Scan Configuration Operations

Credential Warning

Note: client account permissions required to modify scan configurations. Configs will be restricted to the client that the user has access to. The user account should have "Config Manager" permissions to work with configs.

post

/AppSpiderEnterprise/rest/v1/Config/SaveConfig

Description

Creates a new scan configuration

Parameters

The config is send as part of a multipart/form-data request. And any associated files will be sent in the request.

Name

Type

Required

Description

config

text

Y

Contains a set of parameters necessary to create a scan sconfig, see table below.

fileType

file

N

The name of the file type which is associated with the config, for example, if the config requires a selenium authentication file, the name of this parameter is selenium and you would attach the selenium file.

The parmeters which need to be included in the config are detailed in the table below.

Name

Type

Required

Description

id

guid[]

N

If id not provided new config will be created. If id provided config update performed.

xml

string

Y

Scan config xml file. Config name should be unique in the client.

defendEnabled

bool

N(false)

AppSpider Defend enabled

monitoring

bool

N(false)

Monitoring scanning enabled

monitoringDelay

int

N(0)

Delay between monitoring scans in hours. Possible values are 1 (hour), 24 (day), 168 (week), 720 (month)

monitoringTriggerScan

bool

N(false)

Monitoring scan triggers attack scan if changes found

name

string

Y

Config name

engineGroupId

guid[]

Y

Engine group id for scan config

isApproveRequired

bool

N(false)

Approve required property

Note that the XML config must be embedded in the JSON request, the body of the request must be of type "form-data", and that a "config" key must contain the configuration in XML format.

If you wish to send an associated file with the request, there must be a reference made to the xml in the <ScanConfig>, for example with a selenium authentication file, the following xml must be provide the path of the file

xml
1
<SeleniumFile>
2
<SeleniumFileName>
3
C:\\\\Users\\\\user\\\\Postman\\\\files\\\\selenium.bat
4
</SeleniumFileName>
5
</SeleniumFile>

A full breakout of all XML elements contained in a ScanConfig can be found at Scan Configuration Parameters

JSON Request example
JSON
1
"config": {
2
"DefendEnabled": false,
3
"MonitoringDelay": 0,
4
"MonitoringTriggerScan": false,
5
"Xml": "<scanconfig><name>SeleniumConfig</name><appversion>7.0</appversion><log>1</log><detailedlogging>0</detailedlogging><includetraffic>0</includetraffic><windowserrors>0</windowserrors><usesystemdsn>0</usesystemdsn><recrawl>0</recrawl><pauseonrecoverableerror>1</pauseonrecoverableerror><executecommandlineurl></executecommandlineurl><notifyscandoneurl></notifyscandoneurl><javascriptengine>Chrome</javascriptengine><maxdatabasesize>1073741824</maxdatabasesize><maxtrafficfiles>0</maxtrafficfiles><scanmoduleparameterslist><domainnamelist><crawlconfig><maxdomain>100</maxdomain><maxcrawlresults>5000</maxcrawlresults><maxperwebsitecrawlresults>-1</maxperwebsitecrawlresults><maxperdircrawlresults>500</maxperdircrawlresults><maxperlinkcrawlresults>50</maxperlinkcrawlresults><maxpernormalizedlinkcrawlresult>100</maxpernormalizedlinkcrawlresult><maxperdirchildnodes>300</maxperdirchildnodes><maxblacklistextcrawlresults>100</maxblacklistextcrawlresults><maxattackfeedbacklinkscount>300</maxattackfeedbacklinkscount><maxperfilenamecrawlresults>250</maxperfilenamecrawlresults><recursiondepth>2</recursiondepth><maxdirdepth>15</maxdirdepth><discoverydepth>-1</discoverydepth><urlrepetitiontolerance>25</urlrepetitiontolerance><sequencerepetitiontolerance>5</sequencerepetitiontolerance><maxreportedimages>500</maxreportedimages><maxreportedlinks>2500</maxreportedlinks><maxreportedcomments>500</maxreportedcomments><maxreportedscripts>500</maxreportedscripts><maxreportedemails>500</maxreportedemails><maxreportedforms>500</maxreportedforms><maxbrowserpagewaittimeout>60000</maxbrowserpagewaittimeout><maxbrowserwaittillrequesttimeout>4000</maxbrowserwaittillrequesttimeout><maxbrowserdomdepth>4</maxbrowserdomdepth><maxbrowsereventsperlink>600</maxbrowsereventsperlink><maxbrowsereventspercrawlresult>400</maxbrowsereventspercrawlresult><maxbrowsereventsperdom>100</maxbrowsereventsperdom><maxbrowsernonewresourcedomcount>400</maxbrowsernonewresourcedomcount><notinsertedlinkcountthreshold>2</notinsertedlinkcountthreshold><maxcookiesfromjavascript>100</maxcookiesfromjavascript><maxcookiessamenamefromjavascript>10</maxcookiessamenamefromjavascript><crawlprioritization>Smart</crawlprioritization><filenotfoundregex>(page|resource) (you requested )?(was not|cannot be) found|Page not found|404(.0)? - ((File (or directory )?not found)|(Not Found))|HTTP Status 404|404 Not Found</filenotfoundregex><servererrorregex></servererrorregex><invalidurlregexattack><!--[CDATA[['\\\"\\\\(\\\\)<>]|\\\\d([-+]|%2[bd])\\\\d|repeat\\\\(|alert\\\\(|/x\\\\w{7}\\\\.txt|window.location|%20(AND|OR)%20|%3cscript|(ping|echo)%20|javascript(%3a|:)|%0d%0a]]--></invalidurlregexattack><invalidurlregexcrawl><!--[CDATA[(([ ]|%20)(MOD|ASC|DESC)([ ]|%20)|(<|%3c)(a|div|script|style|iframe|img|svg)|[?&=]x[a-z0-9]{7}$|C=N;O=D|\\\\?C=M)|(ping|echo)%20|javascript(%3a|:)|%0d%0ax]]--></invalidurlregexcrawl><prioritylinksregex>(auth|log[ -]?(in|on)|sign[ -]?(in|on)|profile|account|transfer|admin)</prioritylinksregex><lockcookies>0</lockcookies><casesensitivity>Case Sensitive</casesensitivity><uniqueurlsacrosswebsites>0</uniqueurlsacrosswebsites><savereferences>0</savereferences><usebrowser>1</usebrowser><showbrowser>0</showbrowser><stayonport>0</stayonport><restricttomacro>0</restricttomacro><restricttomanualcrawling>0</restricttomanualcrawling><restricttoseedlist>0</restricttoseedlist><restricttowebservice>0</restricttowebservice><restricttoselenium>0</restricttoselenium><restricttoswagger>0</restricttoswagger><importcookiesfromtraffic>0</importcookiesfromtraffic><pageequalthreshhold>0.95</pageequalthreshhold><pagesimilarthreshhold>0.8</pagesimilarthreshhold><experimentalcrawling>Disabled</experimentalcrawling><flash>1</flash><enableadvancedparsers>1</enableadvancedparsers><searchforurls>1</searchforurls><cookiecommaseparator>1</cookiecommaseparator><maxwebresourcesoverhead>1000</maxwebresourcesoverhead><seedurllist><seedurl><value>http://www.webscantest.com/</value></seedurl></seedurllist><scopeconstraintlist><scopeconstraint><url>http://www.webscantest.com/*</url><method>All</method><matchcriteria>Wildcard</matchcriteria><exclusion>Include</exclusion><httpparameterlist></httpparameterlist></scopeconstraint><scopeconstraint><url>http://*.www.webscantest.com/*</url><method>All</method><matchcriteria>Wildcard</matchcriteria><exclusion>Include</exclusion><httpparameterlist></httpparameterlist></scopeconstraint></scopeconstraintlist><blacklistextensionlist><blacklistextension><value>css</value></blacklistextension><blacklistextension><value>axd</value></blacklistextension></blacklistextensionlist><graylistextensionlist><graylistextension><value>pdf</value></graylistextension><graylistextension><value>doc</value></graylistextension><graylistextension><value>jpg</value></graylistextension><graylistextension><value>jpeg</value></graylistextension><graylistextension><value>gif</value></graylistextension><graylistextension><value>png</value></graylistextension><graylistextension><value>bmp</value></graylistextension><graylistextension><value>ico</value></graylistextension><graylistextension><value>js</value></graylistextension><graylistextension><value>tiff</value></graylistextension><graylistextension><value>eot</value></graylistextension><graylistextension><value>ttf</value></graylistextension><graylistextension><value>mid</value></graylistextension><graylistextension><value>midi</value></graylistextension><graylistextension><value>mp3</value></graylistextension><graylistextension><value>mpeg</value></graylistextension><graylistextension><value>wav</value></graylistextension><graylistextension><value>avi</value></graylistextension><graylistextension><value>woff</value></graylistextension><graylistextension><value>svg</value></graylistextension></graylistextensionlist><binaryextensionlist><binaryextension><value>fla</value></binaryextension><binaryextension><value>swf</value></binaryextension><binaryextension><value>pdf</value></binaryextension><binaryextension><value>doc</value></binaryextension><binaryextension><value>jpg</value></binaryextension><binaryextension><value>jpeg</value></binaryextension><binaryextension><value>gif</value></binaryextension><binaryextension><value>png</value></binaryextension><binaryextension><value>bmp</value></binaryextension><binaryextension><value>ico</value></binaryextension><binaryextension><value>dll</value></binaryextension><binaryextension><value>exe</value></binaryextension><binaryextension><value>eot</value></binaryextension><binaryextension><value>ttf</value></binaryextension><binaryextension><value>mp3</value></binaryextension><binaryextension><value>mp4</value></binaryextension><binaryextension><value>wav</value></binaryextension><binaryextension><value>woff</value></binaryextension><binaryextension><value>svg</value></binaryextension></binaryextensionlist><textextensionlist><textextension><value>txt</value></textextension><textextension><value>js</value></textextension><textextension><value>css</value></textextension><textextension><value>json</value></textextension></textextensionlist><binarycontenttypelist><binarycontenttype><value>audio/*</value></binarycontenttype><binarycontenttype><value>image/*</value></binarycontenttype><binarycontenttype><value>video/*</value></binarycontenttype><binarycontenttype><value>application/pdf</value></binarycontenttype><binarycontenttype><value>application/zip</value></binarycontenttype><binarycontenttype><value>application/x-rar-compressed</value></binarycontenttype><binarycontenttype><value>application/x-dvi</value></binarycontenttype><binarycontenttype><value>application/x-shockwave-flash</value></binarycontenttype><binarycontenttype><value>application/msword</value></binarycontenttype><binarycontenttype><value>application/ogg</value></binarycontenttype><binarycontenttype><value>application/x-tar</value></binarycontenttype><binarycontenttype><value>application/octet-stream</value></binarycontenttype></binarycontenttypelist><htmlcontenttypelist><htmlcontenttype><value>text/html</value></htmlcontenttype><htmlcontenttype><value>html/*</value></htmlcontenttype><htmlcontenttype><value>application/xhtml+xml</value></htmlcontenttype></htmlcontenttypelist><textcontenttypelist><textcontenttype><value>text/plain</value></textcontenttype><textcontenttype><value>text/csv</value></textcontenttype><textcontenttype><value>text/css</value></textcontenttype><textcontenttype><value>text/javascript</value></textcontenttype><textcontenttype><value>application/javascript</value></textcontenttype><textcontenttype><value>application/x-javascript</value></textcontenttype><textcontenttype><value>application/json</value></textcontenttype><textcontenttype><value>application/x-httpd-php-source</value></textcontenttype></textcontenttypelist><xmlcontenttypelist><xmlcontenttype><value>application/xml-dtd</value></xmlcontenttype><xmlcontenttype><value>text/xml</value></xmlcontenttype><xmlcontenttype><value>application/soap+xml</value></xmlcontenttype><xmlcontenttype><value>application/xml</value></xmlcontenttype></xmlcontenttypelist><domrestrictionslist><browserdownloadwhitelistlist><browserdownloadwhitelist><value>*.css</value></browserdownloadwhitelist><browserdownloadwhitelist><value>*.js</value></browserdownloadwhitelist><browserdownloadwhitelist><value>*.xml</value></browserdownloadwhitelist><browserdownloadwhitelist><value>*.dtd</value></browserdownloadwhitelist><browserdownloadwhitelist><value>*.axd</value></browserdownloadwhitelist><browserdownloadwhitelist><value>*.json</value></browserdownloadwhitelist><browserdownloadwhitelist><value>*/js/*</value></browserdownloadwhitelist><browserdownloadwhitelist><value>*/css/*</value></browserdownloadwhitelist></browserdownloadwhitelistlist><browserdonotdownloadextensionlist><browserdonotdownloadextension><value>pdf</value></browserdonotdownloadextension><browserdonotdownloadextension><value>doc</value></browserdonotdownloadextension><browserdonotdownloadextension><value>jpg</value></browserdonotdownloadextension><browserdonotdownloadextension><value>jpeg</value></browserdonotdownloadextension><browserdonotdownloadextension><value>gif</value></browserdonotdownloadextension><browserdonotdownloadextension><value>png</value></browserdonotdownloadextension><browserdonotdownloadextension><value>bmp</value></browserdonotdownloadextension><browserdonotdownloadextension><value>ico</value></browserdonotdownloadextension><browserdonotdownloadextension><value>exe</value></browserdonotdownloadextension><browserdonotdownloadextension><value>swf</value></browserdonotdownloadextension><browserdonotdownloadextension><value>mp3</value></browserdonotdownloadextension><browserdonotdownloadextension><value>mp4</value></browserdonotdownloadextension><browserdonotdownloadextension><value>wav</value></browserdonotdownloadextension><browserdonotdownloadextension><value>eot</value></browserdonotdownloadextension><browserdonotdownloadextension><value>ttf</value></browserdonotdownloadextension><browserdonotdownloadextension><value>woff</value></browserdonotdownloadextension><browserdonotdownloadextension><value>ico</value></browserdonotdownloadextension><browserdonotdownloadextension><value>svg</value></browserdonotdownloadextension></browserdonotdownloadextensionlist><browserdonotdownloadcontenttypelist><browserdonotdownloadcontenttype><value>audio/*</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>image/*</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>video/*</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/pdf</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/zip</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/x-rar-compressed</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/x-dvi</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/x-shockwave-flash</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/msword</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/ogg</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/x-tar</value></browserdonotdownloadcontenttype><browserdonotdownloadcontenttype><value>application/octet-stream</value></browserdonotdownloadcontenttype></browserdonotdownloadcontenttypelist><lockedcookielist><frameworkscrawlconfig><enableframeworkscrawling>1</enableframeworkscrawling><reactjsdetectionregex></reactjsdetectionregex></frameworkscrawlconfig></lockedcookielist></domrestrictionslist></crawlconfig><attackerconfig><parameterstoattackbeforelimitingattacks>400</parameterstoattackbeforelimitingattacks><linkstoattackbeforelimitingattacks>200</linkstoattackbeforelimitingattacks><maxsamenameparameterattackpoints>25</maxsamenameparameterattackpoints><maxsamecookieparameterattackpoints>15</maxsamecookieparameterattackpoints><maxsamenameparameterattackpointsperlink>2</maxsamenameparameterattackpointsperlink><maxparameterattackpointsperlink>50</maxparameterattackpointsperlink><maxnormalizedsamenameparameterattackpointsperlink>4</maxnormalizedsamenameparameterattackpointsperlink><applyglobalfindingssettings>1</applyglobalfindingssettings><applycrawlerconstraints>1</applycrawlerconstraints><maxnumberofscheduledpassiveattacks>1000000</maxnumberofscheduledpassiveattacks><mincookielifetimeforattacks>3600</mincookielifetimeforattacks><excludelowconfidencefindings>0</excludelowconfidencefindings><scopeconstraintlist><defaultdonotattackparamlist><defaultdonotattackparam><parametername>^_*(ASP[.]NET_SessionId|VSTATE|VIEWSTATE(ENCRYPTED|FIELDCOUNT|GENERATOR|[0-9]*)|EVENT(VALIDATION|TTARGET|ARGUMENT)|COMPRESSEDVIEWSTATE|LASTFOCUS|CALLBACK(ID|FRAME|LOADSCRIPT|PARAM|INDEX)|SCROLLPOSITIONX|SCROLLPOSITIONY|utm.*|submit[.][x|y]|_ga|_gat|__utm[a|b|c|t|z|v|x])$</parametername><matchcriteria>Regex</matchcriteria></defaultdonotattackparam></defaultdonotattackparamlist><userdonotattackparamlist></userdonotattackparamlist></scopeconstraintlist></attackerconfig><attackpolicyconfig><policy>Crawl only</policy><attackprioritization>Smart</attackprioritization><attackdepth>Smart</attackdepth><enableadvancedattacks>0</enableadvancedattacks><falsepositiveregex></falsepositiveregex><falsepositivefindingregex></falsepositivefindingregex><rootcauseidexcludelist></rootcauseidexcludelist><attackonlycontrollingheaders>1</attackonlycontrollingheaders><enforceencoding>0</enforceencoding><attackpoints>Web Site|Directory|File|Web Resource|Parameter|Response Analysis</attackpoints><parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><attackmodulepolicylist><attackmodulepolicy><enabled>0</enabled><moduleid>C0B05B9C334341B180D2494235FF8F99</moduleid><modulepriority>High</modulepriority><severity>Informational</severity><maxvulnlimit>10</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Anonymous Access</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>59597A25A9504D5AAD20B74A4DCCABB7</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>25</maxperwebsitevulnlimit><maxvariancelimit>3</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Directory|File|Web Resource|Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Apache Struts 2 Framework Checks</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>9F6600FB2E7840E48B156790FEFAC10A</moduleid><modulepriority>High</modulepriority><severity>Informational</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>25</maxperwebsitevulnlimit><maxvariancelimit>3</maxvariancelimit><passiveanalysisonattacks>1</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Apache Struts Detection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>929E08F60E084936B12C984ED0F5F47C</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>25</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Arbitrary File Upload</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>719FF94DEF014D29B16234909941E48E</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Directory</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>ASP.NET Misconfiguration</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>B7CEE386C7C64618A510F3F8FED5400B</moduleid><modulepriority>Medium</modulepriority><severity>High</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>ASP.NET Serialization</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>865E5CE0E5144D3E899B825EC8603969</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Autocomplete attribute</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>13B4C758BA174200885A29CBA7346165</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Browser Cache directive (web application performance)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>E33B272027B844D5BBB8EDE541983474</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>150</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Browser Cache directive (leaking sensitive information)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>A8091DB7769C49ED9E844B9F19529AC1</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>5</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Brute Force (HTTP Auth)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>7F61DDD522C5439B9EAB4FC17B2F47AA</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>5</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Brute Force (Form Auth)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>22E85EEA6883403982D8C298AEBC935A</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Blind SQL</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>FD1C760270CE493D92F50C347C79218F</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Directory</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Clients Cross-Domain Policy Files</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>A41D5AC842594BF086E9A96DD3353333</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Information Disclosure in comments</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>BBFCB66779ED4E7292C08F19E9BB45DF</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>50</maxvulnlimit><maxperwebsitevulnlimit>20</maxperwebsitevulnlimit><maxvariancelimit>10</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Cookie attributes</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>2227AE47A2AA40A6B6B1328AC13A6F0C</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>5</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource|Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>AJAX</requestoriginations><displayname>Cross Origin Resources Sharing (CORS)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>F8A0814584594965B0AF68B4E190F566</moduleid><modulepriority>Low</modulepriority><severity>Medium</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|Silverlight</requestoriginations><displayname>Credentials over an insecure channel</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>C35E7D79DD6F4DA489BBF6BC1D9D012B</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Content Security Policy Header</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>81C9D7ED0E33447899D5CD20B978617B</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Cross-Site Request Forgery (CSRF)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>3A586D24C653446196BAAC345FDE8C53</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>20</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Directory</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Custom Directory Module</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>EE998B281CE840948E90BF2D61E4C5F9</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>20</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Custom Parameter Module</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>1DE8C004C53D4B89A41E6B98DC6FD3B4</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>20</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Custom Passive Module</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>2CE90A403F704F80961E381BE19CCA2F</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Directory</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Directory Indexing</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>240EBB4A72024BA585833EB1F1AB4EC0</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>150</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Email Disclosure</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>9B62D146FF00456388F9822A76F95841</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Expression Language Injection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>D07D5C8EF8664392A0CC1509A6DE5940</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|Path|Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Forced Browsing</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>FD28B5D41E064D37B5543CE22BBC6306</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|Silverlight</requestoriginations><displayname>Sensitive Data Exposure</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>7B61BD81D278490C9B1A7B0568E94E30</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>5</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Form Session Strength</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>5032DAF0D8FE4294B23F0D1DAA4C0337</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>50</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>FrontPage Checks</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>748E90FC47AB4B438C3A49660989B44A</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Heartbleed Check</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>EBEE6CA2515F4FBEB8B7EC0197C5A74F</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>20</maxvulnlimit><maxperwebsitevulnlimit>4</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>HTTP Strict Transport Security</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>F25AF6387E8A429F8E664F31E2974054</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>20</maxvulnlimit><maxperwebsitevulnlimit>5</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>HTTP Authentication over insecure channel</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>60B0D57597EF4542A15FCB8D907669B0</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>HTTPS Downgrade</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>55D76EB20CE54C01856E43223232E3DD</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>HTTP Headers</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>DE08B6DDD872440E91347969D514CFD6</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>HTTP Response Splitting</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>1712CD453B074C78A8A561E0ED66DD1F</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site|Web Resource|Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>HTTPS Everywhere</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>881B35A841414BBAA05084A2A8CE7904</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>20</maxvulnlimit><maxperwebsitevulnlimit>4</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|Flash|Silverlight</requestoriginations><displayname>HTTP User-Agent Check</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>6A609D0096124619842EE23FA7C989B5</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>500</maxvulnlimit><maxperwebsitevulnlimit>250</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Information Disclosure in response</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>E617D008F7534C808064D2B1A4BFE81A</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>500</maxvulnlimit><maxperwebsitevulnlimit>250</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>1</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Information Leakage in responses</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>B86A3A67D710456898A9009DBF6A4989</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Java Grinder</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>F10ACEB0A6804D0F93516428E64B46FD</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>500</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight</requestoriginations><displayname>JavaScript Memory Leaks</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>B7FD0D454CB246AC85A29AF53C27157F</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>25</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>LDAP Injection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>FCD9A41AD39247C0B45A8D42FF7A4E5E</moduleid><modulepriority>High</modulepriority><severity>Informational</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX</requestoriginations><displayname>Local Storage Usage</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>466E4CC294D94A11AFD50FD01D56261F</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter|Response Analysis</attackpoints><parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Business logic abuse attacks</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>7D06B46D915644E9870F4A6B903FC09F</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>10</maxvulnlimit><maxperwebsitevulnlimit>1</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Nginx NULL code</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>99E5E4DD1B734047B95402FB7C76BEC3</moduleid><modulepriority>Medium</modulepriority><severity>High</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>File|Path|Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>OS Commanding</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>2934BC76771C4016BD3524B432CEBCA8</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>5</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Out of Band Stored Cross-site scripting (XSS)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>A62D1481CB394632B06C0C54FCDD0579</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>5</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Out of Band Cross-site scripting (XSS)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>A8AB603EABC04875A5B2320CF6990C24</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>500</maxvulnlimit><maxperwebsitevulnlimit>250</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post|Cookie|Referer</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Parameter Fuzzing</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>FAC53175FF1E4478AA6D3E2DD4D66B6D</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>10</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>1</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Credentials stored in clear text in a cookie.</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>243C315A46A14C92A2717A29A4290167</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>10</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|Silverlight</requestoriginations><displayname>Collecting Sensitive Personal Information</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>B97A29683AEE4AA2B94FC26BFC2694A9</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>PHP Code Execution</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>AFF041E38E444889B271CDE1B24378EA</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>10</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Privacy Disclosure</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>433C43A54C714F08B822B7932D410A78</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>10</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource|Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Privilege Escalation</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>ED2E98EFF9A14BF7ACA06A7B28FF97BE</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Profanity</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>0AE25E41D6F44F29900104EF86B04191</moduleid><modulepriority>Low</modulepriority><severity>Safe</severity><maxvulnlimit>500</maxvulnlimit><maxperwebsitevulnlimit>250</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Reflection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>8CB2F93CE7F243B98D3C83A9A3E6EA4B</moduleid><modulepriority>Medium</modulepriority><severity>Medium</severity><maxvulnlimit>1000</maxvulnlimit><maxperwebsitevulnlimit>250</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Directory|File|Parameter</attackpoints><parameterlocations>Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>File Inclusion</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>63430695B68941DF99BF242F5AE1674B</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>50</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>HTTP Verb Tampering</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>D8741C7560B8431A9AE74E9B4FEB4F45</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>10</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site|Directory|File</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Predictable Resource Location</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>13623AA162FA4488852116B7EC0DE49E</moduleid><modulepriority>Medium</modulepriority><severity>Medium</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Query</parameterlocations><requestoriginations>HTML|Form</requestoriginations><displayname>Reverse Clickjacking</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>A418163442A54BB9BB0F1E591881A835</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Reverse Proxy</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>2C7D393BABA44517B0A37DC8ADCF9630</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>Information Disclosure in scripts</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>07BD211A580944E591F78B40FF3F3489</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>3</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Secure and non-secure content mix</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>1CBEA71A88844A11A4CD6ABAA2FD7F62</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|Silverlight</requestoriginations><displayname>Sensitive data over an insecure channel</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>34A0F038EFA248B594E7F17447F4CF2E</moduleid><modulepriority>High</modulepriority><severity>Informational</severity><maxvulnlimit>10</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site|Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Server Configuration</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>DC8E0D09314B44D39915AAF8439B4F53</moduleid><modulepriority>Medium</modulepriority><severity>Medium</severity><maxvulnlimit>150</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</parameterlocations><requestoriginations>HTML|Form|AJAX</requestoriginations><displayname>Server Side Include (SSI) Injection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>0F5408AB9FF94320AA58FCFE80EDEF59</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>200</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Server Side Template Injection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>DB1340E1857540219DF84A6A9DC0494C</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Session Fixation</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>6B1B2812012D41249BDEE83FFAEB523D</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>10</maxvulnlimit><maxperwebsitevulnlimit>4</maxperwebsitevulnlimit><maxvariancelimit>1</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|Path|Query</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</requestoriginations><displayname>HTTP Query Session Check</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>F729A70998064A1F99A8BEA8512D31AE</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>10</maxvulnlimit><maxperwebsitevulnlimit>2</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Session Strength</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>0DB2C1311DA74B80A153A8733C74D6CC</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>50</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Session Upgrade</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>7A7B3239AB8146839A8AEF170807ED1E</moduleid><modulepriority>Low</modulepriority><severity>Medium</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>File</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Source Code Disclosure</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>59646365E0E44520BE4297C3ABAA7E75</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>1</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>SQL Information Leakage</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>B6F559D374B5451EB424A1C1FB264FA6</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>500</maxvulnlimit><maxperwebsitevulnlimit>200</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer|Http Header</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>SQL Injection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>0496353D92704F2E942BFE1B575D9B7C</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>SQL Injection Auth Bypass</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>CEB40EE490564D60B4F9B3CE79C009B5</moduleid><modulepriority>Medium</modulepriority><severity>Medium</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>SQL Parameter Check</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>C5805272001249A095A48F2E56240C10</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>100</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>SSL Strength</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>5D9A66E5961B4644AAF5EC655E18EE66</moduleid><modulepriority>Medium</modulepriority><severity>Informational</severity><maxvulnlimit>50</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>20</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Subdomain discovery</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>9A22444AC7C642ABBC598CBCA4738C3B</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>40</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Unvalidated Redirect</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>B69E83831D26496BB2CC0C0D70181EC3</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>40</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>URL rewriting</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>4DE84100F31849A7B845FE5F62D2FD7A</moduleid><modulepriority>Medium</modulepriority><severity>Medium</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form</requestoriginations><displayname>ASP.NET ViewState security</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>0BE4C251F44C4CF1924104ADFD86289C</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>25</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|Flash|Silverlight</requestoriginations><displayname>Web Beacon</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>74FB936F2BBA499F8D0AF3B7A29B4F9E</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>30</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Site</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Cross-site tracing (XST)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>377030BFE58A4F01A112295D32A0744C</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Web Service Parameter Fuzzing</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>8399FA8EDF5C41BC9D3CF85DC23DC26B</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>20</maxvulnlimit><maxperwebsitevulnlimit>5</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>X-Content-Type-Options</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>3E2E60F7D0E04D8596918C2D1F639064</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>50</maxvulnlimit><maxperwebsitevulnlimit>10</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>X-Frame-Options</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>615D72F401BC447AB4A2139654BC9945</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>5</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>X-XSS-Protection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>ABFA075919804435A25A22A8CAC191DF</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post|Cookie</parameterlocations><requestoriginations>HTML|Form|AJAX</requestoriginations><displayname>XML External Entity Attack</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>BBE9F36A88A944ECB837D5193D356E4C</moduleid><modulepriority>Medium</modulepriority><severity>High</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Path|Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>XPath Injection</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>6CEF426D33514825B50741616DB2120B</moduleid><modulepriority>Low</modulepriority><severity>Informational</severity><maxvulnlimit>25</maxvulnlimit><maxperwebsitevulnlimit>5</maxperwebsitevulnlimit><maxvariancelimit>2</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>X-Powered-By</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>46A8FE469F6C44BFB9946C021A2BCDC8</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX</requestoriginations><displayname>Cross-site scripting (XSS), (DOM based)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>BD57F92E956A493DA39ADDF215B29D96</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Web Resource</attackpoints><parameterlocations></parameterlocations><requestoriginations>AJAX</requestoriginations><displayname>Cross-site scripting (XSS), (DOM based reflected via AJAX request)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>62AA6A08FA764E209551B4A4C479F08D</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Response Analysis</attackpoints><parameterlocations></parameterlocations><requestoriginations>HTML|Form|AJAX</requestoriginations><displayname>Persistent Cross-site scripting (XSS) (passive)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>050ABD8CF99F4EE4AA18C12F06FA3051</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>50</maxperwebsitevulnlimit><maxvariancelimit>5</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Persistent Cross-site scripting (XSS), (active)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>ABEB2E590AA24A39BB6FE7DBD6338277</moduleid><modulepriority>High</modulepriority><severity>Medium</severity><maxvulnlimit>400</maxvulnlimit><maxperwebsitevulnlimit>150</maxperwebsitevulnlimit><maxvariancelimit>5</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>Directory|File|Path|Query|Post|Cookie|Referer</parameterlocations><requestoriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL|REST</requestoriginations><displayname>Reflected Cross-site scripting (XSS)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>FFBF4640C8A4475E93E099018951B409</moduleid><modulepriority>Medium</modulepriority><severity>Medium</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit>100</maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>0</passiveanalysisonattacks><enforceencoding>0</enforceencoding><applypolicyseverity>0</applypolicyseverity><attackpoints>Parameter</attackpoints><parameterlocations>File|Query|Post</parameterlocations><requestoriginations>HTML|Form|AJAX</requestoriginations><displayname>Reflected Cross-site scripting (XSS), (simple)</displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>38354857D10048B68A34CD2E3EBC3B52</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>75</maxvulnlimit><maxperwebsitevulnlimit></maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>false</passiveanalysisonattacks><enforceencoding>false</enforceencoding><applypolicyseverity></applypolicyseverity><attackpoints>16</attackpoints><parameterlocations>40</parameterlocations><requestoriginations>63</requestoriginations><displayname></displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>FF01402DB70848D88ACB0736B6E4BCF5</moduleid><modulepriority>High</modulepriority><severity>Low</severity><maxvulnlimit>4</maxvulnlimit><maxperwebsitevulnlimit></maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>false</passiveanalysisonattacks><enforceencoding>false</enforceencoding><applypolicyseverity></applypolicyseverity><attackpoints>8</attackpoints><parameterlocations>0</parameterlocations><requestoriginations>1</requestoriginations><displayname></displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>F74CCB3314134B21A3B5D5D78BECEADB</moduleid><modulepriority>High</modulepriority><severity>High</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit></maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>false</passiveanalysisonattacks><enforceencoding>false</enforceencoding><applypolicyseverity></applypolicyseverity><attackpoints>22</attackpoints><parameterlocations>168</parameterlocations><requestoriginations>63</requestoriginations><displayname></displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>667629EC1FDC4C6D98B5F4031717BB9B</moduleid><modulepriority>Medium</modulepriority><severity>Low</severity><maxvulnlimit>250</maxvulnlimit><maxperwebsitevulnlimit></maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>false</passiveanalysisonattacks><enforceencoding>false</enforceencoding><applypolicyseverity></applypolicyseverity><attackpoints>2</attackpoints><parameterlocations>0</parameterlocations><requestoriginations>63</requestoriginations><displayname></displayname></attackmodulepolicy><attackmodulepolicy><enabled>0</enabled><moduleid>31E0A650FB944E689DF46B7A98F35A5F</moduleid><modulepriority>Low</modulepriority><severity>Low</severity><maxvulnlimit>100</maxvulnlimit><maxperwebsitevulnlimit></maxperwebsitevulnlimit><maxvariancelimit>4</maxvariancelimit><passiveanalysisonattacks>false</passiveanalysisonattacks><enforceencoding>false</enforceencoding><applypolicyseverity></applypolicyseverity><attackpoints>32</attackpoints><parameterlocations>0</parameterlocations><requestoriginations>31</requestoriginations><displayname></displayname></attackmodulepolicy></attackmodulepolicylist></attackpolicyconfig><analyzerconfig><enabled>0</enabled><notexistingfilepath>/aaaaaaaa.aaa</notexistingfilepath><notexistingdirpath>/aaaaaaaa/</notexistingdirpath><appendtooriginalvalue>1</appendtooriginalvalue><replaceoriginalvalue>0</replaceoriginalvalue></analyzerconfig><authconfig><type>Selenium</type><httpauth>0</httpauth><oauth>0</oauth><reloginaftersessionloss>1</reloginaftersessionloss><logoutdetection>1</logoutdetection><userassistance>0</userassistance><assumesuccessfullogin>0</assumesuccessfullogin><verifynotloggedin>1</verifynotloggedin><postponeloginaction>1</postponeloginaction><createnonauthenticatedsession>0</createnonauthenticatedsession><treatfailedreloginaserror>1</treatfailedreloginaserror><restartproxybeforerelogin>0</restartproxybeforerelogin><blacklistsinglepasswordforms>0</blacklistsinglepasswordforms><blacklistmultipasswordforms>1</blacklistmultipasswordforms><resetcookies>1</resetcookies><accounttype>Restricted</accounttype><usernameform></usernameform><passwordform></passwordform><usernamehttp><passwordhttp></passwordhttp><autologonsecurity>Medium</autologonsecurity><loginlinkregex>((log|sign)[ -]?(in|on))|auth</loginlinkregex><loggedinregex>(sign|log)[ -]?(out|off)</loggedinregex><loggedinheaderregex></loggedinheaderregex><sessionlossregex>please (re)?login|have been logged out|session has expired</sessionlossregex><sessionlossheaderregex>Location: [^\\\\n]{0,100}((sign|log)(in|on|out)|unauthenticated)\\\\b</sessionlossheaderregex><logoutlinkregex>(sign|log|time)[ -]?(in|on|out|off)|password</logoutlinkregex><logoutpostbodyregex>(sign|log|time)[ -]?(in|on|out|off)</logoutpostbodyregex><canarypage></canarypage><sessionlossoncanarypageregex></sessionlossoncanarypageregex><formsubmissionscript></formsubmissionscript><sessioncookieregex>\\\\b(CFID|CFTOKEN|SESSION|JSESSIONID|ASPSESSIONID[A-Z0-9]+|PHPSESSID|ASP[.]NET_SessionId)\\\\b</sessioncookieregex><sessioncookielifespan>32</sessioncookielifespan><urlsessiontokenregex></urlsessiontokenregex><postsessiontokenregex></postsessiontokenregex><responsebodytokenregex></responsebodytokenregex><httpheaderwithtokenreplacement></httpheaderwithtokenreplacement><logoutdetectionfrequency>60</logoutdetectionfrequency><discoverymaxlinks>100</discoverymaxlinks><loginmaxlinks>50</loginmaxlinks><discoverydepth>10</discoverydepth><logindepth>10</logindepth><maxmacroreloginattempts>3</maxmacroreloginattempts><discoveryprioritization>Login Form Discovery</discoveryprioritization><loginprioritization>Login</loginprioritization><bootstrapdelay>60000</bootstrapdelay><seedlink></seedlink><discoverloginform>1</discoverloginform><usebrowserformlogin>1</usebrowserformlogin><pingfrequency>600</pingfrequency><pingurl></pingurl><scopeconstraintlist><hmacconfig><hmacheadergeneratordllfilename></hmacheadergeneratordllfilename><hmacusername></hmacusername><hmacapikey></hmacapikey><hmachashalgorithm>32780</hmachashalgorithm></hmacconfig><oauthconfig><resourceownerurl></resourceownerurl><resourceserverurl></resourceserverurl><authorizationserverurl>/authorize</authorizationserverurl><clientid></clientid><clientscope></clientscope><clientstate></clientstate><clientsecret></clientsecret><redirecturi></redirecturi><username></username><password></password><usernameform></usernameform><passwordform></passwordform><extensiongrant></extensiongrant><authorizationgranttype>Null</authorizationgranttype><azureresponsemode>NullAzureResponseMode</azureresponsemode><azureresourceurl></azureresourceurl><azureprompt>NullAzurePrompt</azureprompt><azureloginhint></azureloginhint><azuredomainhint></azuredomainhint></oauthconfig><adalconfig><resourceid>https://graph.windows.net</resourceid><tenant></tenant><clientid></clientid><username></username><password></password><tokenrefreshperiod>0:10:01</tokenrefreshperiod></adalconfig><macrofile><macrofilename></macrofilename><javascriptengine>Internet Explorer</javascriptengine><showinbrowser>0</showinbrowser><replayspeed>1</replayspeed><asapmode>1</asapmode><asapmodemindelay>3000</asapmodemindelay><extradelayaftermacro>2000</extradelayaftermacro><attackassequence>0</attackassequence><sequenceconfig><resetsession>1</resetsession><autosequenceconfig>1</autosequenceconfig><manualsequenceconfig><sequencerequestlist></sequencerequestlist></manualsequenceconfig></sequenceconfig></macrofile><webserviceauthconfig><enabled>0</enabled><authwsdl></authwsdl><authwebmethod></authwebmethod><getauthtokenxpath></getauthtokenxpath><putauthtokenxpath></putauthtokenxpath><extractauthtoken>1</extractauthtoken><webserviceparameterlist></webserviceparameterlist></webserviceauthconfig><seleniumfile><seleniumfilename>C:\\\\Users\\\\user\\\\Postman\\\\files\\\\selenium.bat</seleniumfilename></seleniumfile><trafficfile><trafficfilename></trafficfilename><trafficfilepassword></trafficfilepassword><attackassequence>0</attackassequence><beginattackrequest>0</beginattackrequest><endattackrequest>-1</endattackrequest></trafficfile><browserformloginconfig><showinbrowser>0</showinbrowser><initialnavigateeventduration>10000</initialnavigateeventduration><finaldelayeventduration>20000</finaldelayeventduration></browserformloginconfig></scopeconstraintlist></usernamehttp></authconfig><proxyconfig><type>Internet Explorer Settings</type><httphost></httphost><httpport>0</httpport><httpshost></httpshost><httpsport>0</httpsport><pacfile></pacfile><username><password></password></username></proxyconfig><remediationconfig><dollarsperhourappdev>250</dollarsperhourappdev><dollarsperhourserveradmin>250</dollarsperhourserveradmin><dollarsperhourdatabaseadmin>250</dollarsperhourdatabaseadmin><setuphoursappdev>8</setuphoursappdev><setuphoursserveradmin>2</setuphoursserveradmin><setuphoursdatabaseadmin>8</setuphoursdatabaseadmin><minhoursperissueappdev>0.75</minhoursperissueappdev><maxhoursperissueappdev>1.25</maxhoursperissueappdev><minhoursperissueserveradmin>0.25</minhoursperissueserveradmin><maxhoursperissueserveradmin>1</maxhoursperissueserveradmin><minhoursperissuedatabaseadmin>0.75</minhoursperissuedatabaseadmin><maxhoursperissuedatabaseadmin>1.25</maxhoursperissuedatabaseadmin></remediationconfig><sslcertconfig><type>NoCert</type><file></file><password></password><index>-3</index><name></name><serialnumber></serialnumber><issuernamebase64></issuernamebase64><pin></pin><requestpinatstartup>0</requestpinatstartup><setpininterval>180</setpininterval></sslcertconfig><networksettingsconfig><closeconnection>0</closeconnection><maxretries>2</maxretries><maxresponsesize>7000000</maxresponsesize><resolvetimeout>60000</resolvetimeout><connecttimeout>60000</connecttimeout><writetimeout>60000</writetimeout><readtimeout>60000</readtimeout><assumedisconnectedtimeout>18000000</assumedisconnectedtimeout><dripdelaymilliseconds>25</dripdelaymilliseconds><maxconsecutivefailures>500</maxconsecutivefailures><customnetworklib>0</customnetworklib><secureprotocols>SSL3|TLS1</secureprotocols><raspscandatasinkhost></raspscandatasinkhost><raspscankickoffresthost></raspscankickoffresthost><raspscankickoffrestendpoint>advise_rasp_of_scan</raspscankickoffrestendpoint><rasptimeout>0:03:00</rasptimeout><nametoipmaplist></nametoipmaplist></networksettingsconfig><performanceconfig><maxconcurrentrequests>16</maxconcurrentrequests><maxbandwidthkb>1200</maxbandwidthkb><maxbrowserlimit>10</maxbrowserlimit><maxbrowserreusecount>10</maxbrowserreusecount><maxbrowsermemorysize>209715200</maxbrowsermemorysize><maxcpuusage>50</maxcpuusage><memoryceiling>2800</memoryceiling><antidos>0</antidos><monitorperformanceusage>1</monitorperformanceusage><singlethreadedscan>0</singlethreadedscan><killstrayieinstances>0</killstrayieinstances><minfreediskspace>524288000</minfreediskspace><maxmemoryusagepercent>70</maxmemoryusagepercent><maxthreadcount>400</maxthreadcount><maxbrowserprocesslifetime>240000</maxbrowserprocesslifetime><mindatabasecompactinterval>900000</mindatabasecompactinterval><databasecompactduringscan>0</databasecompactduringscan><databasecompactpostscan>0</databasecompactpostscan></performanceconfig><systemrecommendationsconfig><enabled>1</enabled><minlogicalprocessors>2</minlogicalprocessors><mintotalphysicalmemoryfor64bit>4187593113</mintotalphysicalmemoryfor64bit><minavailablephysicalmemoryfor64bit>2147483648</minavailablephysicalmemoryfor64bit><mintotalphysicalmemoryfor32bit>2147483648</mintotalphysicalmemoryfor32bit><minavailablephysicalmemoryfor32bit>1073741824</minavailablephysicalmemoryfor32bit><minfreediskspace>10737418240</minfreediskspace></systemrecommendationsconfig><httpheadersconfig><httpprotocol>HTTP/1.1</httpprotocol><accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</accept><acceptcharset></acceptcharset><acceptencoding>gzip, deflate</acceptencoding><acceptlanguage>en-US</acceptlanguage><cookie></cookie><useragent>Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36</useragent><overwritewithdefaultheaders>0</overwritewithdefaultheaders><customheaderslist><trafficheaderlist><trafficheader><value>Authorization</value></trafficheader><trafficheader><value>X-XSRF-TOKEN</value></trafficheader><trafficheader><value>X-CSRF-Token</value></trafficheader></trafficheaderlist></customheaderslist></httpheadersconfig><manualcrawlingconfig><trafficfilelist></trafficfilelist></manualcrawlingconfig><parametertrainingconfig><formpopulation>Smart</formpopulation><trainingparameterlist><trainingparameter><patternname>Username</patternname><types>text,textarea</types><language>en</language><match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</match><value>%RANDALPHANUM%</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Password</patternname><types>password</types><language>en</language><match>password|passwd|pw|pwd</match><value>%RANDALPHANUM%$</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Social Security Number</patternname><types>text,textarea,password</types><language>en</language><match>SSN|social|security</match><value>987-65-4320</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Address</patternname><types>text,textarea</types><language>en</language><match>income</match><value>100000</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Address</patternname><types>text,textarea</types><language>en</language><match>address|street</match><value>600 Fairy Land Drive</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Apartment number</patternname><types>text,textarea</types><language>en</language><match>address|apartment|house</match><value>123</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>First name</patternname><types>text,textarea</types><language>en</language><match>name</match><value>John</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Last name</patternname><types>text,textarea</types><language>en</language><match>last[:space:]*name|surname</match><value>Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Full name</patternname><types>text,textarea</types><language>en</language><match>(your|full)[:space:]+name|name</match><value>John Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>User Signature</patternname><types>text,textarea</types><language>en</language><match>signature</match><value>John Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Middle name</patternname><types>text,textarea</types><language>en</language><match>middle[:space:]+name</match><value>L</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>City</patternname><types>text,textarea</types><language>en</language><match>city|town</match><value>Costa Mesa</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>County</patternname><types>text,textarea</types><language>en</language><match>county</match><value>Orange</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>State</patternname><types>text,textarea</types><language>en</language><match>state</match><value>CA</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Zip code</patternname><types>text,textarea</types><language>en</language><match>zip[:space:]*code|post[:space:]*code|postal[:space:]*code|zip</match><value>92626</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Country</patternname><types>text,textarea,select</types><language>en</language><match>united[:space:]*states|country</match><value>US</value><valuematch>us</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Phone number</patternname><types>text,textarea</types><language>en</language><match>tele[:space:]*phone|fax|phone</match><value>123-456-7890</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Phone area code</patternname><types>text,textarea</types><language>en</language><match>area[:space:]+code</match><value>123</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Company name</patternname><types>text,textarea</types><language>en</language><match>company|employer|organization</match><value>Example</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Email</patternname><types>text,textarea</types><language>en</language><match>e[-_]?mail([-_]?address)?</match><value>a%RANDALPHANUM%@example.com</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Birthday</patternname><types>text,textarea</types><language>en</language><match>birth[:space:]day|birth</match><value>12/25/1975</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Day</patternname><types>text,textarea,select</types><language>en</language><match>dd|day</match><value>25</value><valuematch>25</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Month</patternname><types>text,textarea,select</types><language>en</language><match>mm|month</match><value>12</value><valuematch>12|dec|d</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>FutureYear</patternname><types>text,textarea,select</types><language>en</language><match>2015|2016|2017</match><value>2016</value><valuematch>2015|2016|2017</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>BirthYear</patternname><types>text,textarea,select</types><language>en</language><match>yyyy|year|1975|1970|1960|1950</match><value></value><valuematch>1975|1970|1960|1950</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Past Date mm/dd/yyyy</patternname><types>text,textarea</types><language>en</language><match>(start|from)[-\\\\s_]*date</match><value>02/02/2003</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Future Date mm/dd/yy</patternname><types>text,textarea</types><language>en</language><match>mm/dd/yy</match><value>02/02/15</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Future Date mm/dd/yyyy</patternname><types>text,textarea</types><language>en</language><match>mm/dd/yyyy|check.in|check.out|departing|returning|appointment|after|arrival|departure|(end|to)[-\\\\s_]*date</match><value>02/02/2015</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Old password</patternname><types>password</types><language>en</language><match>old[:space:]+password</match><value>%RANDALPHANUM%1'</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Accept terms</patternname><types>checkbox,radio</types><language>en</language><match><!--[CDATA[i have read and accept|i have read and agree|terms and conditions|terms, conditions|terms & conditions|accept|agree]]--></match><value></value><valuematch>yes|1|on</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Save login</patternname><types>checkbox,radio,select</types><language>en</language><match>save|remember</match><value></value><valuematch>yes|1|on</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Remove item</patternname><types>checkbox,radio</types><language>en</language><match>remove|delete</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Search</patternname><types>text,textarea</types><language>en</language><match>keyword|search|query</match><value>water</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Quantity</patternname><types>text,textarea,select</types><language>en</language><match>quantity|amount|number|qty|num</match><value>3</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Number</patternname><types>text,textarea</types><language>en</language><match>number|count|nmr|cnt|rate|decimal|digit</match><value>21</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Account Number</patternname><types>text,textarea,select,radio,checkbox</types><language>en</language><match>account</match><value>20</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Shipping method</patternname><types>select,radio,checkbox</types><language>en</language><match>shipping|fedex|standard|ups</match><value></value><valuematch>fedex|standard|ups</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Gift</patternname><types>checkbox</types><language>en</language><match>gift</match><value></value><valuematch>yes|1|on</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Credit card number</patternname><types>text,textarea,password</types><language>en</language><match>credit[:space:]*card|card[:space:]*number</match><value>5105105105105100</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Credit card type</patternname><types>select,checkbox,radio</types><language>en</language><match>master[:space:]*card|master|visa|diners|diners[:space:]*club|discovery|american[:space:]*express|amex</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Credit card security code</patternname><types>text,textarea,password</types><language>en</language><match>security[:space:]*code|verification[:space:]*number</match><value>123</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>PIN</patternname><types>text,textarea,password</types><language>en</language><match>PIN</match><value>1234</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>CAPTCHA</patternname><types>text,textarea</types><language>en</language><match>code[:space:]*shown|captcha</match><value>%RANDALPHANUM%</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Size</patternname><types>select</types><language>en</language><match>size|xxl</match><value></value><valuematch>(\\\\b(m|s|42)\\\\b</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Color</patternname><types>select</types><language>en</language><match>\\\\b(color|red|black)\\\\b</match><value>Blue</value><valuematch>\\\\b(blue|red|black)\\\\b</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Price</patternname><types>text,textare</types><language>en</language><match>price</match><value>20</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Attention</patternname><types>text,textare</types><language>en</language><match>attention</match><value>John</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Gender</patternname><types>select,radio</types><language>en</language><match>gender|male|female</match><value>male</value><valuematch>\\\\b(male|m|f)\\\\b</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Legal age</patternname><types>checkbox,radio</types><language>en</language><match>legal|\\\\d\\\\d[:space:]*years[:space:]*old</match><value>yes</value><valuematch>\\\\b(on|1|yes)\\\\b</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Coupon code</patternname><types>text,textarea</types><language>en</language><match>promotion|coupon</match><value>%RANDALPHANUM%</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Send message</patternname><types>text,textarea</types><language>en</language><match>message|comment|complain|enquiry|review</match><value>comment</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Existing user</patternname><types>checkbox,radio</types><language>en</language><match>returning|existing|customer</match><value></value><valuematch>\\\\b(on|1|yes)\\\\b</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Age</patternname><types>text,textarea</types><language>en</language><match>age|under|over</match><value>40</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Passphrase Hint</patternname><types>text,textarea</types><language>en</language><match>What make|pet's name|your father|high school|friend</match><value>What make was your first car?</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Passphrase Hint Answer</patternname><types>text,textarea</types><language>en</language><match>Answer</match><value>Ford</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Doctor name</patternname><types>text,textarea</types><language>en</language><match>doctor</match><value>John Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Website</patternname><types>text,textarea</types><language>en</language><match>website</match><value>www.example.com</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Address</patternname><types>text,textarea</types><language>de</language><match>adresse|strasse</match><value>600 Fairy Land Drive</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Apartment number</patternname><types>text,textarea</types><language>de</language><match>adresse|wohnung|haus</match><value>123</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>First name</patternname><types>text,textarea</types><language>de</language><match>name</match><value>John</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Last name</patternname><types>text,textarea</types><language>de</language><match>vorname|name</match><value>Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Full name</patternname><types>text,textarea</types><language>de</language><match>ihren namen|name</match><value>John Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>User Signature</patternname><types>text,textarea</types><language>de</language><match>unterschrift</match><value>John Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>City</patternname><types>text,textarea</types><language>de</language><match>stadt|stadt</match><value>Berlin</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Regierungsbezirke</patternname><types>text,textarea</types><language>de</language><match>regierungsbezirke</match><value>Berlin</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Zip code</patternname><types>text,textarea</types><language>de</language><match>postleitzahl|zip|ZIP|PLZ|Postleitzahl</match><value>10115</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Country</patternname><types>text,textarea</types><language>de</language><match>\\\\b(deutschland|land)\\\\b</match><value>DE</value><valuematch>\\\\bDE\\\\b</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Phone number</patternname><types>text,textarea</types><language>de</language><match>telefon|telefon|fax</match><value>(1234) 567890</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Phone area code</patternname><types>text,textarea</types><language>de</language><match>vorwahl</match><value>123</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Company name</patternname><types>text,textarea</types><language>de</language><match>unternehmen|arbeitgeber|organisation</match><value>Example</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Email</patternname><types>text,textarea</types><language>de</language><match>E[-_]Mailadresse|email|E[-_]Mail</match><value>a%RANDALPHANUM%@example.com</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Birthday</patternname><types>text,textarea</types><language>de</language><match>geburtstag|geburt</match><value>12/25/1975</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Day</patternname><types>text,textarea</types><language>de</language><match>tag</match><value>25</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Month</patternname><types>text,textarea</types><language>de</language><match>monat</match><value>12</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Year</patternname><types>text,textarea</types><language>de</language><match>Jahr</match><value>2007</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>BirthYear</patternname><types>text,textarea</types><language>de</language><match>Jahr|1975|1970|1960|1950</match><value>1975</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Past Date mm/dd/yy</patternname><types>text,textarea</types><language>de</language><match>Datum|d.m.yyyy|dd.mm.yyyy</match><value>02.02.03</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Past Date mm/dd/yyyy</patternname><types>text,textarea</types><language>de</language><match>Datum|mm/dd/yyyy</match><value>02/02/2003</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Future Date mm/dd/yy</patternname><types>text,textarea</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfGQubS55fGRkLm1tLnl5fFRlcm1pbg==</match><value>02/02/11</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Future Date mm/dd/yyyy</patternname><types>text,textarea</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGEQ2hlY2staW58WnVyIEthc3NlfEFiZmFocnR8UsO8Y2trZWhyfFRlcm1pbnxkZC5tbS55eXl5</match><value>02/02/2011</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Username</patternname><types>text,textarea</types><language>de</language><match>Benutzername|Mitgliedsnamen|Benutzer</match><value>%RANDALPHANUM%</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Password</patternname><types>password</types><language>de</language><match>password|passwort|passwd</match><value>%RANDALPHANUM%1'</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Old password</patternname><types>password</types><language>de</language><match>alte[:space:]passwort</match><value>%RANDALPHANUM%1'</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Accept terms</patternname><types>checkbox,radio</types><language>de</language><match>Ich habe gelesen und akzeptiere|Ich habe gelesen und akzeptiere|akzeptieren|vereinbaren|AGB|Nutzungsbedingungen|AGB</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Remove item</patternname><types>checkbox,radio</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGEZW50ZmVybmVufGzDtnNjaGVu</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Search</patternname><types>text,textarea</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGEw5xiZXJzaWNodHxTdWNoZXxBbmZyYWdl</match><value>water</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Quantity</patternname><types>text,textarea</types><language>de</language><match>qty|Menge|Betrag|Anzahl</match><value>3</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Number</patternname><types>text,textarea</types><language>de</language><match>Anzahl|NMR|cnt|bewerten|dezimal|stellige</match><value>21</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Account Number</patternname><types>text,textarea</types><language>de</language><match>Konto</match><value>3456</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Shipping method</patternname><types>select</types><language>de</language><match>Versand</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Gift</patternname><types>text,textarea</types><language>de</language><match>Geschenk</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Credit card number</patternname><types>text,textarea</types><language>de</language><match>Kreditkarte|Kredit|Kartennummer</match><value>5105105105105100</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Credit card type</patternname><types>text,textarea</types><language>de</language><match>MasterCard|Master|Visum|Diners|Diners Club|Entdeckung|American Express</match><value></value><valuematch>Master</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Credit card security code</patternname><types>text,textarea</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGES3JlZGl0fFNpY2hlcmhlaXRzLUNvZGV8UHLDvGZudW1tZXI=</match><value>123</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>CAPTCHA</patternname><types>text,textarea</types><language>de</language><match>captcha</match><value>[%RANDALPHANUM%</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Back button</patternname><types>button,image,submit</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGEenVyw7xja3xyZXR1cm58c3Rvcm5pZXJlbnx2b3JoZXJpZ2V8d2VpdGVyIGVpbmthdWZlbg==</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Logout button</patternname><types>button,image,submi</types><language>de</language><match>Abmeldung|Abmeldung|ausloggen|(sign|log)-?(off|out)</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Login button</patternname><types>button,image,submi</types><language>de</language><match>(log|sign)-?in</match><value></value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Size</patternname><types>select</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGER3LDtnNzZXxYWEw=</match><value>m</value><valuematch>m|s|42</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Color</patternname><types>select</types><language>de</language><match>Farbe</match><value>Blue</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Enter price</patternname><types>text,textarea</types><language>de</language><match>Preis</match><value>20</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Attention</patternname><types>text,textarea</types><language>de</language><match>Aufmerksamkeit</match><value>John</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Gender</patternname><types>select,radio,checkbox</types><language>de</language><match>Geschlecht|Herren</match><value>m</value><valuematch>m|h</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Legal age</patternname><types>select,radio,checkbox</types><language>de</language><match>rechtliche|\\\\d\\\\d[:space:]*Jahre</match><value>ja</value><valuematch>ja|yes|1|on</valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Coupon code</patternname><types>text,textarea</types><language>de</language><match>MJPYBZHSWwshWRRFSGWAGERsO2cmRlcnVuZ3xHdXRzY2hlaW4=</match><value>111</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Send message</patternname><types>text,textarea</types><language>de</language><match>Nachricht|Kommentar|beschweren|Anfrage|Kritik</match><value>comment</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Age</patternname><types>text,textarea</types><language>de</language><match>Alter|unter|mehr</match><value>40</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Passphrase Hint</patternname><types>text,textarea</types><language>de</language><match>Was machen|Name des Haustieres|Ihr Vater</match><value>What make was your first car?</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Passphrase Hint Answer</patternname><types>text,textarea</types><language>de</language><match>beantworten</match><value>Ford</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter><trainingparameter><patternname>Doctor name</patternname><types>text,textarea</types><language>de</language><match>Arzt</match><value>John Johnson</value><valuematch></valuematch><matchcriteria>Regex</matchcriteria></trainingparameter></trainingparameterlist></parametertrainingconfig><autosequenceconfig><sequenceignoreextensionlist><sequenceignoreextension><value>js</value></sequenceignoreextension><sequenceignoreextension><value>css</value></sequenceignoreextension><sequenceignoreextension><value>doc</value></sequenceignoreextension><sequenceignoreextension><value>jpg</value></sequenceignoreextension><sequenceignoreextension><value>jpeg</value></sequenceignoreextension><sequenceignoreextension><value>gif</value></sequenceignoreextension><sequenceignoreextension><value>png</value></sequenceignoreextension><sequenceignoreextension><value>bmp</value></sequenceignoreextension><sequenceignoreextension><value>ico</value></sequenceignoreextension><sequenceignoreextension><value>exe</value></sequenceignoreextension><sequenceignoreextension><value>swf</value></sequenceignoreextension><sequenceignoreextension><value>mp3</value></sequenceignoreextension><sequenceignoreextension><value>wav</value></sequenceignoreextension><sequenceignoreextension><value>eot</value></sequenceignoreextension></sequenceignoreextensionlist><sequenceignorecontenttypelist><sequenceignorecontenttype><value>*font*</value></sequenceignorecontenttype><sequenceignorecontenttype><value>audio/*</value></sequenceignorecontenttype><sequenceignorecontenttype><value>image/*</value></sequenceignorecontenttype><sequenceignorecontenttype><value>video/*</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/pdf</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/zip</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/x-rar-compressed</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/x-dvi</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/x-shockwave-flash</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/msword</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/ogg</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/x-tar</value></sequenceignorecontenttype><sequenceignorecontenttype><value>application/octet-stream</value></sequenceignorecontenttype></sequenceignorecontenttypelist></autosequenceconfig><macroconfig><sequentialmacroplayback>1</sequentialmacroplayback><macrofilelist></macrofilelist></macroconfig><seleniumconfig><listenforotherscripts>0</listenforotherscripts><sequentialseleniumscriptplayback>1</sequentialseleniumscriptplayback><seleniumport>32768</seleniumport><firefoxprofile></firefoxprofile><webdriverforhtml>Chrome</webdriverforhtml><seleniumfilelist></seleniumfilelist></seleniumconfig><webserviceconfig><username></username><password></password><contenttype></contenttype><wsdlregex>([?]wsdl|[.]wsdl)$</wsdlregex><autodiscoverwsdl>1</autodiscoverwsdl><webservicesenhancements>0</webservicesenhancements><passwordoption>Hashed</passwordoption><swaggerhostname></swaggerhostname><swaggerparsefail>1</swaggerparsefail><wsdllist><swaggerfilelist></swaggerfilelist></wsdllist></webserviceconfig><reportconfig><globaldatabasedsn></globaldatabasedsn><globaldatabaseuid></globaldatabaseuid><globaldatabasepwd></globaldatabasepwd><language>en</language><brandingdirectory></brandingdirectory><xml>0</xml><attackmodulesjson>1</attackmodulesjson><crawledlinksjson>1</crawledlinksjson><webappscanselectedchildrenjson>1</webappscanselectedchildrenjson><scanstatusjson>1</scanstatusjson><websitesjson>1</websitesjson><crawlresultsjson>1</crawlresultsjson><formsjson>1</formsjson><webresourcesjson>1</webresourcesjson><attackvectorsjson>1</attackvectorsjson><findingsjson>1</findingsjson><usermessagelogentriesjson>1</usermessagelogentriesjson><attacklocationsjson>1</attacklocationsjson><vulnerabilitiessummaryxml>1</vulnerabilitiessummaryxml><vulnerabilitiessummaryjson>0</vulnerabilitiessummaryjson><browserlinksjson>1</browserlinksjson><crawledlinksxml>0</crawledlinksxml><index>1</index><executivesummary>1</executivesummary><alllinks>1</alllinks><appthreatmodeling>1</appthreatmodeling><bestpractices>1</bestpractices><reflection>1</reflection><remediationsummary>1</remediationsummary><resources>0</resources><resourcedetails>0</resourcedetails><resourcesummarybreakdown>0</resourcesummarybreakdown><application>1</application><server>1</server><database>1</database><bysite>0</bysite><sitelinks>1</sitelinks><statusandconfig>1</statusandconfig><vulnerabilities>1</vulnerabilities><vulnerabilitiesbyurlstandalone>0</vulnerabilitiesbyurlstandalone><disastig>1</disastig><fisma>1</fisma><cwesans>1</cwesans><glb>1</glb><hipaa>1</hipaa><owasp2007>0</owasp2007><owasp2010>0</owasp2010><owasp2013>0</owasp2013><owasp2017>1</owasp2017><pci>0</pci><pci30></pci30><pci31>1</pci31><sox>1</sox><privacy>1</privacy><comments>1</comments><cookies>1</cookies><pdf>0</pdf><zipreport>1</zipreport><validateapplet>1</validateapplet><includedbinzip>0</includedbinzip><disablebigreportpagesthreshold>10000</disablebigreportpagesthreshold><aesencryptpassword></aesencryptpassword><metadata></metadata><confidence>1</confidence></reportconfig><wafconfig><snort>1</snort><imperva>1</imperva><modsec>1</modsec><snortmode>Alert</snortmode></wafconfig><scheduleconfig><enabled>0</enabled><pausetime>2019-01-04 03:26:41</pausetime><resumetime>2019-01-04 03:26:41</resumetime><maxruntime>43469 Days, 3:26:41</maxruntime></scheduleconfig><sitetechnologyconfig><autodetect>1</autodetect><serverperformance>Unknown</serverperformance><languagelist><regionlist><technologytargets><operatingsystemlist><databaselist><frameworklist><clientlanguagelist><serverlanguagelist><webserverlist><webappserverlist></webappserverlist></webserverlist></serverlanguagelist></clientlanguagelist></frameworklist></databaselist></operatingsystemlist></technologytargets></regionlist></languagelist></sitetechnologyconfig><onetimetokenconfig><autodetectcsrf>1</autodetectcsrf><maxtokenlifetime>1899-12-30 00:00:00</maxtokenlifetime><expirationregex></expirationregex><tokennameregex>csrf</tokennameregex><tokenvalueregex></tokenvalueregex></onetimetokenconfig><cvssconfig><collateraldamagepotential>Not Defined</collateraldamagepotential><targetdistribution>Not Defined</targetdistribution><confidentialityrequirement>Not Defined</confidentialityrequirement><integrityrequirement>Not Defined</integrityrequirement><availabilityrequirement>Not Defined</availabilityrequirement><accessvector>Not Defined</accessvector><accesscomplexity>Not Defined</accesscomplexity><cvssauthentication>Not Defined</cvssauthentication></cvssconfig><parameterparserconfig><enablebase64parametervalues>1</enablebase64parametervalues><multiregexurlparserconfiglist><standardurlparserconfig><pathnamevaluedelimiters>=.</pathnamevaluedelimiters><pathparameterdelimiters>/;</pathparameterdelimiters><querynamevaluedelimiters>=</querynamevaluedelimiters><queryparameterdelimiters><!--[CDATA[&]]--></queryparameterdelimiters><pathparamsvalueregex>\\\\d+</pathparamsvalueregex><startpathparamsposition>-1</startpathparamsposition></standardurlparserconfig></multiregexurlparserconfiglist></parameterparserconfig><parametervalueconfig><parametervaluelist></parametervaluelist></parametervalueconfig></domainnamelist></scanmoduleparameterslist></scanconfig>",
6
"Id": null,
7
"Name": "SeleniumConfig",
8
"ClientId": "9e41eefa-18d0-41d7-b786-653b40a06f8d",
9
"EngineGroupId": "e6483e35-1a5e-460a-98b1-0618d5042dab",
10
"Monitoring": false,
11
"IsApproveRequired": false
12
}

Response status code

Reason

Description

200

Scan config created

400

InvalidJsonSchema

Required parameters not provided

400

ConfigNotFound

Scan config with Id not found

400

ConfigNameIsNotUnique

Scan config with the same name already exist in the client

Response example:

JSON scheme:
1
{
2
"type": "object",
3
"properties": {
4
"IsSuccess": {
5
"type": "boolean",
6
"required": true
7
},
8
"ErrorMessage": {
9
"type": ["string", "null"],
10
"required": true
11
},
12
"Reason": {
13
"type": ["string", "null"],
14
"required": true
15
}
16
{,
17
"additionalProperties": false
18
}
post

/AppSpiderEnterprise/rest/v1/Config/DeleteConfigs

Description

Deletes a scan config

Parameters

Name

Type

Required

Description

configIds

guid[]

Y

Scan config IDs

deleteReport

bool

N(false)

Remove all reports related to scan configs

deletePendingScan

bool

N(false)

Remove all pending scans related to scan configs

Response Messages

Response status code

Reason

Description

200

Scan config removed

400

InvalidJsonSchema

Required parameters not provided

Response example:

JSON schema:
1
{
2
"type": "object",
3
"properties": {
4
"IsSuccess": {
5
"type": "boolean",
6
"required": true
7
},
8
"ErrorMessage": {
9
"type":["string", "null"],
10
"required": true
11
},
12
"Reason": {
13
"type": ["string", "null"],
14
"required": true
15
}
16
},
17
"additionalProperties": false
18
}
19
get

/AppSpiderEnterprise/rest/v1/Config/GetConfigs

Description

Retrieves all scan configs for the client

Parameters

No parameters

Response Messages

Response status code

Reason

Description

200

Response contains the list of scan configs

Response example:

JSON schema:
1
{
2
"type": "object",
3
"properties": {
4
"Configs": {
5
"type": "array",
6
"items": {
7
"type": "object",
8
"properties": {
9
"Id": {
10
"type":"string",
11
"required": true
12
},
13
"Name": {
14
"type":"string",
15
"required": true
16
},
17
"ClientId": {
18
"type":"string",
19
"required": true
20
},
21
"EngineGroupId": {
22
"type":"string",
23
"required": true
24
},
25
"Monitoring": {
26
"type": "boolean",
27
"required": true
28
},
29
"IsApproveRequired": {
30
"type": "boolean",
31
"required": true
32
},
33
"DefendEnabled": {
34
"type": "boolean",
35
"required": true
36
},
37
"MonitoringDelay": {
38
"type": "integer",
39
"required": true
40
},
41
"MonitoringTriggerScan": {
42
"type": "boolean",
43
"required": true
44
},
45
"Xml": {
46
"type": "string",
47
"required": true
48
}
49
}
50
},
51
"additionalProperties": false
52
},
53
"IsSuccess": {
54
"type": "boolean",
55
"required": true
56
},
57
"ErrorMessage": {
58
"type":["string", "null"],
59
"required": true
60
},
61
"Reason": {
62
"type":["string", "null"],
63
"required": true
64
}
65
},
66
"additionalProperties": false
67
}

/AppSpiderEnterprise/rest/v1/Config/GetConfigs

Description

Retrieves all scan configs for the client using paging

Parameters

Parameters

Type

Required

Description

page

int

Y

The page of results to return (page starts at 0)

pageSize

int

Y

The number of results to return per page

Response Messages

Response status code

Reason

Description

200

Response contains the list of scan configs

Response example:

json
1
{
2
"type": "object",
3
"properties": {
4
"Configs": {
5
"type": "array",
6
"items": {
7
"type": "object",
8
"properties": {
9
"Id": {
10
"type":"string",
11
"required": true
12
},
13
"Name": {
14
"type":"string",
15
"required": true
16
},
17
"ClientId": {
18
"type":"string",
19
"required": true
20
},
21
"EngineGroupId": {
22
"type":"string",
23
"required": true
24
},
25
"Monitoring": {
26
"type": "boolean",
27
"required": true
28
},
29
"IsApproveRequired": {
30
"type": "boolean",
31
"required": true
32
},
33
"DefendEnabled": {
34
"type": "boolean",
35
"required": true
36
},
37
"MonitoringDelay": {
38
"type": "integer",
39
"required": true
40
},
41
"MonitoringTriggerScan": {
42
"type": "boolean",
43
"required": true
44
},
45
"Xml": {
46
"type": "string",
47
"required": true
48
}
49
}
50
},
51
"additionalProperties": false
52
},
53
"IsSuccess": {
54
"type": "boolean",
55
"required": true
56
},
57
"ErrorMessage": {
58
"type":["string", "null"],
59
"required": true
60
},
61
"Reason": {
62
"type":["string", "null"],
63
"required": true
64
}
65
},
66
"additionalProperties": false
67
}

/AppSpiderEnterprise/rest/v1/Config/GetConfigs

Description

Retrieves the list of scan configs for the client by the target id

Parameters

Parameters

Type

Required

Description

targetId

guid[]

Y

The target id

Response Messages

Response status code

Reason

Description

200

Response contains the list of scan configs

400

ConfigNotFound

No Scan configs exist for target id

Response example:

json
1
{
2
"type": "object",
3
"properties": {
4
"Configs": {
5
"type": "array",
6
"items": {
7
"type": "object",
8
"properties": {
9
"Id": {
10
"type":"string",
11
"required": true
12
},
13
"Name": {
14
"type":"string",
15
"required": true
16
},
17
"ClientId": {
18
"type":"string",
19
"required": true
20
},
21
"EngineGroupId": {
22
"type":"string",
23
"required": true
24
},
25
"Monitoring": {
26
"type": "boolean",
27
"required": true
28
},
29
"IsApproveRequired": {
30
"type": "boolean",
31
"required": true
32
},
33
"DefendEnabled": {
34
"type": "boolean",
35
"required": true
36
},
37
"MonitoringDelay": {
38
"type": "integer",
39
"required": true
40
},
41
"MonitoringTriggerScan": {
42
"type": "boolean",
43
"required": true
44
},
45
"Xml": {
46
"type": "string",
47
"required": true
48
}
49
}
50
},
51
"additionalProperties": false
52
},
53
"IsSuccess": {
54
"type": "boolean",
55
"required": true
56
},
57
"ErrorMessage": {
58
"type":["string", "null"],
59
"required": true
60
},
61
"Reason": {
62
"type":["string", "null"],
63
"required": true
64
}
65
},
66
"additionalProperties": false
67
}

/AppSpiderEnterprise/rest/v1/Config/GetConfigs

Description

Retrieves the list of scan configs for the client by the target id using paging

Parameters

Parameters

Type

Required

Description

targetId

guid[]

Y

The target id

page

int

Y

The page of results to return (page starts at 0)

pageSize

int

Y

The number of results to return per page

Response Messages

Response status code

Reason

Description

200

Response contains the list of scan configs

400

ConfigNotFound

No Scan configs exist for target id

Response example:

json
1
{
2
"type": "object",
3
"properties": {
4
"Configs": {
5
"type": "array",
6
"items": {
7
"type": "object",
8
"properties": {
9
"Id": {
10
"type":"string",
11
"required": true
12
},
13
"Name": {
14
"type":"string",
15
"required": true
16
},
17
"ClientId": {
18
"type":"string",
19
"required": true
20
},
21
"EngineGroupId": {
22
"type":"string",
23
"required": true
24
},
25
"Monitoring": {
26
"type": "boolean",
27
"required": true
28
},
29
"IsApproveRequired": {
30
"type": "boolean",
31
"required": true
32
},
33
"DefendEnabled": {
34
"type": "boolean",
35
"required": true
36
},
37
"MonitoringDelay": {
38
"type": "integer",
39
"required": true
40
},
41
"MonitoringTriggerScan": {
42
"type": "boolean",
43
"required": true
44
},
45
"Xml": {
46
"type": "string",
47
"required": true
48
}
49
}
50
},
51
"additionalProperties": false
52
},
53
"IsSuccess": {
54
"type": "boolean",
55
"required": true
56
},
57
"ErrorMessage": {
58
"type":["string", "null"],
59
"required": true
60
},
61
"Reason": {
62
"type":["string", "null"],
63
"required": true
64
},
65
"TotalCount": {
66
"type": "integer",
67
"required": true
68
},
69
"TotalPages": {
70
"type": "integer",
71
"required": true
72
},
73
"Links": {
74
"type": "array",
75
"items": {
76
"Rel": {
77
"type":["string", "null"],
78
"required": true
79
},
80
"Href": {
81
"type":["string", "null"],
82
"required": true
83
}
84
}
85
}
86
},
87
},
88
"additionalProperties": false
89
}
get

/AppSpiderEnterprise/rest/v1/Config/GetConfig

Description

Retrieves scan config for the client

Parameters

Parameters

Type

Required

Description

id

guid[]

Y

Scan config ID

Response Messages

Response status code

Reason

Description

200

Response contains the scan config

400

InvalidJsonSchema

Required parameters not provided

400

ConfigNotFound

Scan config with "id" not found in client

Response example:

JSON schema:
1
{
2
"type": "object",
3
"properties": {
4
"IsSuccess": {
5
"type": "boolean",
6
"required": true
7
},
8
"Config": {
9
"type": ["object", "null"],
10
"required": true,
11
"properties": {
12
"Id": {
13
"type": "string",
14
"required": true
15
},
16
"Name": {
17
"type": "string",
18
"required": true
19
},
20
"ClientId": {
21
"type": "string",
22
"required": true
23
},
24
"EngineGroupId": {
25
"type": "string",
26
"required": true
27
},
28
"Monitoring": {
29
"type": "boolean",
30
"required": true
31
},
32
"IsApproveRequired": {
33
"type": "boolean",
34
"required": true
35
},
36
"DefendEnabled": {
37
"type": "boolean",
38
"required": true
39
},
40
"MonitoringDelay": {
41
"type": "integer",
42
"required": true
43
},
44
"MonitoringTriggerScan": {
45
"type": "boolean",
46
"required": true
47
},
48
"Xml": {
49
"type": "string",
50
"required": true
51
}
52
},
53
"additionalProperties": false
54
},
55
"ErrorMessage": {
56
"type": ["string", "null"],
57
"required": true
58
},
59
"Reason": {
60
"type": ["string", "null"],
61
"required": true
62
}
63
},
64
"additionalProperties": false
65
}
get

/AppSpiderEnterprise/rest/v1/Config/GetAttachment

Description

Retrieves auxiliary files (such as macro, traffic recording, etc), referenced in the scan configuration

Parameters

Name

Type

Required

Description

configId

guid[]

Y

Scan config ID

fileName

string

Y

Name of requested file

fileType

string

Y

File type. Values are: "Authentication", "Certificate", "Crawling", "Selenium", "Traffic", "Wsdl"

Response Messages

Response status code

Reason

Description

200

Response contains the scan config attachment

400

InvalidJsonSchema

Required parameters not provided

400

ConfigNotFound

Scan config with 'configId' not found in client

400

FileNotFound

File with 'name' and 'fileType' not found or user has no access to config

Response example: File response from valid request. If error occurred

JSON schema:
1
{
2
"type": "object",
3
"properties": {
4
"IsSuccess": {
5
"type": "boolean",
6
"required": true
7
},
8
"ErrorMessage": {
9
"type": ["string", "null"],
10
"required": true
11
},
12
"Reason": {
13
"type": ["string", "null"],
14
"required": true
15
}
16
},
17
"additionalProperties": false
18
}
get

/AppSpiderEnterprise/rest/v1/Config/GetAttachments

Description

Retrieves auxiliary files (such as macro, traffic recording, etc), referenced in the scan configuration

Parameters

Name

Type

Required

Description

configId

guid[]

Y

Scan config ID

Response Messages

Response status code

Reason

Description

200

Response contains the list of scan config attachments

400

InvalidJsonSchema

Required parameters not provided

400

ConfigNotFound

Scan config with 'id' not found in client or user has no access to config

400

FileNotFound

Files related to configs are not found on the server

Response example: ZIP file results from valid request. If error occurred

JSON schema:
1
{
2
"type": "object",
3
"properties": {
4
"IsSuccess": {
5
"type": "boolean",
6
"required": true
7
},
8
"ErrorMessage": {
9
"type": ["string", "null"],
10
"required": true
11
},
12
"Reason": {
13
"type": ["string", "null"],
14
"required": true
15
}
16
},
17
"additionalProperties": false
18
}