?(in|on))|auth</LoginLinkRegex>
<LoggedInRegex>(sign|log)[ -]?(out|off)</LoggedInRegex>
<LoggedInHeaderRegex></LoggedInHeaderRegex>
<SessionLossRegex>please (re)?login|have been logged out|session has expired</SessionLossRegex>
<SessionLossHeaderRegex>Location: [^\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\b</SessionLossHeaderRegex>
<LogoutLinkRegex>(sign|log|time)[ -]?(in|on|out|off)|password</LogoutLinkRegex>
<LogoutPostBodyRegex>(sign|log|time)[ -]?(in|on|out|off)</LogoutPostBodyRegex>
<CanaryPage></CanaryPage>
<SessionLossOnCanaryPageHeaderRegex></SessionLossOnCanaryPageHeaderRegex>
<SessionLossOnCanaryPageRegex></SessionLossOnCanaryPageRegex>
<FormSubmissionScript></FormSubmissionScript>
<SessionCookieRegex>\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\b
</SessionCookieRegex>
<SessionCookieLifespan>32</SessionCookieLifespan>
<URLSessionTokenRegex></URLSessionTokenRegex>
<PostSessionTokenRegex></PostSessionTokenRegex>
<ResponseBodyTokenRegex></ResponseBodyTokenRegex>
<SecondResponseBodyTokenRegex></SecondResponseBodyTokenRegex>
<HTTPHeaderWithTokenReplacement></HTTPHeaderWithTokenReplacement>
<SecondHTTPHeaderWithTokenReplacement></SecondHTTPHeaderWithTokenReplacement>
<LogoutDetectionFrequency>60</LogoutDetectionFrequency>
<DiscoveryMaxLinks>100</DiscoveryMaxLinks>
<LoginMaxLinks>50</LoginMaxLinks>
<DiscoveryDepth>10</DiscoveryDepth>
<LoginDepth>10</LoginDepth>
<MaxMacroReloginAttempts>3</MaxMacroReloginAttempts>
<DiscoveryPrioritization>Login Form Discovery</DiscoveryPrioritization>
<LoginPrioritization>Login</LoginPrioritization>
<BootstrapDelay>60000</BootstrapDelay>
<RemoteBootstrapTimeoutMinutes>60</RemoteBootstrapTimeoutMinutes>
<SeedLink></SeedLink>
<DiscoverLoginForm>1</DiscoverLoginForm>
<UseBrowserFormLogin>1</UseBrowserFormLogin>
<PingFrequency>600</PingFrequency>
<PingURL></PingURL>
<HmacConfig>
<HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
<HMACUsername></HMACUsername>
<HMACApiKey></HMACApiKey>
<HMACHashAlgorithm>32780</HMACHashAlgorithm>
</HmacConfig>
<HawkConfig>
<HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename>
<HMACUsername></HMACUsername>
<HMACApiKey></HMACApiKey>
<HMACHashAlgorithm>32780</HMACHashAlgorithm>
<HAWKAuthKeyId></HAWKAuthKeyId>
<HAWKAuthKey></HAWKAuthKey>
<HAWKExtAppData></HAWKExtAppData>
</HawkConfig>
<OauthConfig>
<ResourceOwnerURL></ResourceOwnerURL>
<ResourceServerURL></ResourceServerURL>
<AuthorizationServerURL>/authorize</AuthorizationServerURL>
<ClientId></ClientId>
<ClientScope></ClientScope>
<ClientState></ClientState>
<ClientSecret></ClientSecret>
<RedirectURI></RedirectURI>
<Username></Username>
<Password></Password>
<UsernameForm></UsernameForm>
<PasswordForm></PasswordForm>
<ExtensionGrant></ExtensionGrant>
<AuthorizationGrantType>Null</AuthorizationGrantType>
<NeverDoBasicAuth>0</NeverDoBasicAuth>
<JsonPostBodies>0</JsonPostBodies>
<AzureResponseMode>NullAzureResponseMode</AzureResponseMode>
<AzureResourceUrl></AzureResourceUrl>
<AzurePrompt>NullAzurePrompt</AzurePrompt>
<AzureLoginHint></AzureLoginHint>
<AzureDomainHint></AzureDomainHint>
</OauthConfig>
<ADALConfig>
<ResourceId>https://graph.windows.net</ResourceId>
<Tenant></Tenant>
<ClientId></ClientId>
<AuthorityURL></AuthorityURL>
<Username></Username>
<Password></Password>
<TokenRefreshPeriod>0:10:00</TokenRefreshPeriod>
</ADALConfig>
<MacroFile>
<MacroFileName>
<![CDATA[]]>
</MacroFileName>
<JavaScriptEngine>Default</JavaScriptEngine>
<ShowInBrowser>0</ShowInBrowser>
<ReplaySpeed>1</ReplaySpeed>
<ASAPMode>1</ASAPMode>
<ASAPModeMinDelay>3000</ASAPModeMinDelay>
<ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro>
<AttackAsSequence>0</AttackAsSequence>
<SequenceConfig>
<ResetSession>1</ResetSession>
<AutoSequenceConfig>1</AutoSequenceConfig>
<ManualSequenceConfig>
</ManualSequenceConfig>
</SequenceConfig>
<WebDriverConfig>
<ChromeDriverPort>1235</ChromeDriverPort>
<ChromeDebugPort>1234</ChromeDebugPort>
</WebDriverConfig>
</MacroFile>
<WebServiceAuthConfig>
<Enabled>0</Enabled>
<AuthWSDL></AuthWSDL>
<AuthWebMethod></AuthWebMethod>
<GetAuthTokenXPath></GetAuthTokenXPath>
<PutAuthTokenXPath></PutAuthTokenXPath>
<ExtractAuthToken>1</ExtractAuthToken>
</WebServiceAuthConfig>
<SeleniumFile>
<SeleniumFileName>
<![CDATA[]]>
</SeleniumFileName>
</SeleniumFile>
<TrafficFile>
<TrafficFileName></TrafficFileName>
<TrafficFilePassword></TrafficFilePassword>
<AttackAsSequence>0</AttackAsSequence>
<BeginAttackRequest>0</BeginAttackRequest>
<EndAttackRequest>-1</EndAttackRequest>
</TrafficFile>
<BrowserFormLoginConfig>
<ShowInBrowser>0</ShowInBrowser>
<InitialNavigateEventDuration>10000</InitialNavigateEventDuration>
<FinalDelayEventDuration>20000</FinalDelayEventDuration>
</BrowserFormLoginConfig>
</AuthConfig>
<ProxyConfig>
<Type>Internet Explorer Settings</Type>
<HttpHost></HttpHost>
<HttpPort>0</HttpPort>
<HttpsHost></HttpsHost>
<HttpsPort>0</HttpsPort>
<PACFile></PACFile>
<Username></Username>
<Password></Password>
</ProxyConfig>
<RemediationConfig>
<DollarsPerHourAppDev>250</DollarsPerHourAppDev>
<DollarsPerHourServerAdmin>250</DollarsPerHourServerAdmin>
<DollarsPerHourDatabaseAdmin>250</DollarsPerHourDatabaseAdmin>
<SetupHoursAppDev>8</SetupHoursAppDev>
<SetupHoursServerAdmin>2</SetupHoursServerAdmin>
<SetupHoursDatabaseAdmin>8</SetupHoursDatabaseAdmin>
<MinHoursPerIssueAppDev>0.75</MinHoursPerIssueAppDev>
<MaxHoursPerIssueAppDev>1.25</MaxHoursPerIssueAppDev>
<MinHoursPerIssueServerAdmin>0.25</MinHoursPerIssueServerAdmin>
<MaxHoursPerIssueServerAdmin>1</MaxHoursPerIssueServerAdmin>
<MinHoursPerIssueDatabaseAdmin>0.75</MinHoursPerIssueDatabaseAdmin>
<MaxHoursPerIssueDatabaseAdmin>1.25</MaxHoursPerIssueDatabaseAdmin>
</RemediationConfig>
<SSLCertConfig>
<Type>NoCert</Type>
<File></File>
<Password></Password>
<Index>-3</Index>
<Name></Name>
<SerialNumber></SerialNumber>
<IssuerNameBase64></IssuerNameBase64>
<Pin></Pin>
<RequestPinAtStartup>0</RequestPinAtStartup>
<SetPinInterval>180</SetPinInterval>
</SSLCertConfig>
<NetworkSettingsConfig>
<CloseConnection>0</CloseConnection>
<SendKeepAliveHeader>0</SendKeepAliveHeader>
<PreAuthenticateBasicAuth>0</PreAuthenticateBasicAuth>
<MaxRetries>2</MaxRetries>
<MaxResponseSize>7000000</MaxResponseSize>
<MaxJavasciptResponseSize>12000000</MaxJavasciptResponseSize>
<ResolveTimeout>60000</ResolveTimeout>
<ConnectTimeout>60000</ConnectTimeout>
<WriteTimeout>60000</WriteTimeout>
<ReadTimeout>60000</ReadTimeout>
<AssumeDisconnectedTimeout>18000000</AssumeDisconnectedTimeout>
<DripDelayMilliSeconds>25</DripDelayMilliSeconds>
<MaxConsecutiveFailures>500</MaxConsecutiveFailures>
<CustomNetworkLib>0</CustomNetworkLib>
<NetworkPreferredAuthScheme>npasDefault</NetworkPreferredAuthScheme>
<UseSecureProtocols>0</UseSecureProtocols>
<SecureProtocols>SSL3|TLS1</SecureProtocols>
<RASPScanDataSinkHost></RASPScanDataSinkHost>
<RASPScanKickoffRESTHost></RASPScanKickoffRESTHost>
<RASPScanKickoffRESTEndpoint>advise_rasp_of_scan</RASPScanKickoffRESTEndpoint>
<RASPTimeout>0:03:00</RASPTimeout>
</NetworkSettingsConfig>
<PerformanceConfig>
<MaxConcurrentRequests>16</MaxConcurrentRequests>
<MaxBandwidthKB>1200</MaxBandwidthKB>
<MaxBrowserReuseCount>10</MaxBrowserReuseCount>
<MaxBrowserMemorySize>209715200</MaxBrowserMemorySize>
<MaxCPUUsage>50</MaxCPUUsage>
<MemoryCeiling>2800</MemoryCeiling>
<MemoryCeiling64Bit>5600</MemoryCeiling64Bit>
<AntiDoS>0</AntiDoS>
<MonitorPerformanceUsage>1</MonitorPerformanceUsage>
<DumpUserProcessMemoryUsage>0</DumpUserProcessMemoryUsage>
<SingleThreadedScan>0</SingleThreadedScan>
<KillStrayIEInstances>0</KillStrayIEInstances>
<KillStrayChromeInstances>0</KillStrayChromeInstances>
<MinFreeDiskSpace>524288000</MinFreeDiskSpace>
<MaxMemoryUsagePercent>70</MaxMemoryUsagePercent>
<MaxThreadCount>400</MaxThreadCount>
<MaxBrowserProcessLifetime>240000</MaxBrowserProcessLifetime>
<MinDatabaseCompactInterval>900000</MinDatabaseCompactInterval>
<DatabaseCompactDuringScan>0</DatabaseCompactDuringScan>
<DatabaseCompactPostScan>0</DatabaseCompactPostScan>
</PerformanceConfig>
<SystemRecommendationsConfig>
<Enabled>1</Enabled>
<MinLogicalProcessors>2</MinLogicalProcessors>
<MinTotalPhysicalMemoryFor64Bit>4187593113</MinTotalPhysicalMemoryFor64Bit>
<MinAvailablePhysicalMemoryFor64Bit>2147483648</MinAvailablePhysicalMemoryFor64Bit>
<MinTotalPhysicalMemoryFor32Bit>2147483648</MinTotalPhysicalMemoryFor32Bit>
<MinAvailablePhysicalMemoryFor32Bit>1073741824</MinAvailablePhysicalMemoryFor32Bit>
<MinFreeDiskSpace>10737418240</MinFreeDiskSpace>
</SystemRecommendationsConfig>
<HTTPHeadersConfig>
<HttpProtocol>HTTP/1.1</HttpProtocol>
<Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept>
<AcceptCharset></AcceptCharset>
<AcceptEncoding>gzip, deflate</AcceptEncoding>
<AcceptLanguage>en-US</AcceptLanguage>
<Cookie></Cookie>
<UserAgent>Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117
Safari/537.36</UserAgent>
<OverwriteWithDefaultHeaders>0</OverwriteWithDefaultHeaders>
<TrafficHeaderList>
<TrafficHeader>
<Value>Authorization</Value>
</TrafficHeader>
<TrafficHeader>
<Value>X-XSRF-TOKEN</Value>
</TrafficHeader>
<TrafficHeader>
<Value>X-CSRF-Token</Value>
</TrafficHeader>
</TrafficHeaderList>
</HTTPHeadersConfig>
<ManualCrawlingConfig>
</ManualCrawlingConfig>
<ParameterTrainingConfig>
<FormPopulation>Smart</FormPopulation>
<TrainingParameterList>
<TrainingParameter>
<PatternName>Username</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match>
<Value>%RANDALPHANUM%</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Password</PatternName>
<Types>password</Types>
<Language>en</Language>
<Match>password|passwd|pw|pwd</Match>
<Value>%RANDALPHANUM%$</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Social Security Number</PatternName>
<Types>text,textarea,password</Types>
<Language>en</Language>
<Match>SSN|social|security</Match>
<Value>987-65-4320</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Address</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>income</Match>
<Value>100000</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Address</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>address|street</Match>
<Value>600 Fairy Land Drive</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Apartment number</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>address|apartment|house</Match>
<Value>123</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>First name</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>name</Match>
<Value>John</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Last name</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>last[:space:]*name|surname</Match>
<Value>Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Full name</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>(your|full)[:space:]+name|name</Match>
<Value>John Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>User Signature</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>signature</Match>
<Value>John Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Middle name</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>middle[:space:]+name</Match>
<Value>L</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>City</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>city|town</Match>
<Value>Costa Mesa</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>County</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>county</Match>
<Value>Orange</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>State</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>state</Match>
<Value>CA</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Zip code</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</Match>
<Value>92626</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Country</PatternName>
<Types>text,textarea,select</Types>
<Language>en</Language>
<Match>united[:space:]*states|country</Match>
<Value>US</Value>
<ValueMatch>us</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Phone number</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>tele[:space:]*phone|fax|phone</Match>
<Value>123-456-7890</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Phone area code</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>area[:space:]+code</Match>
<Value>123</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Company name</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>company|employer|organization</Match>
<Value>Example</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Email</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>e[-_]?mail([-_]?address)?</Match>
<Value>a%RANDALPHANUM%@example.com</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Birthday</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>birth[:space:]day|birth</Match>
<Value>12/25/1975</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Day</PatternName>
<Types>text,textarea,select</Types>
<Language>en</Language>
<Match>dd|day</Match>
<Value>25</Value>
<ValueMatch>25</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Month</PatternName>
<Types>text,textarea,select</Types>
<Language>en</Language>
<Match>mm|month</Match>
<Value>12</Value>
<ValueMatch>12|dec|d</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>FutureYear</PatternName>
<Types>text,textarea,select</Types>
<Language>en</Language>
<Match>2015|2016|2017</Match>
<Value>2016</Value>
<ValueMatch>2015|2016|2017</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>BirthYear</PatternName>
<Types>text,textarea,select</Types>
<Language>en</Language>
<Match>yyyy|year|1975|1970|1960|1950</Match>
<Value></Value>
<ValueMatch>1975|1970|1960|1950</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Past Date mm/dd/yyyy</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>(start|from)[-\s_]*date</Match>
<Value>02/02/2003</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Future Date mm/dd/yy</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>mm/dd/yy</Match>
<Value>02/02/15</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Future Date mm/dd/yyyy</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>
mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\s_]*date
</Match>
<Value>02/02/2015</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Old password</PatternName>
<Types>password</Types>
<Language>en</Language>
<Match>old[:space:]+password</Match>
<Value>%RANDALPHANUM%1'</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Accept terms</PatternName>
<Types>checkbox,radio</Types>
<Language>en</Language>
<Match>
<![CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]>
</Match>
<Value></Value>
<ValueMatch>yes|1|on|true</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Save login</PatternName>
<Types>checkbox,radio,select</Types>
<Language>en</Language>
<Match>save|remember</Match>
<Value></Value>
<ValueMatch>yes|1|on|true</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Remove item</PatternName>
<Types>checkbox,radio</Types>
<Language>en</Language>
<Match>remove|delete</Match>
<Value></Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Search</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>keyword|search|query</Match>
<Value>water</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Quantity</PatternName>
<Types>text,textarea,select</Types>
<Language>en</Language>
<Match>quantity|amount|number|qty|num</Match>
<Value>3</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Number</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>number|count|nmr|cnt|rate|decimal|digit</Match>
<Value>21</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Account Number</PatternName>
<Types>text,textarea,select,radio,checkbox</Types>
<Language>en</Language>
<Match>account</Match>
<Value>20</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Shipping method</PatternName>
<Types>select,radio,checkbox</Types>
<Language>en</Language>
<Match>shipping|fedex|standard|ups</Match>
<Value></Value>
<ValueMatch>fedex|standard|ups</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Gift</PatternName>
<Types>checkbox</Types>
<Language>en</Language>
<Match>gift</Match>
<Value></Value>
<ValueMatch>yes|1|on|true</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Credit card number</PatternName>
<Types>text,textarea,password</Types>
<Language>en</Language>
<Match>credit[:space:]*card|card[:space:]*number</Match>
<Value>5105105105105100</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Credit card type</PatternName>
<Types>select,checkbox,radio</Types>
<Language>en</Language>
<Match>
master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex
</Match>
<Value></Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Credit card security code</PatternName>
<Types>text,textarea,password</Types>
<Language>en</Language>
<Match>security[:space:]*code|verification[:space:]*number</Match>
<Value>123</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>PIN</PatternName>
<Types>text,textarea,password</Types>
<Language>en</Language>
<Match>PIN</Match>
<Value>1234</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>CAPTCHA</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>code[:space:]*shown|captcha</Match>
<Value>%RANDALPHANUM%</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Size</PatternName>
<Types>select</Types>
<Language>en</Language>
<Match>size|xxl</Match>
<Value></Value>
<ValueMatch>(\b(m|s|42)\b</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Color</PatternName>
<Types>select</Types>
<Language>en</Language>
<Match>\b(color|red|black)\b</Match>
<Value>Blue</Value>
<ValueMatch>\b(blue|red|black)\b</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Price</PatternName>
<Types>text,textare</Types>
<Language>en</Language>
<Match>price</Match>
<Value>20</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Attention</PatternName>
<Types>text,textare</Types>
<Language>en</Language>
<Match>attention</Match>
<Value>John</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Gender</PatternName>
<Types>select,radio</Types>
<Language>en</Language>
<Match>gender|male|female</Match>
<Value>male</Value>
<ValueMatch>\b(male|m|f)\b</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Legal age</PatternName>
<Types>checkbox,radio</Types>
<Language>en</Language>
<Match>legal|\d\d[:space:]*years[:space:]*old</Match>
<Value>yes</Value>
<ValueMatch>\b(on|1|yes|true)\b</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Coupon code</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>promotion|coupon</Match>
<Value>%RANDALPHANUM%</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Send message</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>message|comment|complain|enquiry|review</Match>
<Value>comment</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Existing user</PatternName>
<Types>checkbox,radio</Types>
<Language>en</Language>
<Match>returning|existing|customer</Match>
<Value></Value>
<ValueMatch>\b(on|1|yes|true)\b</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Age</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>age|under|over</Match>
<Value>40</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Passphrase Hint</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>What make|pet's name|your father|high school|friend</Match>
<Value>What make was your first car?</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Passphrase Hint Answer</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>Answer</Match>
<Value>Ford</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Doctor name</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>doctor</Match>
<Value>John Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Website</PatternName>
<Types>text,textarea</Types>
<Language>en</Language>
<Match>website</Match>
<Value>www.example.com</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Address</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>adresse|strasse</Match>
<Value>600 Fairy Land Drive</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Apartment number</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>adresse|wohnung|haus</Match>
<Value>123</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>First name</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>name</Match>
<Value>John</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Last name</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>vorname|name</Match>
<Value>Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Full name</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>ihren namen|name</Match>
<Value>John Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>User Signature</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>unterschrift</Match>
<Value>John Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>City</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>stadt|stadt</Match>
<Value>Berlin</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Regierungsbezirke</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>regierungsbezirke</Match>
<Value>Berlin</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Zip code</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</Match>
<Value>10115</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Country</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>\b(deutschland|land)\b</Match>
<Value>DE</Value>
<ValueMatch>\bDE\b</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Phone number</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>telefon|telefon|fax</Match>
<Value>(1234) 567890</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Phone area code</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>vorwahl</Match>
<Value>123</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Company name</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>unternehmen|arbeitgeber|organisation</Match>
<Value>Example</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Email</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>E[-_]Mailadresse|email|E[-_]Mail</Match>
<Value>a%RANDALPHANUM%@example.com</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Birthday</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>geburtstag|geburt</Match>
<Value>12/25/1975</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Day</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>tag</Match>
<Value>25</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Month</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>monat</Match>
<Value>12</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Year</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Jahr</Match>
<Value>2007</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>BirthYear</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Jahr|1975|1970|1960|1950</Match>
<Value>1975</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Past Date mm/dd/yy</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Datum|d.m.yyyy|dd.mm.yyyy</Match>
<Value>02.02.03</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Past Date mm/dd/yyyy</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Datum|mm/dd/yyyy</Match>
<Value>02/02/2003</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Future Date mm/dd/yy</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>
MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==
</Match>
<Value>02/02/11</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Future Date mm/dd/yyyy</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5
</Match>
<Value>02/02/2011</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Username</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Benutzername|Mitgliedsnamen|Benutzer</Match>
<Value>%RANDALPHANUM%</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Password</PatternName>
<Types>password</Types>
<Language>de</Language>
<Match>password|passwort|passwd</Match>
<Value>%RANDALPHANUM%1'</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Old password</PatternName>
<Types>password</Types>
<Language>de</Language>
<Match>alte[:space:]passwort</Match>
<Value>%RANDALPHANUM%1'</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Accept terms</PatternName>
<Types>checkbox,radio</Types>
<Language>de</Language>
<Match>Ich habe gelesen und akzeptiere|Ich habe gelesen und
akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</Match>
<Value></Value>
<ValueMatch>yes|1|on|true</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Remove item</PatternName>
<Types>checkbox,radio</Types>
<Language>de</Language>
<Match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</Match>
<Value></Value>
<ValueMatch>yes|1|on|true</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Search</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</Match>
<Value>water</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Quantity</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>qty|Menge|Betrag|Anzahl</Match>
<Value>3</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Number</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</Match>
<Value>21</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Account Number</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Konto</Match>
<Value>3456</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Shipping method</PatternName>
<Types>select</Types>
<Language>de</Language>
<Match>Versand</Match>
<Value></Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Gift</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Geschenk</Match>
<Value></Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Credit card number</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Kreditkarte|Kredit|Kartennummer</Match>
<Value>5105105105105100</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Credit card type</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</Match>
<Value></Value>
<ValueMatch>Master</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Credit card security code</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>MJPYBZHSWwshWRRFSGWAGES3JlZGl0fFNpY2hlcmhlaXRzLUNvZGV8UHLDvGZudW1tZXI=</Match>
<Value>123</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>CAPTCHA</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>captcha</Match>
<Value>[%RANDALPHANUM%</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Back button</PatternName>
<Types>button,image,submit</Types>
<Language>de</Language>
<Match>MJPYBZHSWwshWRRFSGWAGEenVyw7xja3xyZXR1cm58c3Rvcm5pZXJlbnx2b3JoZXJpZ2V8d2VpdGVyIGVpbmthdWZlbg==
</Match>
<Value></Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Logout button</PatternName>
<Types>button,image,submi</Types>
<Language>de</Language>
<Match>Abmeldung|Abmeldung|ausloggen|(sign|log)-?(off|out)</Match>
<Value></Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Login button</PatternName>
<Types>button,image,submi</Types>
<Language>de</Language>
<Match>(log|sign)-?in</Match>
<Value></Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Size</PatternName>
<Types>select</Types>
<Language>de</Language>
<Match>MJPYBZHSWwshWRRFSGWAGER3LDtnNzZXxYWEw=</Match>
<Value>m</Value>
<ValueMatch>m|s|42</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Color</PatternName>
<Types>select</Types>
<Language>de</Language>
<Match>Farbe</Match>
<Value>Blue</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Enter price</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Preis</Match>
<Value>20</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Attention</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Aufmerksamkeit</Match>
<Value>John</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Gender</PatternName>
<Types>select,radio,checkbox</Types>
<Language>de</Language>
<Match>Geschlecht|Herren</Match>
<Value>m</Value>
<ValueMatch>m|h</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Legal age</PatternName>
<Types>select,radio,checkbox</Types>
<Language>de</Language>
<Match>rechtliche|\d\d[:space:]*Jahre</Match>
<Value>ja</Value>
<ValueMatch>ja|yes|1|on|true</ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Coupon code</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>MJPYBZHSWwshWRRFSGWAGERsO2cmRlcnVuZ3xHdXRzY2hlaW4=</Match>
<Value>111</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Send message</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Nachricht|Kommentar|beschweren|Anfrage|Kritik</Match>
<Value>comment</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Age</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Alter|unter|mehr</Match>
<Value>40</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Passphrase Hint</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Was machen|Name des Haustieres|Ihr Vater</Match>
<Value>What make was your first car?</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Passphrase Hint Answer</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>beantworten</Match>
<Value>Ford</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
<TrainingParameter>
<PatternName>Doctor name</PatternName>
<Types>text,textarea</Types>
<Language>de</Language>
<Match>Arzt</Match>
<Value>John Johnson</Value>
<ValueMatch></ValueMatch>
<MatchCriteria>Regex</MatchCriteria>
</TrainingParameter>
</TrainingParameterList>
</ParameterTrainingConfig>
<AutoSequenceConfig>
<SequenceIgnoreExtensionList>
<SequenceIgnoreExtension>
<Value>js</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>css</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>doc</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>jpg</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>jpeg</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>gif</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>png</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>bmp</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>ico</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>exe</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>swf</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>mp3</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>wav</Value>
</SequenceIgnoreExtension>
<SequenceIgnoreExtension>
<Value>eot</Value>
</SequenceIgnoreExtension>
</SequenceIgnoreExtensionList>
<SequenceIgnoreContentTypeList>
<SequenceIgnoreContentType>
<Value>*font*</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>audio/*</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>image/*</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>video/*</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/pdf</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/zip</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/x-rar-compressed</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/x-dvi</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/x-shockwave-flash</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/msword</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/ogg</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/x-tar</Value>
</SequenceIgnoreContentType>
<SequenceIgnoreContentType>
<Value>application/octet-stream</Value>
</SequenceIgnoreContentType>
</SequenceIgnoreContentTypeList>
</AutoSequenceConfig>
<MacroConfig>
<SequentialMacroPlayback>1</SequentialMacroPlayback>
</MacroConfig>
<SeleniumConfig>
<ListenForOtherScripts>0</ListenForOtherScripts>
<SequentialSeleniumScriptPlayback>1</SequentialSeleniumScriptPlayback>
<SeleniumPort>32768</SeleniumPort>
<FirefoxProfile></FirefoxProfile>
<WebDriverForHtml>Chrome</WebDriverForHtml>
</SeleniumConfig>
<WebServiceConfig>
<Username></Username>
<Password></Password>
<ContentType></ContentType>
<WsdlRegex>([?]wsdl|[.]wsdl)$</WsdlRegex>
<AutoDiscoverWSDL>1</AutoDiscoverWSDL>
<WebServicesEnhancements>0</WebServicesEnhancements>
<PasswordOption>Hashed</PasswordOption>
<SwaggerHostName></SwaggerHostName>
<SwaggerParseFail>1</SwaggerParseFail>
<SwaggerWarningLevel>Strict</SwaggerWarningLevel>
</WebServiceConfig>
<ReportConfig>
<GlobalDatabaseDSN></GlobalDatabaseDSN>
<GlobalDatabaseUID></GlobalDatabaseUID>
<GlobalDatabasePWD></GlobalDatabasePWD>
<Language>en</Language>
<BrandingDirectory></BrandingDirectory>
<UseSQLite>0</UseSQLite>
<XML>0</XML>
<AttackModulesJSON>1</AttackModulesJSON>
<CrawledLinksJSON>1</CrawledLinksJSON>
<WebAppScanSelectedChildrenJSON>1</WebAppScanSelectedChildrenJSON>
<ScanStatusJSON>1</ScanStatusJSON>
<WebSitesJSON>1</WebSitesJSON>
<CrawlResultsJSON>1</CrawlResultsJSON>
<FormsJSON>1</FormsJSON>
<WebResourcesJSON>1</WebResourcesJSON>
<AttackVectorsJSON>1</AttackVectorsJSON>
<FindingsJSON>1</FindingsJSON>
<UserMessageLogEntriesJSON>1</UserMessageLogEntriesJSON>
<AttackLocationsJSON>0</AttackLocationsJSON>
<VulnerabilitiesSummaryXML>1</VulnerabilitiesSummaryXML>
<VulnerabilitiesSummaryJSON>0</VulnerabilitiesSummaryJSON>
<BrowserLinksJSON>1</BrowserLinksJSON>
<CrawledLinksXML>0</CrawledLinksXML>
<ValidationJSON>1</ValidationJSON>
<TreatNTOEFindingFlagsSameAsUI>0</TreatNTOEFindingFlagsSameAsUI>
<Index>1</Index>
<ExecutiveSummary>1</ExecutiveSummary>
<AllLinks>1</AllLinks>
<AppThreatModeling>1</AppThreatModeling>
<BestPractices>1</BestPractices>
<Reflection>1</Reflection>
<RemediationSummary>1</RemediationSummary>
<Resources>0</Resources>
<ResourceDetails>0</ResourceDetails>
<ResourceSummaryBreakdown>0</ResourceSummaryBreakdown>
<Application>1</Application>
<Server>1</Server>
<Database>1</Database>
<BySite>0</BySite>
<SiteLinks>1</SiteLinks>
<StatusAndConfig>1</StatusAndConfig>
<Vulnerabilities>1</Vulnerabilities>
<VulnerabilitiesByUrlStandAlone>0</VulnerabilitiesByUrlStandAlone>
<DISASTIG>1</DISASTIG>
<FISMA>1</FISMA>
<CWESANS>1</CWESANS>
<GLB>1</GLB>
<HIPAA>1</HIPAA>
<OWASP2007>0</OWASP2007>
<OWASP2010>0</OWASP2010>
<OWASP2013>0</OWASP2013>
<OWASP2017>1</OWASP2017>
<GDPR2016>1</GDPR2016>
<PCI>0</PCI>
<PCI31>1</PCI31>
<SOX>1</SOX>
<Privacy>1</Privacy>
<Comments>1</Comments>
<Cookies>1</Cookies>
<PDF>0</PDF>
<ZipReport>0</ZipReport>
<ValidateApplet>1</ValidateApplet>
<IncludeDbInZip>0</IncludeDbInZip>
<DisableBigReportPagesThreshold>10000</DisableBigReportPagesThreshold>
<AesEncryptPassword></AesEncryptPassword>
<Metadata></Metadata>
<Confidence>1</Confidence>
</ReportConfig>
<WAFConfig>
<Snort>1</Snort>
<Imperva>1</Imperva>
<ModSec>1</ModSec>
<SnortMode>Alert</SnortMode>
</WAFConfig>
<ScheduleConfig>
<Enabled>0</Enabled>
<PauseTime>2020-06-24 17:08:33</PauseTime>
<ResumeTime>2020-06-24 17:08:33</ResumeTime>
<MaxRunTime>44006 Days, 17:08:33</MaxRunTime>
</ScheduleConfig>
<SiteTechnologyConfig>
<Autodetect>1</Autodetect>
<ServerPerformance>Unknown</ServerPerformance>
<TechnologyTargets>
</TechnologyTargets>
</SiteTechnologyConfig>
<OneTimeTokenConfig>
<AutoDetectCSRF>1</AutoDetectCSRF>
<MaxTokenLifetime>1899-12-30 00:00:00</MaxTokenLifetime>
<ExpirationRegex></ExpirationRegex>
<TokenNameRegex>csrf</TokenNameRegex>
<TokenValueRegex></TokenValueRegex>
</OneTimeTokenConfig>
<CVSSConfig>
<CollateralDamagePotential>Not Defined</CollateralDamagePotential>
<TargetDistribution>Not Defined</TargetDistribution>
<ConfidentialityRequirement>Not Defined</ConfidentialityRequirement>
<IntegrityRequirement>Not Defined</IntegrityRequirement>
<AvailabilityRequirement>Not Defined</AvailabilityRequirement>
<AccessVector>Not Defined</AccessVector>
<AccessComplexity>Not Defined</AccessComplexity>
<CvssAuthentication>Not Defined</CvssAuthentication>
</CVSSConfig>
<ParameterParserConfig>
<EnableBase64ParameterValues>1</EnableBase64ParameterValues>
<StandardURLParserConfig>
<PathNameValueDelimiters>=.</PathNameValueDelimiters>
<PathParameterDelimiters>/;</PathParameterDelimiters>
<QueryNameValueDelimiters>=</QueryNameValueDelimiters>
<QueryParameterDelimiters>
<![CDATA[&]]>
</QueryParameterDelimiters>
<PathParamsValueRegex>\d+</PathParamsValueRegex>
<StartPathParamsPosition>-1</StartPathParamsPosition>
</StandardURLParserConfig>
</ParameterParserConfig>
<ParameterValueConfig>
</ParameterValueConfig>
<RTCConfig>
<Enabled>0</Enabled>
<AuthToken></AuthToken>
<ScanID></ScanID>
</RTCConfig>
<NexposeRESTConfig>
<RootUrl></RootUrl>
<FunctionAttackModuleList></FunctionAttackModuleList>
<FunctionWebAppScanSelectedChildren></FunctionWebAppScanSelectedChildren>
<FunctionNewWebSite></FunctionNewWebSite>
<FunctionNewCrawlResult></FunctionNewCrawlResult>
<FunctionNewForm></FunctionNewForm>
<FunctionNewWebResource></FunctionNewWebResource>
<FunctionNewAttackVector></FunctionNewAttackVector>
<FunctionNewFinding></FunctionNewFinding>
<FunctionTrimFalsePositiveFinding></FunctionTrimFalsePositiveFinding>
<AuthKey></AuthKey>
<ServicePullRequests>0</ServicePullRequests>
</NexposeRESTConfig>
</ScanConfig>