Scan Configuration Operations
Credential Warning
Note: client account permissions required to modify scan configurations. Configs will be restricted to the client that the user has access to. The user account should have "Config Manager" permissions to work with configs.
/AppSpiderEnterprise/rest/v1/Config/SaveConfig
Description
Creates a new scan configuration
Parameters
The config is send as part of a multipart/form-data request. And any associated files will be sent in the request.
Name | Type | Required | Description |
---|---|---|---|
config | text | Y | Contains a set of parameters necessary to create a scan sconfig, see table below. |
fileType | file | N | The name of the file type which is associated with the config, for example, if the config requires a selenium authentication file, the name of this parameter is selenium and you would attach the selenium file. |
The parmeters which need to be included in the config are detailed in the table below.
Name | Type | Required | Description |
---|---|---|---|
id | guid[] | N | If id not provided new config will be created. If id provided config update performed. |
xml | string | Y | Scan config xml file. Config name should be unique in the client. |
defendEnabled | bool | N(false) | AppSpider Defend enabled |
monitoring | bool | N(false) | Monitoring scanning enabled |
monitoringDelay | int | N(0) | Delay between monitoring scans in hours. Possible values are 1 (hour), 24 (day), 168 (week), 720 (month) |
monitoringTriggerScan | bool | N(false) | Monitoring scan triggers attack scan if changes found |
name | string | Y | Config name |
engineGroupId | guid[] | Y | Engine group id for scan config |
isApproveRequired | bool | N(false) | Approve required property |
Note that the XML config must be embedded in the JSON request, the body of the request must be of type "form-data", and that a "config" key must contain the configuration in XML format.
If you wish to send an associated file with the request, there must be a reference made to the xml in the <ScanConfig>, for example with a selenium authentication file, the following xml must be provide the path of the file
xml
1<SeleniumFile>2<SeleniumFileName>3C:\\\\Users\\\\user\\\\Postman\\\\files\\\\selenium.bat4</SeleniumFileName>5</SeleniumFile>
A full breakout of all XML elements contained in a ScanConfig can be found at Scan Configuration Parameters
JSON Request example
JSON
1"config": {2"DefendEnabled": false,3"MonitoringDelay": 0,4"MonitoringTriggerScan": false,5"Xml": "<ScanConfig><Name>SeleniumConfig</Name><AppVersion>7.0</AppVersion><Log>1</Log><DetailedLogging>0</DetailedLogging><IncludeTraffic>0</IncludeTraffic><WindowsErrors>0</WindowsErrors><UseSystemDsn>0</UseSystemDsn><Recrawl>0</Recrawl><PauseOnRecoverableError>1</PauseOnRecoverableError><ExecuteCommandLineURL></ExecuteCommandLineURL><NotifyScanDoneURL></NotifyScanDoneURL><JavaScriptEngine>Chrome</JavaScriptEngine><MaxDatabaseSize>1073741824</MaxDatabaseSize><MaxTrafficFiles>0</MaxTrafficFiles><ScanModuleParametersList /><DomainNameList /><CrawlConfig><MaxDomain>100</MaxDomain><MaxCrawlResults>5000</MaxCrawlResults><MaxPerWebSiteCrawlResults>-1</MaxPerWebSiteCrawlResults><MaxPerDirCrawlResults>500</MaxPerDirCrawlResults><MaxPerLinkCrawlResults>50</MaxPerLinkCrawlResults><MaxPerNormalizedLinkCrawlResult>100</MaxPerNormalizedLinkCrawlResult><MaxPerDirChildNodes>300</MaxPerDirChildNodes><MaxBlackListExtCrawlResults>100</MaxBlackListExtCrawlResults><MaxAttackFeedbackLinksCount>300</MaxAttackFeedbackLinksCount><MaxPerFileNameCrawlResults>250</MaxPerFileNameCrawlResults><RecursionDepth>2</RecursionDepth><MaxDirDepth>15</MaxDirDepth><DiscoveryDepth>-1</DiscoveryDepth><UrlRepetitionTolerance>25</UrlRepetitionTolerance><SequenceRepetitionTolerance>5</SequenceRepetitionTolerance><MaxReportedImages>500</MaxReportedImages><MaxReportedLinks>2500</MaxReportedLinks><MaxReportedComments>500</MaxReportedComments><MaxReportedScripts>500</MaxReportedScripts><MaxReportedEmails>500</MaxReportedEmails><MaxReportedForms>500</MaxReportedForms><MaxBrowserPageWaitTimeout>60000</MaxBrowserPageWaitTimeout><MaxBrowserWaitTillRequestTimeout>4000</MaxBrowserWaitTillRequestTimeout><MaxBrowserDOMDepth>4</MaxBrowserDOMDepth><MaxBrowserEventsPerLink>600</MaxBrowserEventsPerLink><MaxBrowserEventsPerCrawlResult>400</MaxBrowserEventsPerCrawlResult><MaxBrowserEventsPerDOM>100</MaxBrowserEventsPerDOM><MaxBrowserNoNewResourceDOMCount>400</MaxBrowserNoNewResourceDOMCount><NotInsertedLinkCountThreshold>2</NotInsertedLinkCountThreshold><MaxCookiesFromJavascript>100</MaxCookiesFromJavascript><MaxCookiesSameNameFromJavascript>10</MaxCookiesSameNameFromJavascript><CrawlPrioritization>Smart</CrawlPrioritization><FileNotFoundRegex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</FileNotFoundRegex><ServerErrorRegex></ServerErrorRegex><InvalidURLRegexAttack><![CDATA[['\\\"\\\\(\\\\)<>]|\\\\d([-+]|%2[bd])\\\\d|repeat\\\\(|alert\\\\(|/x\\\\w{7}\\\\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]></InvalidURLRegexAttack><InvalidURLRegexCrawl><![CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\\\\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]></InvalidURLRegexCrawl><PriorityLinksRegex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</PriorityLinksRegex><LockCookies>0</LockCookies><CaseSensitivity>Case Sensitive</CaseSensitivity><UniqueUrlsAcrossWebsites>0</UniqueUrlsAcrossWebsites><SaveReferences>0</SaveReferences><UseBrowser>1</UseBrowser><ShowBrowser>0</ShowBrowser><StayOnPort>0</StayOnPort><RestrictToMacro>0</RestrictToMacro><RestrictToManualCrawling>0</RestrictToManualCrawling><RestrictToSeedList>0</RestrictToSeedList><RestrictToWebService>0</RestrictToWebService><RestrictToSelenium>0</RestrictToSelenium><RestrictToSwagger>0</RestrictToSwagger><ImportCookiesFromTraffic>0</ImportCookiesFromTraffic><PageEqualThreshhold>0.95</PageEqualThreshhold><PageSimilarThreshhold>0.8</PageSimilarThreshhold><ExperimentalCrawling>Disabled</ExperimentalCrawling><Flash>1</Flash><EnableAdvancedParsers>1</EnableAdvancedParsers><SearchForUrls>1</SearchForUrls><CookieCommaSeparator>1</CookieCommaSeparator><MaxWebResourcesOverhead>1000</MaxWebResourcesOverhead><SeedUrlList><SeedUrl><Value>http://www.webscantest.com/</Value></SeedUrl></SeedUrlList><ScopeConstraintList><ScopeConstraint><URL>http://www.webscantest.com/*</URL><Method>All</Method><MatchCriteria>Wildcard</MatchCriteria><Exclusion>Include</Exclusion><HttpParameterList /></ScopeConstraint><ScopeConstraint><URL>http://*.www.webscantest.com/*</URL><Method>All</Method><MatchCriteria>Wildcard</MatchCriteria><Exclusion>Include</Exclusion><HttpParameterList /></ScopeConstraint></ScopeConstraintList><BlackListExtensionList><BlackListExtension><Value>css</Value></BlackListExtension><BlackListExtension><Value>axd</Value></BlackListExtension></BlackListExtensionList><GrayListExtensionList><GrayListExtension><Value>pdf</Value></GrayListExtension><GrayListExtension><Value>doc</Value></GrayListExtension><GrayListExtension><Value>jpg</Value></GrayListExtension><GrayListExtension><Value>jpeg</Value></GrayListExtension><GrayListExtension><Value>gif</Value></GrayListExtension><GrayListExtension><Value>png</Value></GrayListExtension><GrayListExtension><Value>bmp</Value></GrayListExtension><GrayListExtension><Value>ico</Value></GrayListExtension><GrayListExtension><Value>js</Value></GrayListExtension><GrayListExtension><Value>tiff</Value></GrayListExtension><GrayListExtension><Value>eot</Value></GrayListExtension><GrayListExtension><Value>ttf</Value></GrayListExtension><GrayListExtension><Value>mid</Value></GrayListExtension><GrayListExtension><Value>midi</Value></GrayListExtension><GrayListExtension><Value>mp3</Value></GrayListExtension><GrayListExtension><Value>mpeg</Value></GrayListExtension><GrayListExtension><Value>wav</Value></GrayListExtension><GrayListExtension><Value>avi</Value></GrayListExtension><GrayListExtension><Value>woff</Value></GrayListExtension><GrayListExtension><Value>svg</Value></GrayListExtension></GrayListExtensionList><BinaryExtensionList><BinaryExtension><Value>fla</Value></BinaryExtension><BinaryExtension><Value>swf</Value></BinaryExtension><BinaryExtension><Value>pdf</Value></BinaryExtension><BinaryExtension><Value>doc</Value></BinaryExtension><BinaryExtension><Value>jpg</Value></BinaryExtension><BinaryExtension><Value>jpeg</Value></BinaryExtension><BinaryExtension><Value>gif</Value></BinaryExtension><BinaryExtension><Value>png</Value></BinaryExtension><BinaryExtension><Value>bmp</Value></BinaryExtension><BinaryExtension><Value>ico</Value></BinaryExtension><BinaryExtension><Value>dll</Value></BinaryExtension><BinaryExtension><Value>exe</Value></BinaryExtension><BinaryExtension><Value>eot</Value></BinaryExtension><BinaryExtension><Value>ttf</Value></BinaryExtension><BinaryExtension><Value>mp3</Value></BinaryExtension><BinaryExtension><Value>mp4</Value></BinaryExtension><BinaryExtension><Value>wav</Value></BinaryExtension><BinaryExtension><Value>woff</Value></BinaryExtension><BinaryExtension><Value>svg</Value></BinaryExtension></BinaryExtensionList><TextExtensionList><TextExtension><Value>txt</Value></TextExtension><TextExtension><Value>js</Value></TextExtension><TextExtension><Value>css</Value></TextExtension><TextExtension><Value>json</Value></TextExtension></TextExtensionList><BinaryContentTypeList><BinaryContentType><Value>audio/*</Value></BinaryContentType><BinaryContentType><Value>image/*</Value></BinaryContentType><BinaryContentType><Value>video/*</Value></BinaryContentType><BinaryContentType><Value>application/pdf</Value></BinaryContentType><BinaryContentType><Value>application/zip</Value></BinaryContentType><BinaryContentType><Value>application/x-rar-compressed</Value></BinaryContentType><BinaryContentType><Value>application/x-dvi</Value></BinaryContentType><BinaryContentType><Value>application/x-shockwave-flash</Value></BinaryContentType><BinaryContentType><Value>application/msword</Value></BinaryContentType><BinaryContentType><Value>application/ogg</Value></BinaryContentType><BinaryContentType><Value>application/x-tar</Value></BinaryContentType><BinaryContentType><Value>application/octet-stream</Value></BinaryContentType></BinaryContentTypeList><HTMLContentTypeList><HTMLContentType><Value>text/html</Value></HTMLContentType><HTMLContentType><Value>html/*</Value></HTMLContentType><HTMLContentType><Value>application/xhtml+xml</Value></HTMLContentType></HTMLContentTypeList><TextContentTypeList><TextContentType><Value>text/plain</Value></TextContentType><TextContentType><Value>text/csv</Value></TextContentType><TextContentType><Value>text/css</Value></TextContentType><TextContentType><Value>text/javascript</Value></TextContentType><TextContentType><Value>application/javascript</Value></TextContentType><TextContentType><Value>application/x-javascript</Value></TextContentType><TextContentType><Value>application/json</Value></TextContentType><TextContentType><Value>application/x-httpd-php-source</Value></TextContentType></TextContentTypeList><XMLContentTypeList><XMLContentType><Value>application/xml-dtd</Value></XMLContentType><XMLContentType><Value>text/xml</Value></XMLContentType><XMLContentType><Value>application/soap+xml</Value></XMLContentType><XMLContentType><Value>application/xml</Value></XMLContentType></XMLContentTypeList><DomRestrictionsList /><BrowserDownloadWhitelistList><BrowserDownloadWhitelist><Value>*.css</Value></BrowserDownloadWhitelist><BrowserDownloadWhitelist><Value>*.js</Value></BrowserDownloadWhitelist><BrowserDownloadWhitelist><Value>*.xml</Value></BrowserDownloadWhitelist><BrowserDownloadWhitelist><Value>*.dtd</Value></BrowserDownloadWhitelist><BrowserDownloadWhitelist><Value>*.axd</Value></BrowserDownloadWhitelist><BrowserDownloadWhitelist><Value>*.json</Value></BrowserDownloadWhitelist><BrowserDownloadWhitelist><Value>*/js/*</Value></BrowserDownloadWhitelist><BrowserDownloadWhitelist><Value>*/css/*</Value></BrowserDownloadWhitelist></BrowserDownloadWhitelistList><BrowserDoNotDownloadExtensionList><BrowserDoNotDownloadExtension><Value>pdf</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>doc</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>jpg</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>jpeg</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>gif</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>png</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>bmp</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>ico</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>exe</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>swf</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>mp3</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>mp4</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>wav</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>eot</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>ttf</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>woff</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>ico</Value></BrowserDoNotDownloadExtension><BrowserDoNotDownloadExtension><Value>svg</Value></BrowserDoNotDownloadExtension></BrowserDoNotDownloadExtensionList><BrowserDoNotDownloadContentTypeList><BrowserDoNotDownloadContentType><Value>audio/*</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>image/*</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>video/*</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/pdf</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/zip</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/x-rar-compressed</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/x-dvi</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/x-shockwave-flash</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/msword</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/ogg</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/x-tar</Value></BrowserDoNotDownloadContentType><BrowserDoNotDownloadContentType><Value>application/octet-stream</Value></BrowserDoNotDownloadContentType></BrowserDoNotDownloadContentTypeList><LockedCookieList /><FrameworksCrawlConfig><EnableFrameworksCrawling>1</EnableFrameworksCrawling><ReactJSDetectionRegex></ReactJSDetectionRegex></FrameworksCrawlConfig></CrawlConfig><AttackerConfig><ParametersToAttackBeforeLimitingAttacks>400</ParametersToAttackBeforeLimitingAttacks><LinksToAttackBeforeLimitingAttacks>200</LinksToAttackBeforeLimitingAttacks><MaxSameNameParameterAttackPoints>25</MaxSameNameParameterAttackPoints><MaxSameCookieParameterAttackPoints>15</MaxSameCookieParameterAttackPoints><MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink><MaxParameterAttackPointsPerLink>50</MaxParameterAttackPointsPerLink><MaxNormalizedSameNameParameterAttackPointsPerLink>4</MaxNormalizedSameNameParameterAttackPointsPerLink><ApplyGlobalFindingsSettings>1</ApplyGlobalFindingsSettings><ApplyCrawlerConstraints>1</ApplyCrawlerConstraints><MaxNumberOfScheduledPassiveAttacks>1000000</MaxNumberOfScheduledPassiveAttacks><MinCookieLifetimeForAttacks>3600</MinCookieLifetimeForAttacks><ExcludeLowConfidenceFindings>0</ExcludeLowConfidenceFindings><ScopeConstraintList /><DefaultDoNotAttackParamList><DefaultDoNotAttackParam><ParameterName>^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$</ParameterName><MatchCriteria>Regex</MatchCriteria></DefaultDoNotAttackParam></DefaultDoNotAttackParamList><UserDoNotAttackParamList /></AttackerConfig><AttackPolicyConfig><Policy>Crawl only</Policy><AttackPrioritization>Smart</AttackPrioritization><AttackDepth>Smart</AttackDepth><EnableAdvancedAttacks>0</EnableAdvancedAttacks><FalsePositiveRegex></FalsePositiveRegex><FalsePositiveFindingRegex></FalsePositiveFindingRegex><RootCauseIdExcludeList></RootCauseIdExcludeList><AttackOnlyControllingHeaders>1</AttackOnlyControllingHeaders><EnforceEncoding>0</EnforceEncoding><AttackPoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</AttackPoints><ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><AttackModulePolicyList><AttackModulePolicy><Enabled>0</Enabled><ModuleId>C0B05B9C334341B180D2494235FF8F99</ModuleId><ModulePriority>High</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>10</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Anonymous Access</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>59597A25A9504D5AAD20B74A4DCCABB7</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit><MaxVarianceLimit>3</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Directory|File|Web Resource|Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Apache Struts 2 Framework Checks</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>9F6600FB2E7840E48B156790FEFAC10A</ModuleId><ModulePriority>High</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit><MaxVarianceLimit>3</MaxVarianceLimit><PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Apache Struts Detection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>929E08F60E084936B12C984ED0F5F47C</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Arbitrary File Upload</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>719FF94DEF014D29B16234909941E48E</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Directory</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>ASP.NET Misconfiguration</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>B7CEE386C7C64618A510F3F8FED5400B</ModuleId><ModulePriority>Medium</ModulePriority><Severity>High</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>ASP.NET Serialization</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>865E5CE0E5144D3E899B825EC8603969</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Autocomplete attribute</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>13B4C758BA174200885A29CBA7346165</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Browser Cache directive (web application performance)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>E33B272027B844D5BBB8EDE541983474</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>150</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Browser Cache directive (leaking sensitive information)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>A8091DB7769C49ED9E844B9F19529AC1</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>5</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Brute Force (HTTP Auth)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>7F61DDD522C5439B9EAB4FC17B2F47AA</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>5</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Brute Force (Form Auth)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>22E85EEA6883403982D8C298AEBC935A</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Blind SQL</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>FD1C760270CE493D92F50C347C79218F</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Directory</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Clients Cross-Domain Policy Files</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>A41D5AC842594BF086E9A96DD3353333</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Information Disclosure in comments</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>BBFCB66779ED4E7292C08F19E9BB45DF</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>50</MaxVulnLimit><MaxPerWebSiteVulnLimit>20</MaxPerWebSiteVulnLimit><MaxVarianceLimit>10</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Cookie attributes</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>2227AE47A2AA40A6B6B1328AC13A6F0C</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>5</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource|Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>AJAX</RequestOriginations><DisplayName>Cross Origin Resources Sharing (CORS)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>F8A0814584594965B0AF68B4E190F566</ModuleId><ModulePriority>Low</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|Silverlight</RequestOriginations><DisplayName>Credentials over an insecure channel</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>C35E7D79DD6F4DA489BBF6BC1D9D012B</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Content Security Policy Header</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>81C9D7ED0E33447899D5CD20B978617B</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Cross-Site Request Forgery (CSRF)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>3A586D24C653446196BAAC345FDE8C53</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>20</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Directory</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Custom Directory Module</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>EE998B281CE840948E90BF2D61E4C5F9</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>20</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Custom Parameter Module</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>1DE8C004C53D4B89A41E6B98DC6FD3B4</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>20</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Custom Passive Module</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>2CE90A403F704F80961E381BE19CCA2F</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Directory</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Directory Indexing</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>240EBB4A72024BA585833EB1F1AB4EC0</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>150</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Email Disclosure</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>9B62D146FF00456388F9822A76F95841</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Expression Language Injection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>D07D5C8EF8664392A0CC1509A6DE5940</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|Path|Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Forced Browsing</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>FD28B5D41E064D37B5543CE22BBC6306</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|Silverlight</RequestOriginations><DisplayName>Sensitive Data Exposure</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>7B61BD81D278490C9B1A7B0568E94E30</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>5</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Form Session Strength</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>5032DAF0D8FE4294B23F0D1DAA4C0337</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>50</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>FrontPage Checks</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>748E90FC47AB4B438C3A49660989B44A</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Heartbleed Check</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>EBEE6CA2515F4FBEB8B7EC0197C5A74F</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>20</MaxVulnLimit><MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>HTTP Strict Transport Security</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>F25AF6387E8A429F8E664F31E2974054</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>20</MaxVulnLimit><MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>HTTP Authentication over insecure channel</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>60B0D57597EF4542A15FCB8D907669B0</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>HTTPS Downgrade</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>55D76EB20CE54C01856E43223232E3DD</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>HTTP Headers</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>DE08B6DDD872440E91347969D514CFD6</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>HTTP Response Splitting</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>1712CD453B074C78A8A561E0ED66DD1F</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site|Web Resource|Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>HTTPS Everywhere</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>881B35A841414BBAA05084A2A8CE7904</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>20</MaxVulnLimit><MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|Flash|Silverlight</RequestOriginations><DisplayName>HTTP User-Agent Check</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>6A609D0096124619842EE23FA7C989B5</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>500</MaxVulnLimit><MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Information Disclosure in response</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>E617D008F7534C808064D2B1A4BFE81A</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>500</MaxVulnLimit><MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Information Leakage in responses</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>B86A3A67D710456898A9009DBF6A4989</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Java Grinder</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>F10ACEB0A6804D0F93516428E64B46FD</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>500</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight</RequestOriginations><DisplayName>JavaScript Memory Leaks</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>B7FD0D454CB246AC85A29AF53C27157F</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>LDAP Injection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>FCD9A41AD39247C0B45A8D42FF7A4E5E</ModuleId><ModulePriority>High</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX</RequestOriginations><DisplayName>Local Storage Usage</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>466E4CC294D94A11AFD50FD01D56261F</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter|Response Analysis</AttackPoints><ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Business logic abuse attacks</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>7D06B46D915644E9870F4A6B903FC09F</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>10</MaxVulnLimit><MaxPerWebSiteVulnLimit>1</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Nginx NULL code</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>99E5E4DD1B734047B95402FB7C76BEC3</ModuleId><ModulePriority>Medium</ModulePriority><Severity>High</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>File|Path|Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>OS Commanding</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>2934BC76771C4016BD3524B432CEBCA8</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>5</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Out of Band Stored Cross-site scripting (XSS)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>A62D1481CB394632B06C0C54FCDD0579</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>5</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Out of Band Cross-site scripting (XSS)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>A8AB603EABC04875A5B2320CF6990C24</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>500</MaxVulnLimit><MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post|Cookie|Referer</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Parameter Fuzzing</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>FAC53175FF1E4478AA6D3E2DD4D66B6D</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>10</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Credentials stored in clear text in a cookie.</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>243C315A46A14C92A2717A29A4290167</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>10</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|Silverlight</RequestOriginations><DisplayName>Collecting Sensitive Personal Information</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>B97A29683AEE4AA2B94FC26BFC2694A9</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>PHP Code Execution</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>AFF041E38E444889B271CDE1B24378EA</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>10</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Privacy Disclosure</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>433C43A54C714F08B822B7932D410A78</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>10</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource|Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Privilege Escalation</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>ED2E98EFF9A14BF7ACA06A7B28FF97BE</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Profanity</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>0AE25E41D6F44F29900104EF86B04191</ModuleId><ModulePriority>Low</ModulePriority><Severity>Safe</Severity><MaxVulnLimit>500</MaxVulnLimit><MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Reflection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>8CB2F93CE7F243B98D3C83A9A3E6EA4B</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>1000</MaxVulnLimit><MaxPerWebSiteVulnLimit>250</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Directory|File|Parameter</AttackPoints><ParameterLocations>Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>File Inclusion</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>63430695B68941DF99BF242F5AE1674B</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>50</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>HTTP Verb Tampering</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>D8741C7560B8431A9AE74E9B4FEB4F45</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>10</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site|Directory|File</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Predictable Resource Location</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>13623AA162FA4488852116B7EC0DE49E</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Query</ParameterLocations><RequestOriginations>HTML|Form</RequestOriginations><DisplayName>Reverse Clickjacking</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>A418163442A54BB9BB0F1E591881A835</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Reverse Proxy</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>2C7D393BABA44517B0A37DC8ADCF9630</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>Information Disclosure in scripts</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>07BD211A580944E591F78B40FF3F3489</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>3</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Secure and non-secure content mix</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>1CBEA71A88844A11A4CD6ABAA2FD7F62</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|Silverlight</RequestOriginations><DisplayName>Sensitive data over an insecure channel</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>34A0F038EFA248B594E7F17447F4CF2E</ModuleId><ModulePriority>High</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>10</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site|Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Server Configuration</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>DC8E0D09314B44D39915AAF8439B4F53</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>150</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations><RequestOriginations>HTML|Form|AJAX</RequestOriginations><DisplayName>Server Side Include (SSI) Injection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>0F5408AB9FF94320AA58FCFE80EDEF59</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>200</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Server Side Template Injection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>DB1340E1857540219DF84A6A9DC0494C</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Session Fixation</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>6B1B2812012D41249BDEE83FFAEB523D</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>10</MaxVulnLimit><MaxPerWebSiteVulnLimit>4</MaxPerWebSiteVulnLimit><MaxVarianceLimit>1</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|Path|Query</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations><DisplayName>HTTP Query Session Check</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>F729A70998064A1F99A8BEA8512D31AE</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>10</MaxVulnLimit><MaxPerWebSiteVulnLimit>2</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Session Strength</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>0DB2C1311DA74B80A153A8733C74D6CC</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>50</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Session Upgrade</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>7A7B3239AB8146839A8AEF170807ED1E</ModuleId><ModulePriority>Low</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>File</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Source Code Disclosure</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>59646365E0E44520BE4297C3ABAA7E75</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>1</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>SQL Information Leakage</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>B6F559D374B5451EB424A1C1FB264FA6</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>500</MaxVulnLimit><MaxPerWebSiteVulnLimit>200</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>SQL Injection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>0496353D92704F2E942BFE1B575D9B7C</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>SQL Injection Auth Bypass</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>CEB40EE490564D60B4F9B3CE79C009B5</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>SQL Parameter Check</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>C5805272001249A095A48F2E56240C10</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>100</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>SSL Strength</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>5D9A66E5961B4644AAF5EC655E18EE66</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>50</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>20</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Subdomain discovery</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>9A22444AC7C642ABBC598CBCA4738C3B</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>40</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Unvalidated Redirect</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>B69E83831D26496BB2CC0C0D70181EC3</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>40</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>URL rewriting</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>4DE84100F31849A7B845FE5F62D2FD7A</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form</RequestOriginations><DisplayName>ASP.NET ViewState security</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>0BE4C251F44C4CF1924104ADFD86289C</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>25</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|Flash|Silverlight</RequestOriginations><DisplayName>Web Beacon</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>74FB936F2BBA499F8D0AF3B7A29B4F9E</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>30</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Site</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Cross-site tracing (XST)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>377030BFE58A4F01A112295D32A0744C</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Web Service Parameter Fuzzing</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>8399FA8EDF5C41BC9D3CF85DC23DC26B</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>20</MaxVulnLimit><MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>X-Content-Type-Options</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>3E2E60F7D0E04D8596918C2D1F639064</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>50</MaxVulnLimit><MaxPerWebSiteVulnLimit>10</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>X-Frame-Options</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>615D72F401BC447AB4A2139654BC9945</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>X-XSS-Protection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>ABFA075919804435A25A22A8CAC191DF</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post|Cookie</ParameterLocations><RequestOriginations>HTML|Form|AJAX</RequestOriginations><DisplayName>XML External Entity Attack</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>BBE9F36A88A944ECB837D5193D356E4C</ModuleId><ModulePriority>Medium</ModulePriority><Severity>High</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Path|Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>XPath Injection</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>6CEF426D33514825B50741616DB2120B</ModuleId><ModulePriority>Low</ModulePriority><Severity>Informational</Severity><MaxVulnLimit>25</MaxVulnLimit><MaxPerWebSiteVulnLimit>5</MaxPerWebSiteVulnLimit><MaxVarianceLimit>2</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>X-Powered-By</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>46A8FE469F6C44BFB9946C021A2BCDC8</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX</RequestOriginations><DisplayName>Cross-site scripting (XSS), (DOM based)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>BD57F92E956A493DA39ADDF215B29D96</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Web Resource</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>AJAX</RequestOriginations><DisplayName>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>62AA6A08FA764E209551B4A4C479F08D</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Response Analysis</AttackPoints><ParameterLocations></ParameterLocations><RequestOriginations>HTML|Form|AJAX</RequestOriginations><DisplayName>Persistent Cross-site scripting (XSS) (passive)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>050ABD8CF99F4EE4AA18C12F06FA3051</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>50</MaxPerWebSiteVulnLimit><MaxVarianceLimit>5</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Persistent Cross-site scripting (XSS), (active)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>ABEB2E590AA24A39BB6FE7DBD6338277</ModuleId><ModulePriority>High</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>400</MaxVulnLimit><MaxPerWebSiteVulnLimit>150</MaxPerWebSiteVulnLimit><MaxVarianceLimit>5</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>Directory|File|Path|Query|Post|Cookie|Referer</ParameterLocations><RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</RequestOriginations><DisplayName>Reflected Cross-site scripting (XSS)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>FFBF4640C8A4475E93E099018951B409</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Medium</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit>100</MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks><EnforceEncoding>0</EnforceEncoding><ApplyPolicySeverity>0</ApplyPolicySeverity><AttackPoints>Parameter</AttackPoints><ParameterLocations>File|Query|Post</ParameterLocations><RequestOriginations>HTML|Form|AJAX</RequestOriginations><DisplayName>Reflected Cross-site scripting (XSS), (simple)</DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>38354857D10048B68A34CD2E3EBC3B52</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>75</MaxVulnLimit><MaxPerWebSiteVulnLimit></MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>false</PassiveAnalysisOnAttacks><EnforceEncoding>false</EnforceEncoding><ApplyPolicySeverity></ApplyPolicySeverity><AttackPoints>16</AttackPoints><ParameterLocations>40</ParameterLocations><RequestOriginations>63</RequestOriginations><DisplayName></DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>FF01402DB70848D88ACB0736B6E4BCF5</ModuleId><ModulePriority>High</ModulePriority><Severity>Low</Severity><MaxVulnLimit>4</MaxVulnLimit><MaxPerWebSiteVulnLimit></MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>false</PassiveAnalysisOnAttacks><EnforceEncoding>false</EnforceEncoding><ApplyPolicySeverity></ApplyPolicySeverity><AttackPoints>8</AttackPoints><ParameterLocations>0</ParameterLocations><RequestOriginations>1</RequestOriginations><DisplayName></DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>F74CCB3314134B21A3B5D5D78BECEADB</ModuleId><ModulePriority>High</ModulePriority><Severity>High</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit></MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>false</PassiveAnalysisOnAttacks><EnforceEncoding>false</EnforceEncoding><ApplyPolicySeverity></ApplyPolicySeverity><AttackPoints>22</AttackPoints><ParameterLocations>168</ParameterLocations><RequestOriginations>63</RequestOriginations><DisplayName></DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>667629EC1FDC4C6D98B5F4031717BB9B</ModuleId><ModulePriority>Medium</ModulePriority><Severity>Low</Severity><MaxVulnLimit>250</MaxVulnLimit><MaxPerWebSiteVulnLimit></MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>false</PassiveAnalysisOnAttacks><EnforceEncoding>false</EnforceEncoding><ApplyPolicySeverity></ApplyPolicySeverity><AttackPoints>2</AttackPoints><ParameterLocations>0</ParameterLocations><RequestOriginations>63</RequestOriginations><DisplayName></DisplayName></AttackModulePolicy><AttackModulePolicy><Enabled>0</Enabled><ModuleId>31E0A650FB944E689DF46B7A98F35A5F</ModuleId><ModulePriority>Low</ModulePriority><Severity>Low</Severity><MaxVulnLimit>100</MaxVulnLimit><MaxPerWebSiteVulnLimit></MaxPerWebSiteVulnLimit><MaxVarianceLimit>4</MaxVarianceLimit><PassiveAnalysisOnAttacks>false</PassiveAnalysisOnAttacks><EnforceEncoding>false</EnforceEncoding><ApplyPolicySeverity></ApplyPolicySeverity><AttackPoints>32</AttackPoints><ParameterLocations>0</ParameterLocations><RequestOriginations>31</RequestOriginations><DisplayName></DisplayName></AttackModulePolicy></AttackModulePolicyList></AttackPolicyConfig><AnalyzerConfig><Enabled>0</Enabled><NotExistingFilePath>/aaaaaaaa.aaa</NotExistingFilePath><NotExistingDirPath>/aaaaaaaa/</NotExistingDirPath><AppendToOriginalValue>1</AppendToOriginalValue><ReplaceOriginalValue>0</ReplaceOriginalValue></AnalyzerConfig><AuthConfig><Type>Selenium</Type><HttpAuth>0</HttpAuth><OAuth>0</OAuth><ReloginAfterSessionLoss>1</ReloginAfterSessionLoss><LogoutDetection>1</LogoutDetection><UserAssistance>0</UserAssistance><AssumeSuccessfulLogin>0</AssumeSuccessfulLogin><VerifyNotLoggedin>1</VerifyNotLoggedin><PostponeLoginAction>1</PostponeLoginAction><CreateNonAuthenticatedSession>0</CreateNonAuthenticatedSession><TreatFailedReloginAsError>1</TreatFailedReloginAsError><RestartProxyBeforeRelogin>0</RestartProxyBeforeRelogin><BlacklistSinglePasswordForms>0</BlacklistSinglePasswordForms><BlacklistMultiPasswordForms>1</BlacklistMultiPasswordForms><ResetCookies>1</ResetCookies><AccountType>Restricted</AccountType><UsernameForm></UsernameForm><PasswordForm></PasswordForm><UsernameHttp /><PasswordHttp></PasswordHttp><AutoLogonSecurity>Medium</AutoLogonSecurity><LoginLinkRegex>((log|sign)[ -]?(in|on))|auth</LoginLinkRegex><LoggedInRegex>(sign|log)[ -]?(out|off)</LoggedInRegex><LoggedInHeaderRegex></LoggedInHeaderRegex><SessionLossRegex>please (re)?login|have been logged out|session has expired</SessionLossRegex><SessionLossHeaderRegex>Location: [^\\\\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\\\\b</SessionLossHeaderRegex><LogoutLinkRegex>(sign|log|time)[ -]?(in|on|out|off)|password</LogoutLinkRegex><LogoutPostBodyRegex>(sign|log|time)[ -]?(in|on|out|off)</LogoutPostBodyRegex><CanaryPage></CanaryPage><SessionLossOnCanaryPageRegex></SessionLossOnCanaryPageRegex><FormSubmissionScript></FormSubmissionScript><SessionCookieRegex>\\\\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\\\\b</SessionCookieRegex><SessionCookieLifespan>32</SessionCookieLifespan><URLSessionTokenRegex></URLSessionTokenRegex><PostSessionTokenRegex></PostSessionTokenRegex><ResponseBodyTokenRegex></ResponseBodyTokenRegex><HTTPHeaderWithTokenReplacement></HTTPHeaderWithTokenReplacement><LogoutDetectionFrequency>60</LogoutDetectionFrequency><DiscoveryMaxLinks>100</DiscoveryMaxLinks><LoginMaxLinks>50</LoginMaxLinks><DiscoveryDepth>10</DiscoveryDepth><LoginDepth>10</LoginDepth><MaxMacroReloginAttempts>3</MaxMacroReloginAttempts><DiscoveryPrioritization>Login Form Discovery</DiscoveryPrioritization><LoginPrioritization>Login</LoginPrioritization><BootstrapDelay>60000</BootstrapDelay><SeedLink></SeedLink><DiscoverLoginForm>1</DiscoverLoginForm><UseBrowserFormLogin>1</UseBrowserFormLogin><PingFrequency>600</PingFrequency><PingURL></PingURL><ScopeConstraintList /><HmacConfig><HMACHeaderGeneratorDllFilename></HMACHeaderGeneratorDllFilename><HMACUsername></HMACUsername><HMACApiKey></HMACApiKey><HMACHashAlgorithm>32780</HMACHashAlgorithm></HmacConfig><OauthConfig><ResourceOwnerURL></ResourceOwnerURL><ResourceServerURL></ResourceServerURL><AuthorizationServerURL>/authorize</AuthorizationServerURL><ClientId></ClientId><ClientScope></ClientScope><ClientState></ClientState><ClientSecret></ClientSecret><RedirectURI></RedirectURI><Username></Username><Password></Password><UsernameForm></UsernameForm><PasswordForm></PasswordForm><ExtensionGrant></ExtensionGrant><AuthorizationGrantType>Null</AuthorizationGrantType><AzureResponseMode>NullAzureResponseMode</AzureResponseMode><AzureResourceUrl></AzureResourceUrl><AzurePrompt>NullAzurePrompt</AzurePrompt><AzureLoginHint></AzureLoginHint><AzureDomainHint></AzureDomainHint></OauthConfig><ADALConfig><ResourceId>https://graph.windows.net</ResourceId><Tenant></Tenant><ClientId></ClientId><Username></Username><Password></Password><TokenRefreshPeriod>0:10:01</TokenRefreshPeriod></ADALConfig><MacroFile><MacroFileName></MacroFileName><JavaScriptEngine>Internet Explorer</JavaScriptEngine><ShowInBrowser>0</ShowInBrowser><ReplaySpeed>1</ReplaySpeed><ASAPMode>1</ASAPMode><ASAPModeMinDelay>3000</ASAPModeMinDelay><ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro><AttackAsSequence>0</AttackAsSequence><SequenceConfig><ResetSession>1</ResetSession><AutoSequenceConfig>1</AutoSequenceConfig><ManualSequenceConfig><SequenceRequestList /></ManualSequenceConfig></SequenceConfig></MacroFile><WebServiceAuthConfig><Enabled>0</Enabled><AuthWSDL></AuthWSDL><AuthWebMethod></AuthWebMethod><GetAuthTokenXPath></GetAuthTokenXPath><PutAuthTokenXPath></PutAuthTokenXPath><ExtractAuthToken>1</ExtractAuthToken><WebServiceParameterList /></WebServiceAuthConfig><SeleniumFile><SeleniumFileName>C:\\\\Users\\\\user\\\\Postman\\\\files\\\\selenium.bat</SeleniumFileName></SeleniumFile><TrafficFile><TrafficFileName></TrafficFileName><TrafficFilePassword></TrafficFilePassword><AttackAsSequence>0</AttackAsSequence><BeginAttackRequest>0</BeginAttackRequest><EndAttackRequest>-1</EndAttackRequest></TrafficFile><BrowserFormLoginConfig><ShowInBrowser>0</ShowInBrowser><InitialNavigateEventDuration>10000</InitialNavigateEventDuration><FinalDelayEventDuration>20000</FinalDelayEventDuration></BrowserFormLoginConfig></AuthConfig><ProxyConfig><Type>Internet Explorer Settings</Type><HttpHost></HttpHost><HttpPort>0</HttpPort><HttpsHost></HttpsHost><HttpsPort>0</HttpsPort><PACFile></PACFile><Username /><Password></Password></ProxyConfig><RemediationConfig><DollarsPerHourAppDev>250</DollarsPerHourAppDev><DollarsPerHourServerAdmin>250</DollarsPerHourServerAdmin><DollarsPerHourDatabaseAdmin>250</DollarsPerHourDatabaseAdmin><SetupHoursAppDev>8</SetupHoursAppDev><SetupHoursServerAdmin>2</SetupHoursServerAdmin><SetupHoursDatabaseAdmin>8</SetupHoursDatabaseAdmin><MinHoursPerIssueAppDev>0.75</MinHoursPerIssueAppDev><MaxHoursPerIssueAppDev>1.25</MaxHoursPerIssueAppDev><MinHoursPerIssueServerAdmin>0.25</MinHoursPerIssueServerAdmin><MaxHoursPerIssueServerAdmin>1</MaxHoursPerIssueServerAdmin><MinHoursPerIssueDatabaseAdmin>0.75</MinHoursPerIssueDatabaseAdmin><MaxHoursPerIssueDatabaseAdmin>1.25</MaxHoursPerIssueDatabaseAdmin></RemediationConfig><SSLCertConfig><Type>NoCert</Type><File></File><Password></Password><Index>-3</Index><Name></Name><SerialNumber></SerialNumber><IssuerNameBase64></IssuerNameBase64><Pin></Pin><RequestPinAtStartup>0</RequestPinAtStartup><SetPinInterval>180</SetPinInterval></SSLCertConfig><NetworkSettingsConfig><CloseConnection>0</CloseConnection><MaxRetries>2</MaxRetries><MaxResponseSize>7000000</MaxResponseSize><ResolveTimeout>60000</ResolveTimeout><ConnectTimeout>60000</ConnectTimeout><WriteTimeout>60000</WriteTimeout><ReadTimeout>60000</ReadTimeout><AssumeDisconnectedTimeout>18000000</AssumeDisconnectedTimeout><DripDelayMilliSeconds>25</DripDelayMilliSeconds><MaxConsecutiveFailures>500</MaxConsecutiveFailures><CustomNetworkLib>0</CustomNetworkLib><SecureProtocols>SSL3|TLS1</SecureProtocols><RASPScanDataSinkHost></RASPScanDataSinkHost><RASPScanKickoffRESTHost></RASPScanKickoffRESTHost><RASPScanKickoffRESTEndpoint>advise_rasp_of_scan</RASPScanKickoffRESTEndpoint><RASPTimeout>0:03:00</RASPTimeout><NameToIPMapList /></NetworkSettingsConfig><PerformanceConfig><MaxConcurrentRequests>16</MaxConcurrentRequests><MaxBandwidthKB>1200</MaxBandwidthKB><MaxBrowserLimit>10</MaxBrowserLimit><MaxBrowserReuseCount>10</MaxBrowserReuseCount><MaxBrowserMemorySize>209715200</MaxBrowserMemorySize><MaxCPUUsage>50</MaxCPUUsage><MemoryCeiling>2800</MemoryCeiling><AntiDoS>0</AntiDoS><MonitorPerformanceUsage>1</MonitorPerformanceUsage><SingleThreadedScan>0</SingleThreadedScan><KillStrayIEInstances>0</KillStrayIEInstances><MinFreeDiskSpace>524288000</MinFreeDiskSpace><MaxMemoryUsagePercent>70</MaxMemoryUsagePercent><MaxThreadCount>400</MaxThreadCount><MaxBrowserProcessLifetime>240000</MaxBrowserProcessLifetime><MinDatabaseCompactInterval>900000</MinDatabaseCompactInterval><DatabaseCompactDuringScan>0</DatabaseCompactDuringScan><DatabaseCompactPostScan>0</DatabaseCompactPostScan></PerformanceConfig><SystemRecommendationsConfig><Enabled>1</Enabled><MinLogicalProcessors>2</MinLogicalProcessors><MinTotalPhysicalMemoryFor64Bit>4187593113</MinTotalPhysicalMemoryFor64Bit><MinAvailablePhysicalMemoryFor64Bit>2147483648</MinAvailablePhysicalMemoryFor64Bit><MinTotalPhysicalMemoryFor32Bit>2147483648</MinTotalPhysicalMemoryFor32Bit><MinAvailablePhysicalMemoryFor32Bit>1073741824</MinAvailablePhysicalMemoryFor32Bit><MinFreeDiskSpace>10737418240</MinFreeDiskSpace></SystemRecommendationsConfig><HTTPHeadersConfig><HttpProtocol>HTTP/1.1</HttpProtocol><Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept><AcceptCharset></AcceptCharset><AcceptEncoding>gzip, deflate</AcceptEncoding><AcceptLanguage>en-US</AcceptLanguage><Cookie></Cookie><UserAgent>Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36</UserAgent><OverwriteWithDefaultHeaders>0</OverwriteWithDefaultHeaders><CustomHeadersList /><TrafficHeaderList><TrafficHeader><Value>Authorization</Value></TrafficHeader><TrafficHeader><Value>X-XSRF-TOKEN</Value></TrafficHeader><TrafficHeader><Value>X-CSRF-Token</Value></TrafficHeader></TrafficHeaderList></HTTPHeadersConfig><ManualCrawlingConfig><TrafficFileList /></ManualCrawlingConfig><ParameterTrainingConfig><FormPopulation>Smart</FormPopulation><TrainingParameterList><TrainingParameter><PatternName>Username</PatternName><Types>text,textarea</Types><Language>en</Language><Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match><Value>%RANDALPHANUM%</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Password</PatternName><Types>password</Types><Language>en</Language><Match>password|passwd|pw|pwd</Match><Value>%RANDALPHANUM%$</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Social Security Number</PatternName><Types>text,textarea,password</Types><Language>en</Language><Match>SSN|social|security</Match><Value>987-65-4320</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Address</PatternName><Types>text,textarea</Types><Language>en</Language><Match>income</Match><Value>100000</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Address</PatternName><Types>text,textarea</Types><Language>en</Language><Match>address|street</Match><Value>600 Fairy Land Drive</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Apartment number</PatternName><Types>text,textarea</Types><Language>en</Language><Match>address|apartment|house</Match><Value>123</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>First name</PatternName><Types>text,textarea</Types><Language>en</Language><Match>name</Match><Value>John</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Last name</PatternName><Types>text,textarea</Types><Language>en</Language><Match>last[:space:]*name|surname</Match><Value>Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Full name</PatternName><Types>text,textarea</Types><Language>en</Language><Match>(your|full)[:space:]+name|name</Match><Value>John Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>User Signature</PatternName><Types>text,textarea</Types><Language>en</Language><Match>signature</Match><Value>John Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Middle name</PatternName><Types>text,textarea</Types><Language>en</Language><Match>middle[:space:]+name</Match><Value>L</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>City</PatternName><Types>text,textarea</Types><Language>en</Language><Match>city|town</Match><Value>Costa Mesa</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>County</PatternName><Types>text,textarea</Types><Language>en</Language><Match>county</Match><Value>Orange</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>State</PatternName><Types>text,textarea</Types><Language>en</Language><Match>state</Match><Value>CA</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Zip code</PatternName><Types>text,textarea</Types><Language>en</Language><Match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</Match><Value>92626</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Country</PatternName><Types>text,textarea,select</Types><Language>en</Language><Match>united[:space:]*states|country</Match><Value>US</Value><ValueMatch>us</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Phone number</PatternName><Types>text,textarea</Types><Language>en</Language><Match>tele[:space:]*phone|fax|phone</Match><Value>123-456-7890</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Phone area code</PatternName><Types>text,textarea</Types><Language>en</Language><Match>area[:space:]+code</Match><Value>123</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Company name</PatternName><Types>text,textarea</Types><Language>en</Language><Match>company|employer|organization</Match><Value>Example</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Email</PatternName><Types>text,textarea</Types><Language>en</Language><Match>e[-_]?mail([-_]?address)?</Match><Value>a%RANDALPHANUM%@example.com</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Birthday</PatternName><Types>text,textarea</Types><Language>en</Language><Match>birth[:space:]day|birth</Match><Value>12/25/1975</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Day</PatternName><Types>text,textarea,select</Types><Language>en</Language><Match>dd|day</Match><Value>25</Value><ValueMatch>25</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Month</PatternName><Types>text,textarea,select</Types><Language>en</Language><Match>mm|month</Match><Value>12</Value><ValueMatch>12|dec|d</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>FutureYear</PatternName><Types>text,textarea,select</Types><Language>en</Language><Match>2015|2016|2017</Match><Value>2016</Value><ValueMatch>2015|2016|2017</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>BirthYear</PatternName><Types>text,textarea,select</Types><Language>en</Language><Match>yyyy|year|1975|1970|1960|1950</Match><Value></Value><ValueMatch>1975|1970|1960|1950</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Past Date mm/dd/yyyy</PatternName><Types>text,textarea</Types><Language>en</Language><Match>(start|from)[-\\\\s_]*date</Match><Value>02/02/2003</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Future Date mm/dd/yy</PatternName><Types>text,textarea</Types><Language>en</Language><Match>mm/dd/yy</Match><Value>02/02/15</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Future Date mm/dd/yyyy</PatternName><Types>text,textarea</Types><Language>en</Language><Match>mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\\\\s_]*date</Match><Value>02/02/2015</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Old password</PatternName><Types>password</Types><Language>en</Language><Match>old[:space:]+password</Match><Value>%RANDALPHANUM%1'</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Accept terms</PatternName><Types>checkbox,radio</Types><Language>en</Language><Match><![CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]></Match><Value></Value><ValueMatch>yes|1|on</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Save login</PatternName><Types>checkbox,radio,select</Types><Language>en</Language><Match>save|remember</Match><Value></Value><ValueMatch>yes|1|on</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Remove item</PatternName><Types>checkbox,radio</Types><Language>en</Language><Match>remove|delete</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Search</PatternName><Types>text,textarea</Types><Language>en</Language><Match>keyword|search|query</Match><Value>water</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Quantity</PatternName><Types>text,textarea,select</Types><Language>en</Language><Match>quantity|amount|number|qty|num</Match><Value>3</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Number</PatternName><Types>text,textarea</Types><Language>en</Language><Match>number|count|nmr|cnt|rate|decimal|digit</Match><Value>21</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Account Number</PatternName><Types>text,textarea,select,radio,checkbox</Types><Language>en</Language><Match>account</Match><Value>20</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Shipping method</PatternName><Types>select,radio,checkbox</Types><Language>en</Language><Match>shipping|fedex|standard|ups</Match><Value></Value><ValueMatch>fedex|standard|ups</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Gift</PatternName><Types>checkbox</Types><Language>en</Language><Match>gift</Match><Value></Value><ValueMatch>yes|1|on</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Credit card number</PatternName><Types>text,textarea,password</Types><Language>en</Language><Match>credit[:space:]*card|card[:space:]*number</Match><Value>5105105105105100</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Credit card type</PatternName><Types>select,checkbox,radio</Types><Language>en</Language><Match>master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Credit card security code</PatternName><Types>text,textarea,password</Types><Language>en</Language><Match>security[:space:]*code|verification[:space:]*number</Match><Value>123</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>PIN</PatternName><Types>text,textarea,password</Types><Language>en</Language><Match>PIN</Match><Value>1234</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>CAPTCHA</PatternName><Types>text,textarea</Types><Language>en</Language><Match>code[:space:]*shown|captcha</Match><Value>%RANDALPHANUM%</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Size</PatternName><Types>select</Types><Language>en</Language><Match>size|xxl</Match><Value></Value><ValueMatch>(\\\\b(m|s|42)\\\\b</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Color</PatternName><Types>select</Types><Language>en</Language><Match>\\\\b(color|red|black)\\\\b</Match><Value>Blue</Value><ValueMatch>\\\\b(blue|red|black)\\\\b</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Price</PatternName><Types>text,textare</Types><Language>en</Language><Match>price</Match><Value>20</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Attention</PatternName><Types>text,textare</Types><Language>en</Language><Match>attention</Match><Value>John</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Gender</PatternName><Types>select,radio</Types><Language>en</Language><Match>gender|male|female</Match><Value>male</Value><ValueMatch>\\\\b(male|m|f)\\\\b</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Legal age</PatternName><Types>checkbox,radio</Types><Language>en</Language><Match>legal|\\\\d\\\\d[:space:]*years[:space:]*old</Match><Value>yes</Value><ValueMatch>\\\\b(on|1|yes)\\\\b</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Coupon code</PatternName><Types>text,textarea</Types><Language>en</Language><Match>promotion|coupon</Match><Value>%RANDALPHANUM%</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Send message</PatternName><Types>text,textarea</Types><Language>en</Language><Match>message|comment|complain|enquiry|review</Match><Value>comment</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Existing user</PatternName><Types>checkbox,radio</Types><Language>en</Language><Match>returning|existing|customer</Match><Value></Value><ValueMatch>\\\\b(on|1|yes)\\\\b</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Age</PatternName><Types>text,textarea</Types><Language>en</Language><Match>age|under|over</Match><Value>40</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Passphrase Hint</PatternName><Types>text,textarea</Types><Language>en</Language><Match>What make|pet's name|your father|high school|friend</Match><Value>What make was your first car?</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Passphrase Hint Answer</PatternName><Types>text,textarea</Types><Language>en</Language><Match>Answer</Match><Value>Ford</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Doctor name</PatternName><Types>text,textarea</Types><Language>en</Language><Match>doctor</Match><Value>John Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Website</PatternName><Types>text,textarea</Types><Language>en</Language><Match>website</Match><Value>www.example.com</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Address</PatternName><Types>text,textarea</Types><Language>de</Language><Match>adresse|strasse</Match><Value>600 Fairy Land Drive</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Apartment number</PatternName><Types>text,textarea</Types><Language>de</Language><Match>adresse|wohnung|haus</Match><Value>123</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>First name</PatternName><Types>text,textarea</Types><Language>de</Language><Match>name</Match><Value>John</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Last name</PatternName><Types>text,textarea</Types><Language>de</Language><Match>vorname|name</Match><Value>Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Full name</PatternName><Types>text,textarea</Types><Language>de</Language><Match>ihren namen|name</Match><Value>John Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>User Signature</PatternName><Types>text,textarea</Types><Language>de</Language><Match>unterschrift</Match><Value>John Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>City</PatternName><Types>text,textarea</Types><Language>de</Language><Match>stadt|stadt</Match><Value>Berlin</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Regierungsbezirke</PatternName><Types>text,textarea</Types><Language>de</Language><Match>regierungsbezirke</Match><Value>Berlin</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Zip code</PatternName><Types>text,textarea</Types><Language>de</Language><Match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</Match><Value>10115</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Country</PatternName><Types>text,textarea</Types><Language>de</Language><Match>\\\\b(deutschland|land)\\\\b</Match><Value>DE</Value><ValueMatch>\\\\bDE\\\\b</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Phone number</PatternName><Types>text,textarea</Types><Language>de</Language><Match>telefon|telefon|fax</Match><Value>(1234) 567890</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Phone area code</PatternName><Types>text,textarea</Types><Language>de</Language><Match>vorwahl</Match><Value>123</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Company name</PatternName><Types>text,textarea</Types><Language>de</Language><Match>unternehmen|arbeitgeber|organisation</Match><Value>Example</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Email</PatternName><Types>text,textarea</Types><Language>de</Language><Match>E[-_]Mailadresse|email|E[-_]Mail</Match><Value>a%RANDALPHANUM%@example.com</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Birthday</PatternName><Types>text,textarea</Types><Language>de</Language><Match>geburtstag|geburt</Match><Value>12/25/1975</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Day</PatternName><Types>text,textarea</Types><Language>de</Language><Match>tag</Match><Value>25</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Month</PatternName><Types>text,textarea</Types><Language>de</Language><Match>monat</Match><Value>12</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Year</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Jahr</Match><Value>2007</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>BirthYear</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Jahr|1975|1970|1960|1950</Match><Value>1975</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Past Date mm/dd/yy</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Datum|d.m.yyyy|dd.mm.yyyy</Match><Value>02.02.03</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Past Date mm/dd/yyyy</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Datum|mm/dd/yyyy</Match><Value>02/02/2003</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Future Date mm/dd/yy</PatternName><Types>text,textarea</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==</Match><Value>02/02/11</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Future Date mm/dd/yyyy</PatternName><Types>text,textarea</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5</Match><Value>02/02/2011</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Username</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Benutzername|Mitgliedsnamen|Benutzer</Match><Value>%RANDALPHANUM%</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Password</PatternName><Types>password</Types><Language>de</Language><Match>password|passwort|passwd</Match><Value>%RANDALPHANUM%1'</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Old password</PatternName><Types>password</Types><Language>de</Language><Match>alte[:space:]passwort</Match><Value>%RANDALPHANUM%1'</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Accept terms</PatternName><Types>checkbox,radio</Types><Language>de</Language><Match>Ich habe gelesen und akzeptiere|Ich habe gelesen und akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Remove item</PatternName><Types>checkbox,radio</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Search</PatternName><Types>text,textarea</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</Match><Value>water</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Quantity</PatternName><Types>text,textarea</Types><Language>de</Language><Match>qty|Menge|Betrag|Anzahl</Match><Value>3</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Number</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</Match><Value>21</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Account Number</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Konto</Match><Value>3456</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Shipping method</PatternName><Types>select</Types><Language>de</Language><Match>Versand</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Gift</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Geschenk</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Credit card number</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Kreditkarte|Kredit|Kartennummer</Match><Value>5105105105105100</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Credit card type</PatternName><Types>text,textarea</Types><Language>de</Language><Match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</Match><Value></Value><ValueMatch>Master</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Credit card security code</PatternName><Types>text,textarea</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGES3JlZGl0fFNpY2hlcmhlaXRzLUNvZGV8UHLDvGZudW1tZXI=</Match><Value>123</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>CAPTCHA</PatternName><Types>text,textarea</Types><Language>de</Language><Match>captcha</Match><Value>[%RANDALPHANUM%</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Back button</PatternName><Types>button,image,submit</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGEenVyw7xja3xyZXR1cm58c3Rvcm5pZXJlbnx2b3JoZXJpZ2V8d2VpdGVyIGVpbmthdWZlbg==</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Logout button</PatternName><Types>button,image,submi</Types><Language>de</Language><Match>Abmeldung|Abmeldung|ausloggen|(sign|log)-?(off|out)</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Login button</PatternName><Types>button,image,submi</Types><Language>de</Language><Match>(log|sign)-?in</Match><Value></Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Size</PatternName><Types>select</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGER3LDtnNzZXxYWEw=</Match><Value>m</Value><ValueMatch>m|s|42</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Color</PatternName><Types>select</Types><Language>de</Language><Match>Farbe</Match><Value>Blue</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Enter price</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Preis</Match><Value>20</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Attention</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Aufmerksamkeit</Match><Value>John</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Gender</PatternName><Types>select,radio,checkbox</Types><Language>de</Language><Match>Geschlecht|Herren</Match><Value>m</Value><ValueMatch>m|h</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Legal age</PatternName><Types>select,radio,checkbox</Types><Language>de</Language><Match>rechtliche|\\\\d\\\\d[:space:]*Jahre</Match><Value>ja</Value><ValueMatch>ja|yes|1|on</ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Coupon code</PatternName><Types>text,textarea</Types><Language>de</Language><Match>MJPYBZHSWwshWRRFSGWAGERsO2cmRlcnVuZ3xHdXRzY2hlaW4=</Match><Value>111</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Send message</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Nachricht|Kommentar|beschweren|Anfrage|Kritik</Match><Value>comment</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Age</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Alter|unter|mehr</Match><Value>40</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Passphrase Hint</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Was machen|Name des Haustieres|Ihr Vater</Match><Value>What make was your first car?</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Passphrase Hint Answer</PatternName><Types>text,textarea</Types><Language>de</Language><Match>beantworten</Match><Value>Ford</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter><TrainingParameter><PatternName>Doctor name</PatternName><Types>text,textarea</Types><Language>de</Language><Match>Arzt</Match><Value>John Johnson</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter></TrainingParameterList></ParameterTrainingConfig><AutoSequenceConfig><SequenceIgnoreExtensionList><SequenceIgnoreExtension><Value>js</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>css</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>doc</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>jpg</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>jpeg</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>gif</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>png</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>bmp</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>ico</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>exe</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>swf</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>mp3</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>wav</Value></SequenceIgnoreExtension><SequenceIgnoreExtension><Value>eot</Value></SequenceIgnoreExtension></SequenceIgnoreExtensionList><SequenceIgnoreContentTypeList><SequenceIgnoreContentType><Value>*font*</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>audio/*</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>image/*</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>video/*</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/pdf</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/zip</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/x-rar-compressed</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/x-dvi</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/x-shockwave-flash</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/msword</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/ogg</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/x-tar</Value></SequenceIgnoreContentType><SequenceIgnoreContentType><Value>application/octet-stream</Value></SequenceIgnoreContentType></SequenceIgnoreContentTypeList></AutoSequenceConfig><MacroConfig><SequentialMacroPlayback>1</SequentialMacroPlayback><MacroFileList /></MacroConfig><SeleniumConfig><ListenForOtherScripts>0</ListenForOtherScripts><SequentialSeleniumScriptPlayback>1</SequentialSeleniumScriptPlayback><SeleniumPort>32768</SeleniumPort><FirefoxProfile></FirefoxProfile><WebDriverForHtml>Chrome</WebDriverForHtml><SeleniumFileList /></SeleniumConfig><WebServiceConfig><Username></Username><Password></Password><ContentType></ContentType><WsdlRegex>([?]wsdl|[.]wsdl)$</WsdlRegex><AutoDiscoverWSDL>1</AutoDiscoverWSDL><WebServicesEnhancements>0</WebServicesEnhancements><PasswordOption>Hashed</PasswordOption><SwaggerHostName></SwaggerHostName><SwaggerParseFail>1</SwaggerParseFail><WsdlList /><SwaggerFileList /></WebServiceConfig><ReportConfig><GlobalDatabaseDSN></GlobalDatabaseDSN><GlobalDatabaseUID></GlobalDatabaseUID><GlobalDatabasePWD></GlobalDatabasePWD><Language>en</Language><BrandingDirectory></BrandingDirectory><XML>0</XML><AttackModulesJSON>1</AttackModulesJSON><CrawledLinksJSON>1</CrawledLinksJSON><WebAppScanSelectedChildrenJSON>1</WebAppScanSelectedChildrenJSON><ScanStatusJSON>1</ScanStatusJSON><WebSitesJSON>1</WebSitesJSON><CrawlResultsJSON>1</CrawlResultsJSON><FormsJSON>1</FormsJSON><WebResourcesJSON>1</WebResourcesJSON><AttackVectorsJSON>1</AttackVectorsJSON><FindingsJSON>1</FindingsJSON><UserMessageLogEntriesJSON>1</UserMessageLogEntriesJSON><AttackLocationsJSON>1</AttackLocationsJSON><VulnerabilitiesSummaryXML>1</VulnerabilitiesSummaryXML><VulnerabilitiesSummaryJSON>0</VulnerabilitiesSummaryJSON><BrowserLinksJSON>1</BrowserLinksJSON><CrawledLinksXML>0</CrawledLinksXML><Index>1</Index><ExecutiveSummary>1</ExecutiveSummary><AllLinks>1</AllLinks><AppThreatModeling>1</AppThreatModeling><BestPractices>1</BestPractices><Reflection>1</Reflection><RemediationSummary>1</RemediationSummary><Resources>0</Resources><ResourceDetails>0</ResourceDetails><ResourceSummaryBreakdown>0</ResourceSummaryBreakdown><Application>1</Application><Server>1</Server><Database>1</Database><BySite>0</BySite><SiteLinks>1</SiteLinks><StatusAndConfig>1</StatusAndConfig><Vulnerabilities>1</Vulnerabilities><VulnerabilitiesByUrlStandAlone>0</VulnerabilitiesByUrlStandAlone><DISASTIG>1</DISASTIG><FISMA>1</FISMA><CWESANS>1</CWESANS><GLB>1</GLB><HIPAA>1</HIPAA><OWASP2007>0</OWASP2007><OWASP2010>0</OWASP2010><OWASP2013>0</OWASP2013><OWASP2017>1</OWASP2017><PCI>0</PCI><PCI30></PCI30><PCI31>1</PCI31><SOX>1</SOX><Privacy>1</Privacy><Comments>1</Comments><Cookies>1</Cookies><PDF>0</PDF><ZipReport>1</ZipReport><ValidateApplet>1</ValidateApplet><IncludeDbInZip>0</IncludeDbInZip><DisableBigReportPagesThreshold>10000</DisableBigReportPagesThreshold><AesEncryptPassword></AesEncryptPassword><Metadata></Metadata><Confidence>1</Confidence></ReportConfig><WAFConfig><Snort>1</Snort><Imperva>1</Imperva><ModSec>1</ModSec><SnortMode>Alert</SnortMode></WAFConfig><ScheduleConfig><Enabled>0</Enabled><PauseTime>2019-01-04 03:26:41</PauseTime><ResumeTime>2019-01-04 03:26:41</ResumeTime><MaxRunTime>43469 Days, 3:26:41</MaxRunTime></ScheduleConfig><SiteTechnologyConfig><Autodetect>1</Autodetect><ServerPerformance>Unknown</ServerPerformance><LanguageList /><RegionList /><TechnologyTargets><OperatingSystemList /><DatabaseList /><FrameworkList /><ClientLanguageList /><ServerLanguageList /><WebServerList /><WebAppServerList /></TechnologyTargets></SiteTechnologyConfig><OneTimeTokenConfig><AutoDetectCSRF>1</AutoDetectCSRF><MaxTokenLifetime>1899-12-30 00:00:00</MaxTokenLifetime><ExpirationRegex></ExpirationRegex><TokenNameRegex>csrf</TokenNameRegex><TokenValueRegex></TokenValueRegex></OneTimeTokenConfig><CVSSConfig><CollateralDamagePotential>Not Defined</CollateralDamagePotential><TargetDistribution>Not Defined</TargetDistribution><ConfidentialityRequirement>Not Defined</ConfidentialityRequirement><IntegrityRequirement>Not Defined</IntegrityRequirement><AvailabilityRequirement>Not Defined</AvailabilityRequirement><AccessVector>Not Defined</AccessVector><AccessComplexity>Not Defined</AccessComplexity><CvssAuthentication>Not Defined</CvssAuthentication></CVSSConfig><ParameterParserConfig><EnableBase64ParameterValues>1</EnableBase64ParameterValues><MultiRegexURLParserConfigList /><StandardURLParserConfig><PathNameValueDelimiters>=.</PathNameValueDelimiters><PathParameterDelimiters>/;</PathParameterDelimiters><QueryNameValueDelimiters>=</QueryNameValueDelimiters><QueryParameterDelimiters><![CDATA[&]]></QueryParameterDelimiters><PathParamsValueRegex>\\\\d+</PathParamsValueRegex><StartPathParamsPosition>-1</StartPathParamsPosition></StandardURLParserConfig></ParameterParserConfig><ParameterValueConfig><ParameterValueList /></ParameterValueConfig></ScanConfig>",6"Id": null,7"Name": "SeleniumConfig",8"ClientId": "9e41eefa-18d0-41d7-b786-653b40a06f8d",9"EngineGroupId": "e6483e35-1a5e-460a-98b1-0618d5042dab",10"Monitoring": false,11"IsApproveRequired": false12}
Response status code | Reason | Description |
---|---|---|
200 | Scan config created | |
400 | InvalidJsonSchema | Required parameters not provided |
400 | ConfigNotFound | Scan config with Id not found |
400 | ConfigNameIsNotUnique | Scan config with the same name already exist in the client |
Response example:
JSON scheme:
1{2"type": "object",3"properties": {4"IsSuccess": {5"type": "boolean",6"required": true7},8"ErrorMessage": {9"type": ["string", "null"],10"required": true11},12"Reason": {13"type": ["string", "null"],14"required": true15}16{,17"additionalProperties": false18}
/AppSpiderEnterprise/rest/v1/Config/DeleteConfigs
Description
Deletes a scan config
Parameters
Name | Type | Required | Description |
---|---|---|---|
configIds | guid[] | Y | Scan config IDs |
deleteReport | bool | N(false) | Remove all reports related to scan configs |
deletePendingScan | bool | N(false) | Remove all pending scans related to scan configs |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Scan config removed | |
400 | InvalidJsonSchema | Required parameters not provided |
Response example:
JSON schema:
1{2"type": "object",3"properties": {4"IsSuccess": {5"type": "boolean",6"required": true7},8"ErrorMessage": {9"type":["string", "null"],10"required": true11},12"Reason": {13"type": ["string", "null"],14"required": true15}16},17"additionalProperties": false18}19
/AppSpiderEnterprise/rest/v1/Config/GetConfigs
Description
Retrieves all scan configs for the client
Parameters
No parameters
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of scan configs |
Response example:
JSON schema:
1{2"type": "object",3"properties": {4"Configs": {5"type": "array",6"items": {7"type": "object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"Name": {14"type":"string",15"required": true16},17"ClientId": {18"type":"string",19"required": true20},21"EngineGroupId": {22"type":"string",23"required": true24},25"Monitoring": {26"type": "boolean",27"required": true28},29"IsApproveRequired": {30"type": "boolean",31"required": true32},33"DefendEnabled": {34"type": "boolean",35"required": true36},37"MonitoringDelay": {38"type": "integer",39"required": true40},41"MonitoringTriggerScan": {42"type": "boolean",43"required": true44},45"Xml": {46"type": "string",47"required": true48}49}50},51"additionalProperties": false52},53"IsSuccess": {54"type": "boolean",55"required": true56},57"ErrorMessage": {58"type":["string", "null"],59"required": true60},61"Reason": {62"type":["string", "null"],63"required": true64}65},66"additionalProperties": false67}
/AppSpiderEnterprise/rest/v1/Config/GetConfigs
Description
Retrieves all scan configs for the client using paging
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
page | int | Y | The page of results to return (page starts at 0) |
pageSize | int | Y | The number of results to return per page |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of scan configs |
Response example:
json
1{2"type": "object",3"properties": {4"Configs": {5"type": "array",6"items": {7"type": "object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"Name": {14"type":"string",15"required": true16},17"ClientId": {18"type":"string",19"required": true20},21"EngineGroupId": {22"type":"string",23"required": true24},25"Monitoring": {26"type": "boolean",27"required": true28},29"IsApproveRequired": {30"type": "boolean",31"required": true32},33"DefendEnabled": {34"type": "boolean",35"required": true36},37"MonitoringDelay": {38"type": "integer",39"required": true40},41"MonitoringTriggerScan": {42"type": "boolean",43"required": true44},45"Xml": {46"type": "string",47"required": true48}49}50},51"additionalProperties": false52},53"IsSuccess": {54"type": "boolean",55"required": true56},57"ErrorMessage": {58"type":["string", "null"],59"required": true60},61"Reason": {62"type":["string", "null"],63"required": true64}65},66"additionalProperties": false67}
/AppSpiderEnterprise/rest/v1/Config/GetConfigs
Description
Retrieves the list of scan configs for the client by the target id
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
targetId | guid[] | Y | The target id |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of scan configs | |
400 | ConfigNotFound | No Scan configs exist for target id |
Response example:
json
1{2"type": "object",3"properties": {4"Configs": {5"type": "array",6"items": {7"type": "object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"Name": {14"type":"string",15"required": true16},17"ClientId": {18"type":"string",19"required": true20},21"EngineGroupId": {22"type":"string",23"required": true24},25"Monitoring": {26"type": "boolean",27"required": true28},29"IsApproveRequired": {30"type": "boolean",31"required": true32},33"DefendEnabled": {34"type": "boolean",35"required": true36},37"MonitoringDelay": {38"type": "integer",39"required": true40},41"MonitoringTriggerScan": {42"type": "boolean",43"required": true44},45"Xml": {46"type": "string",47"required": true48}49}50},51"additionalProperties": false52},53"IsSuccess": {54"type": "boolean",55"required": true56},57"ErrorMessage": {58"type":["string", "null"],59"required": true60},61"Reason": {62"type":["string", "null"],63"required": true64}65},66"additionalProperties": false67}
/AppSpiderEnterprise/rest/v1/Config/GetConfigs
Description
Retrieves the list of scan configs for the client by the target id using paging
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
targetId | guid[] | Y | The target id |
page | int | Y | The page of results to return (page starts at 0) |
pageSize | int | Y | The number of results to return per page |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of scan configs | |
400 | ConfigNotFound | No Scan configs exist for target id |
Response example:
json
1{2"type": "object",3"properties": {4"Configs": {5"type": "array",6"items": {7"type": "object",8"properties": {9"Id": {10"type":"string",11"required": true12},13"Name": {14"type":"string",15"required": true16},17"ClientId": {18"type":"string",19"required": true20},21"EngineGroupId": {22"type":"string",23"required": true24},25"Monitoring": {26"type": "boolean",27"required": true28},29"IsApproveRequired": {30"type": "boolean",31"required": true32},33"DefendEnabled": {34"type": "boolean",35"required": true36},37"MonitoringDelay": {38"type": "integer",39"required": true40},41"MonitoringTriggerScan": {42"type": "boolean",43"required": true44},45"Xml": {46"type": "string",47"required": true48}49}50},51"additionalProperties": false52},53"IsSuccess": {54"type": "boolean",55"required": true56},57"ErrorMessage": {58"type":["string", "null"],59"required": true60},61"Reason": {62"type":["string", "null"],63"required": true64},65"TotalCount": {66"type": "integer",67"required": true68},69"TotalPages": {70"type": "integer",71"required": true72},73"Links": {74"type": "array",75"items": {76"Rel": {77"type":["string", "null"],78"required": true79},80"Href": {81"type":["string", "null"],82"required": true83}84}85}86},87},88"additionalProperties": false89}
/AppSpiderEnterprise/rest/v1/Config/GetConfig
Description
Retrieves scan config for the client
Parameters
Parameters | Type | Required | Description |
---|---|---|---|
id | guid[] | Y | Scan config ID |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the scan config | |
400 | InvalidJsonSchema | Required parameters not provided |
400 | ConfigNotFound | Scan config with "id" not found in client |
Response example:
JSON schema:
1{2"type": "object",3"properties": {4"IsSuccess": {5"type": "boolean",6"required": true7},8"Config": {9"type": ["object", "null"],10"required": true,11"properties": {12"Id": {13"type": "string",14"required": true15},16"Name": {17"type": "string",18"required": true19},20"ClientId": {21"type": "string",22"required": true23},24"EngineGroupId": {25"type": "string",26"required": true27},28"Monitoring": {29"type": "boolean",30"required": true31},32"IsApproveRequired": {33"type": "boolean",34"required": true35},36"DefendEnabled": {37"type": "boolean",38"required": true39},40"MonitoringDelay": {41"type": "integer",42"required": true43},44"MonitoringTriggerScan": {45"type": "boolean",46"required": true47},48"Xml": {49"type": "string",50"required": true51}52},53"additionalProperties": false54},55"ErrorMessage": {56"type": ["string", "null"],57"required": true58},59"Reason": {60"type": ["string", "null"],61"required": true62}63},64"additionalProperties": false65}
/AppSpiderEnterprise/rest/v1/Config/GetAttachment
Description
Retrieves auxiliary files (such as macro, traffic recording, etc), referenced in the scan configuration
Parameters
Name | Type | Required | Description |
---|---|---|---|
configId | guid[] | Y | Scan config ID |
fileName | string | Y | Name of requested file |
fileType | string | Y | File type. Values are: "Authentication", "Certificate", "Crawling", "Selenium", "Traffic", "Wsdl" |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the scan config attachment | |
400 | InvalidJsonSchema | Required parameters not provided |
400 | ConfigNotFound | Scan config with 'configId' not found in client |
400 | FileNotFound | File with 'name' and 'fileType' not found or user has no access to config |
Response example: File response from valid request. If error occurred
JSON schema:
1{2"type": "object",3"properties": {4"IsSuccess": {5"type": "boolean",6"required": true7},8"ErrorMessage": {9"type": ["string", "null"],10"required": true11},12"Reason": {13"type": ["string", "null"],14"required": true15}16},17"additionalProperties": false18}
/AppSpiderEnterprise/rest/v1/Config/GetAttachments
Description
Retrieves auxiliary files (such as macro, traffic recording, etc), referenced in the scan configuration
Parameters
Name | Type | Required | Description |
---|---|---|---|
configId | guid[] | Y | Scan config ID |
Response Messages
Response status code | Reason | Description |
---|---|---|
200 | Response contains the list of scan config attachments | |
400 | InvalidJsonSchema | Required parameters not provided |
400 | ConfigNotFound | Scan config with 'id' not found in client or user has no access to config |
400 | FileNotFound | Files related to configs are not found on the server |
Response example: ZIP file results from valid request. If error occurred
JSON schema:
1{2"type": "object",3"properties": {4"IsSuccess": {5"type": "boolean",6"required": true7},8"ErrorMessage": {9"type": ["string", "null"],10"required": true11},12"Reason": {13"type": ["string", "null"],14"required": true15}16},17"additionalProperties": false18}