AppSpider web GUI fields

AppSpider web GUI fields

The following sections map AppSpider Pro GUI to the corresponding attributes in the XML config.

Main

AppSpider web GUI fieldsXML config
Scan Name

<Name>webscantest</Name>

URL List

<CrawlConfig><SeedUrlList><SeedUrl> <Value>http://www.webscantest.com/</Value></SeedUrl></SeedUrlList></CrawlConfig>

Max Links

<CrawlConfig><MaxCrawlResults>5000</MaxCrawlResults></CrawlConfig>

Restrict scan to seed URLs

<CrawlConfig><RestrictToSeedList>0</RestrictToSeedList></CrawlConfig>

Browser

<JavaScriptEngine>Chrome</JavaScriptEngine>

Attack policy

AppSpider web GUI fieldsXML configs
Attack PolicyAttack Policy Name

<AttackPolicyConfig><Policy>All Modules</Policy></AttackPolicyConfig>

Attack Prioritization

<AttackPolicyConfig><AttackPrioritization>Smart</AttackPrioritization></AttackPolicyConfig>

Attacks per input

<AttackPolicyConfig><AttackDepth>Smart</AttackDepth></AttackPolicyConfig>

Attacks Collection

<AttackPolicyConfig><EnableAdvancedAttacks>0</EnableAdvancedAttacks></AttackPolicyConfig>

Browser Encoding

<AttackPolicyConfig><EnforceEncoding>0</EnforceEncoding></AttackPolicyConfig>

False Positive Regex

<AttackPolicyConfig><FalsePositiveRegex>This web browser does not support JavaScript or JavaScript in this web browser is not enabled.</FalsePositiveRegex></AttackPolicyConfig>

Module PolicyEnabled

<AttackPolicyConfig><AttackModulePolicyList><AttackModulePolicy><Enabled>1</Enabled></AttackModulePolicy></AttackModulePolicyList></AttackPolicyConfig>

Name

<AttackPolicyConfig><AttackModulePolicyList><AttackModulePolicy><DisplayName>Anonymous Access</DisplayName></AttackModulePolicy></AttackModulePolicyList></AttackPolicyConfig>

Severity

<AttackPolicyConfig><AttackModulePolicyList><AttackModulePolicy><Severity>Informational</Severity></AttackModulePolicy></AttackModulePolicyList></AttackPolicyConfig>

Max Findings

<AttackPolicyConfig><AttackModulePolicyList><AttackModulePolicy><MaxVulnLimit>10</MaxVulnLimit></AttackModulePolicy></AttackModulePolicyList></AttackPolicyConfig>

Attack LocationsAttack

<AttackPolicyConfig><AttackModulePolicyList><AttackModulePolicy><ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations></AttackModulePolicy></AttackModulePolicyList></AttackPolicyConfig>

TypeN/A
DescriptionN/A
Proxy
AppSpider web GUI fieldsXML config
Proxy settings

<ProxyConfig><Type>Internet Explorer Settings</Type></ProxyConfig>

Proxy requires authenticationUser Name

<ProxyConfig><Username>username</Username></ProxyConfig>

Password

<ProxyConfig><Password>password</Password></ProxyConfig>

Authentication
AppSpider web GUI fieldsXML config
Automated Login

<AuthConfig><Type>Form</Type></AuthConfig>

User Name

<AuthConfig><UsernameForm>username</UsernameForm></AuthConfig>

Password

<AuthConfig><Password>password</Password></AuthConfig>

SSO

<AuthConfig><ScopeConstraintList><ScopeConstraint></ScopeConstraint></ScopeConstraintList></AuthConfig>

Macro Authentication

<AuthConfig><Type>Macro</Type></AuthConfig>

MacroRecordsFile

<AuthConfig><MacroFile><MacroFileName>MacroRecordsFile</MacroFileName></MacroFile></AuthConfig>

Display Macro Replay

<AuthConfig><MacroFile><ShowInBrowser>0</ShowInBrowser></MacroFile></AuthConfig>

Browser

<AuthConfig><MacroFile><JavaScriptEngine>Default</JavaScriptEngine></MacroFile></AuthConfig>

HTTP Authentication

<AuthConfig><HttpAuth>1</HttpAuth></AuthConfig>

Use Form credentials<AuthConfig><Type>Form</Type></AuthConfig>
User Name<AuthConfig><UsernameHttp>username</UsernameHttp></AuthConfig>
Password<AuthConfig><PasswordHttp>password</PasswordHttp></AuthConfig>
Scan Bootstrap

<AuthConfig><Type>Bootstrap</Type></AuthConfig>

Selenium Script Authentication

<AuthConfig><Type>Selenium</Type></AuthConfig>

Web Driver

<SeleniumConfig><WebDriverForHtml>Chrome</WebDriverForHtml></SeleniumConfig>

Selenium Script File

<AuthConfig><SeleniumFile><SeleniumFileName>SeleniumRecordsFile</SeleniumFileName></SeleniumFile></AuthConfig>

Proxy Log Authentication

<AuthConfig><TrafficFile><TrafficFileName>TrafficRecordsFile</TrafficFileName></TrafficFile></AuthConfig>

Proxy Log File

<AuthConfig><TrafficFile><TrafficFileName><TrafficRecordsFile></TrafficFileName></TrafficFile></AuthConfig>

Session Hijacking

<AuthConfig><Type>Session Takeover</Type></AuthConfig>

Session Cookie

<HTTPHeadersConfig><Cookie>session cookie</Cookie></HTTPHeadersConfig>

Lock cookie values for duration of scan

<CrawlConfig><LockCookies>1</LockCookies></CrawlConfig>

New cookie list

<CrawlConfig><LockedCookieList><LockedCookie><Value>new cookie</Value></LockedCookie></LockedCookieList></CrawlConfig>

HMAC

<AuthConfig><Type>Form</Type></AuthConfig>

Username

<AuthConfig><HmacConfig><HMACUsername>username</HMACUsername></HmacConfig></AuthConfig>

Secret Key

<AuthConfig><HmacConfig>HMACApiKey>secret key</HMACApiKey></HmacConfig></AuthConfig>

Hash Algorithm

<AuthConfig><HmacConfig><HMACHashAlgorithm>32771</HMACHashAlgorithm></HmacConfig></AuthConfig>

HMAC Generator DLL

<AuthConfig><HmacConfig><HMACHeaderGeneratorDllFilename>HMACHeaderGenerator.dll</HMACHeaderGeneratorDllFilename></HmacConfig></AuthConfig>

OAUTH

<AuthConfig><OAuth>1</OAuth></AuthConfig>

Resource Server URL

<AuthConfig><HawkConfig><ResourceServerURL>resource server url</ResourceServerURL></HawkConfig></AuthConfig>

Authorization Server URL

<AuthConfig><HawkConfig><AuthorizationServerURL>/authorize</AuthorizationServerURL></HawkConfig></AuthConfig>

Redirect URI

<AuthConfig><HawkConfig><RedirectURI>redirect uri</RedirectURI></HawkConfig></AuthConfig>

Client Scope

<AuthConfig><HawkConfig><ClientScope>client scope</ClientScope></HawkConfig></AuthConfig>

Client Secret

<AuthConfig><HawkConfig><ClientSecret>client secret</ClientSecret></HawkConfig></AuthConfig>

Client Id

<AuthConfig><HawkConfig><ClientId>client id</ClientId></HawkConfig></AuthConfig>

Client State

<AuthConfig><HawkConfig><ClientState>client state</ClientState></HawkConfig></AuthConfig>

Username

<AuthConfig><HawkConfig><Username>username</Username></HawkConfig></AuthConfig>

Password

<AuthConfig><HawkConfig><Password>pasword</Password></HawkConfig></AuthConfig>

Grant Type

<AuthConfig><HawkConfig><AuthorizationGrantType>Implicit</AuthorizationGrantType></HawkConfig></AuthConfig>

Advanced Settings

<AuthConfig><Type>Form</Type></AuthConfig>

Configure SSL CertificatesSSL Certificate

<SSLCertConfig><Type>Certificate</Type></SSLCertConfig>

<SSLCertConfig><File>file</File></SSLCertConfig>

<SSLCertConfig><Password>password</Password></SSLCertConfig>

SSL Subject name

<SSLCertConfig><Type>Subject</Type></SSLCertConfig>

<SSLCertConfig><Name>name</Name></SSLCertConfig>

<SSLCertConfig><Pin>pin</Pin></SSLCertConfig>

Logged In Regex

<AuthConfig><LoggedInRegex>logged in regex</LoggedInRegex></AuthConfig>

Assume Good Login

<AuthConfig><AssumeSuccessfulLogin>1</AssumeSuccessfulLogin></AuthConfig>

Allow Initial Redirect for Non-Form Auth Single Sign-on

<AuthConfig><Type>SSO Redirect</Type></AuthConfig>

Crawler restrictions
AppSpider web GUI fieldsXML config
Comprehensiveness

<CrawlConfig><ScopeConstraintList></ScopeConstraintList></CrawlConfig>

Default

<MaxPerDirCrawlResults>200</MaxPerDirCrawlResults>

<MaxPerLinkCrawlResults>10</MaxPerLinkCrawlResults>

<UrlRepetitionTolerance>5</UrlRepetitionTolerance>

<SequenceRepetitionTolerance>2</SequenceRepetitionTolerance>

<ParametersToAttackBeforeLimitingAttacks>20</ParametersToAttackBeforeLimitingAttacks>

<LinksToAttackBeforeLimitingAttacks>10</LinksToAttackBeforeLimitingAttacks>

<MaxSameNameParameterAttackPoints>5</MaxSameNameParameterAttackPoints>
<MaxSameCookieParameterAttackPoints>5</MaxSameCookieParameterAttackPoints>
<MaxSameNameParameterAttackPointsPerLink>1</MaxSameNameParameterAttackPointsPerLink>
Fast Scan<MaxPerDirCrawlResults>500</MaxPerDirCrawlResults>
<MaxPerLinkCrawlResults>50</MaxPerLinkCrawlResults>

<UrlRepetitionTolerance>25</UrlRepetitionTolerance>

<SequenceRepetitionTolerance>5</SequenceRepetitionTolerance>

<ParametersToAttackBeforeLimitingAttacks>400</ParametersToAttackBeforeLimitingAttacks>

<LinksToAttackBeforeLimitingAttacks>200</LinksToAttackBeforeLimitingAttacks>

<MaxSameNameParameterAttackPoints>25</MaxSameNameParameterAttackPoints>

<MaxSameCookieParameterAttackPoints>15</MaxSameCookieParameterAttackPoints>

<MaxSameNameParameterAttackPointsPerLink>2</MaxSameNameParameterAttackPointsPerLink>

URL

<CrawlConfig><ScopeConstraintList><ScopeConstraint><URL>https://www.webscantest.com/*</URL></ScopeConstraint></ScopeConstraintList></CrawlConfig>

Match Type

<CrawlConfig><ScopeConstraintList><ScopeConstraint><MatchCriteria>Literal</MatchCriteria></ScopeConstraint></ScopeConstraintList></CrawlConfig>

Action

<CrawlConfig><ScopeConstraintList><ScopeConstraint><Exclusion>Exclude</Exclusion></ScopeConstraint></ScopeConstraintList></CrawlConfig>

VERB

<CrawlConfig><ScopeConstraintList><ScopeConstraint><Method>GET</Method></ScopeConstraint></ScopeConstraintList></CrawlConfig>

Attack restrictions
AppSpider web GUI fieldsXML config
Inherit crawl restrictions

<AttackerConfig><ApplyCrawlerConstraints>1</ApplyCrawlerConstraints></AttackerConfig>

Attack restrictionsURL

<AttackerConfig><ScopeConstraintList><ScopeConstraint><URL>url</URL></ScopeConstraint></ScopeConstraintList></AttackerConfig>

Match Type

<AttackerConfig><ScopeConstraintList><ScopeConstraint><MatchCriteria>Wildcard</MatchCriteria></ScopeConstraint></ScopeConstraintList></AttackerConfig>

Action

<AttackerConfig><ScopeConstraintList><ScopeConstraint><Exclusion>Include</Exclusion></ScopeConstraint></ScopeConstraintList></AttackerConfig>

VERB

<AttackerConfig><ScopeConstraintList><ScopeConstraint><Method>All</Method></ScopeConstraint></ScopeConstraintList></AttackerConfig>

Regular expression for parameters by name to be excluded from being attacked

<AttackerConfig><UserDoNotAttackParamList><UserDoNotAttackParam><ParameterName>value</ParameterName></UserDoNotAttackParam></UserDoNotAttackParamList></AttackerConfig>

HTTPs headers
AppSpider web GUI fieldsXML config
Protocol

<HTTPHeadersConfig><HttpProtocol>HTTP/1.1</HttpProtocol></HTTPHeadersConfig>

User-Agent

<HTTPHeadersConfig><UserAgent>Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36</UserAgent></HTTPHeadersConfig>

Accept Header

<HTTPHeadersConfig><Accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</Accept></HTTPHeadersConfig>

Accept-Charset

<HTTPHeadersConfig><AcceptCharset></AcceptCharset></HTTPHeadersConfig>

Accept-Language

<HTTPHeadersConfig><AcceptLanguage>en-US</AcceptLanguage></HTTPHeadersConfig>

Extra Header

<HTTPHeadersConfig><CustomHeadersList><CustomHeaders><Value>value</Value></CustomHeaders></CustomHeadersList></HTTPHeadersConfig>

Accept-Encoding

<HTTPHeadersConfig><AcceptEncoding>gzip, deflate</AcceptEncoding></HTTPHeadersConfig>

Cookie

<HTTPHeadersConfig><Cookie>cookie</Cookie></HTTPHeadersConfig>

Lock cookie values for duration of scan

<CrawlConfig><LockCookies>1</LockCookies></CrawlConfig>

Cookie to lock

<CrawlConfig><LockedCookieList><LockedCookie><Value>value</Value></LockedCookie></LockedCookieList></CrawlConfig>

Performance
AppSpider web GUI fieldsXML config
Network SettingsNumber of URL Retry Attempts

<NetworkSettingsConfig><MaxRetries>5</MaxRetries></NetworkSettingsConfig>

Min Delay Between Requests, ms

<NetworkSettingsConfig><DripDelayMilliSeconds>25</DripDelayMilliSeconds></NetworkSettingsConfig>

Connection Timeout, ms

<NetworkSettingsConfig><ConnectTimeout>60000</ConnectTimeout></NetworkSettingsConfig>

Read Timeout, ms

<NetworkSettingsConfig><ReadTimeout>60000</ReadTimeout></NetworkSettingsConfig>

Maximum Bandwidth, KB/s

<PerformanceConfig><MaxBandwidthKB>1200</MaxBandwidthKB></PerformanceConfig>

Max Concurrent Requests (1-64)

<PerformanceConfig><MaxConcurrentRequests>16</MaxConcurrentRequests></PerformanceConfig>

Server Load

<NetworkSettingsConfig><DripDelayMilliSeconds>200</DripDelayMilliSeconds></NetworkSettingsConfig>

<PerformanceConfig><MaxConcurrentRequests>8</MaxConcurrentRequests></PerformanceConfig>

<PerformanceConfig><MaxBandwidthKB>250</MaxBandwidthKB></PerformanceConfig>

<NetworkSettingsConfig><DripDelayMilliSeconds>25</DripDelayMilliSeconds></NetworkSettingsConfig>

<PerformanceConfig><MaxConcurrentRequests>16</MaxConcurrentRequests></PerformanceConfig>

<PerformanceConfig><MaxBandwidthKB>500</MaxBandwidthKB></PerformanceConfig>

<NetworkSettingsConfig><DripDelayMilliSeconds>10</DripDelayMilliSeconds></NetworkSettingsConfig>

<PerformanceConfig><MaxConcurrentRequests>32</MaxConcurrentRequests></PerformanceConfig>

<PerformanceConfig><MaxBandwidthKB>1000</MaxBandwidthKB></PerformanceConfig>

Secure Protocols

<NetworkSettingsConfig><SecureProtocols>SSL3|TLS1</SecureProtocols></NetworkSettingsConfig>

Sequential Scan

<PerformanceConfig><SingleThreadedScan>0</SingleThreadedScan></PerformanceConfig>

Anti DoS

<PerformanceConfig><AntiDoS>0</AntiDoS></PerformanceConfig>

Performance SettingsMax CPU Usage

<PerformanceConfig><MaxCPUUsage>50</MaxCPUUsage></PerformanceConfig>

Maximum memory ceiling (Mb)

<PerformanceConfig><MemoryCeiling64Bit>5600</MemoryCeiling64Bit></PerformanceConfig>

Disable system resources monitoring

<PerformanceConfig><MonitorPerformanceUsage>1</MonitorPerformanceUsage><PerformanceConfig>

Logging OptionsOperation log

<Log>1</Log>

Reporting
AppSpider web GUI fieldsXML config
XMLCrawledLinks XML

<ReportConfig><CrawledLinksXML>0</CrawledLinksXML></ReportConfig>

Main

<ReportConfig><XML>0</XML></ReportConfig>

Summary

<ReportConfig><VulnerabilitiesSummaryXML>0</VulnerabilitiesSummaryXML></ReportConfig>

IndexApplication

<ReportConfig><Application>1</Application></ReportConfig>

Database

<ReportConfig><Database>1</Database></ReportConfig>

Executive Summary

<ReportConfig><ExecutiveSummary>1</ExecutiveSummary></ReportConfig>

Index

<ReportConfig><Index>1</Index></ReportConfig>

Resource Details

<ReportConfig><ResourceDetails>0</ResourceDetails></ReportConfig>

HTMLAll-links

<ReportConfig><AllLinks>1</AllLinks></ReportConfig>

App Threat Modeling

<ReportConfig><AppThreatModeling>1</AppThreatModeling></ReportConfig>

Best Practices

<ReportConfig><BestPractices>1</BestPractices></ReportConfig>

By Site

<ReportConfig><BySite>0</BySite></ReportConfig>

Reflection

<ReportConfig><Reflection>1</Reflection></ReportConfig>

Remediation Summary

<ReportConfig><RemediationSummary>1</RemediationSummary></ReportConfig>

Resource Summary Breakdown

<ReportConfig><ResourceSummaryBreakdown>0</ResourceSummaryBreakdown></ReportConfig>

Resources

<ReportConfig><Resources>0</Resources></ReportConfig>

Server

<ReportConfig><Server>1</Server></ReportConfig>

Site Links

<ReportConfig><SiteLinks>1</SiteLinks></ReportConfig>

StatusAndConfig

<ReportConfig><StatusAndConfig>1</StatusAndConfig></ReportConfig>

Vulnerabilities

<ReportConfig><Vulnerabilities>1</Vulnerabilities></ReportConfig>

Vulnerabilities By Url Standalone

<ReportConfig><VulnerabilitiesByUrlStandAlone>0</VulnerabilitiesByUrlStandAlone></ReportConfig>

ComplianceCWESANS

<ReportConfig><CWESANS>1</CWESANS></ReportConfig>

DISASTIG

<ReportConfig><DISASTIG>1</DISASTIG></ReportConfig>

FISMA

<ReportConfig><FISMA>1</FISMA></ReportConfig>

GDPR 2016

<ReportConfig><GDPR2016>1</GDPR2016></ReportConfig>

GLB

<ReportConfig><GLB>1</GLB></ReportConfig>

HIPAA

<ReportConfig><HIPAA>1</HIPAA></ReportConfig>

OWASP 2017

<ReportConfig><OWASP2017>1</OWASP2017></ReportConfig>

OWASP 2021

<ReportConfig><OWASP2021>1</OWASP2021></ReportConfig>

PCI31

<ReportConfig>PCI31>1</PCI31></ReportConfig>

SOX

<ReportConfig>SOX>1</SOX></ReportConfig>

PrivacyComments

<ReportConfig><Comments>1</Comments></ReportConfig>

Cookies

<ReportConfig><Cookies>1</Cookies></ReportConfig>

Privacy

<ReportConfig><Privacy>1</Privacy></ReportConfig>

JSONAttack Locations

<ReportConfig><AttackLocationsJSON>0</AttackLocationsJSON></ReportConfig>

Attack Modules

<ReportConfig><AttackModulesJSON>1</AttackModulesJSON></ReportConfig>

Attack Vectors

<ReportConfig><AttackVectorsJSON>1</AttackVectorsJSON></ReportConfig>

Browser Links

<ReportConfig><BrowserLinksJSON>1</BrowserLinksJSON></ReportConfig>

Crawl Results

<ReportConfig><CrawlResultsJSON>1</CrawlResultsJSON></ReportConfig>

Crawled Links

<ReportConfig><CrawledLinksJSON>1</CrawledLinksJSON></ReportConfig>

Findings

<ReportConfig><FindingsJSON>1</FindingsJSON></ReportConfig>

Forms

<ReportConfig><FormsJSON>1</FormsJSON></ReportConfig>

Scan Status

<ReportConfig><ScanStatusJSON>1</ScanStatusJSON></ReportConfig>

UserMessage Log Entries

<ReportConfig><UserMessageLogEntriesJSON>1</UserMessageLogEntriesJSON></ReportConfig>

Validation

<ReportConfig><ValidationJSON>1</ValidationJSON></ReportConfig>

Vulnerabilities Summary

<ReportConfig><VulnerabilitiesSummaryJSON>0</VulnerabilitiesSummaryJSON></ReportConfig>

Web Resources

<ReportConfig><WebResourcesJSON>1</WebResourcesJSON></ReportConfig>

WebAppScan Selected Children

<ReportConfig><WebAppScanSelectedChildrenJSON>1</WebAppScanSelectedChildrenJSON></ReportConfig>

WebSites

<ReportConfig><WebSitesJSON>1</WebSitesJSON></ReportConfig>

AdvancedConfidence

<ReportConfig><Confidence>1</Confidence></ReportConfig>

IncludeDbInZip

<ReportConfig><IncludeDbInZip>0</IncludeDbInZip></ReportConfig>

OWASP2017

<ReportConfig><OWASP2017>0</OWASP2017></ReportConfig>

OWASP2010

<ReportConfig><OWASP2010>0</OWASP2010></ReportConfig>

OWASP2013

<ReportConfig><OWASP2013>0</OWASP2013></ReportConfig>

PCI

<ReportConfig><PCI>0</PCI></ReportConfig>

PCI30

<ReportConfig><PCI31>1</PCI31></ReportConfig>

TreatNTOEFindingFlagsSameAsUI

<ReportConfig><XML>0</XML></ReportConfig>

UseSQLite

<ReportConfig><UseSQLite>0</UseSQLite></ReportConfig>

ValidateApplet

<ReportConfig><ValidateApplet>1</ValidateApplet></ReportConfig>

Generate PDF

<ReportConfig><PDF>0</PDF></ReportConfig>

Create report ZIP file

<ReportConfig><ZipReport>0</ZipReport></ReportConfig>

Web service

AppSpider web GUI fieldsXML config
Restrict scan to Swagger imported files

<CrawlConfig><RestrictToSwagger>0</RestrictToSwagger></CrawlConfig>

Restrict scan to Web Service

<CrawlConfig><RestrictToWebService>0</RestrictToWebService></CrawlConfig>

SwaggerProvide a hostname to overwrite the hostname from the swagger file

<WebServiceConfig><SwaggerHostName></SwaggerHostName></WebServiceConfig>

Swagger List

"<WebServiceConfig><SwaggerFileList><SwaggerFile><Value>swagger file</Value><PreferredContentType></PreferredContentType><JSONFileURL></JSONFileURL><HostName></HostName></SwaggerFile></SwaggerFileList></WebServiceConfig>"

WSDLAuto discover

<WebServiceConfig><AutoDiscoverWSDL>1</AutoDiscoverWSDL></WebServiceConfig>

Content Type

<WebServiceConfig><ContentType></ContentType></WebServiceConfig>

RegEx

<WebServiceConfig><WsdlRegex>([?]wsdl|[.]wsdl)$</WsdlRegex></WebServiceConfig>

Web services ehancements<WebServiceConfig><WebServicesEnhancements>0</WebServicesEnhancements></WebServiceConfig>
User name

<WebServiceConfig><Username></Username></WebServiceConfig>

Password

<WebServiceConfig><Password></Password></WebServiceConfig>

Password option

<WebServiceConfig><PasswordOption>Hashed</PasswordOption></WebServiceConfig>

WSDLs list

<WebServiceConfig><WsdlList><Wsdl><Value>wsdl file</Value></Wsdl></WsdlList></WebServiceConfig>

Web service authenticationCustom web service authentication

<WebServiceAuthConfig><Enabled>1</Enabled></WebServiceAuthConfig>

Web service

<WebServiceAuthConfig><AuthWSDL>C:\Users\jsmith.TOR\Downloads\wcfJsonTickelia.wsdl</AuthWSDL></WebServiceAuthConfig>

Authentication web method

<WebServiceAuthConfig><AuthWebMethod></AuthWebMethod></WebServiceAuthConfig>

Extract and apply Authentication Token

<WebServiceAuthConfig><ExtractAuthToken>1</ExtractAuthToken></WebServiceAuthConfig>

AuthToken parameter name in the Authentication method response

<WebServiceAuthConfig><GetAuthTokenXPath></GetAuthTokenXPath></WebServiceAuthConfig>

AuthToken parameter name in regualt (non-auth) method request

<WebServiceAuthConfig><PutAuthTokenXPath></PutAuthTokenXPath></WebServiceAuthConfig>

Recorded traffic
AppSpider Web GUI fieldsXML config
Restrict scan to recorded traffic

<CrawlConfig><RestrictToManualCrawling>0</RestrictToManualCrawling></CrawlConfig>

Traffic file List

<ManualCrawlingConfig><TrafficFileList><TrafficFile><TrafficFileName>traffic file</TrafficFileName><TrafficFilePassword></TrafficFilePassword><AttackAsSequence>0</AttackAsSequence><BeginAttackRequest>0</BeginAttackRequest><EndAttackRequest>-1</EndAttackRequest></TrafficFile></TrafficFileList></ManualCrawlingConfig>

Import Cookies From Traffic

<CrawlConfig><ImportCookiesFromTraffic>0</ImportCookiesFromTraffic></CrawlConfig>

Browser macro
AppSpider Web GUI fieldsXML Config
Restrict scan to MACRO

<CrawlConfig><RestrictToMacro>0</RestrictToMacro></CrawlConfig>

Macro record files

<MacroConfig><MacroFileList><MacroFile><MacroFileName>macro file</MacroFileName><JavaScriptEngine>Default</JavaScriptEngine><ShowInBrowser>0</ShowInBrowser><ReplaySpeed>1</ReplaySpeed><ASAPMode>1</ASAPMode><ASAPModeMinDelay>3000</ASAPModeMinDelay><ExtraDelayAfterMacro>2000</ExtraDelayAfterMacro><AttackAsSequence>0</AttackAsSequence><SequenceConfig><ResetSession>1<ResetSession><AutoSequenceConfig>1</AutoSequenceConfig><ManualSequenceConfig></ManualSequenceConfig></SequenceConfig><WebDriverConfig><ChromeDriverPort>1235</ChromeDriverPort><ChromeDebugPort>1234</ChromeDebugPort></WebDriverConfig></MacroFile></MacroFileList></MacroConfig>

Selenium recordings
AppSpider web GUI fieldsXML config
Restrict scan to Selenium recording

<CrawlConfig><RestrictToSelenium>0</RestrictToSelenium></CrawlConfig>

Selenium record files

<SeleniumConfig><SeleniumFileList><SeleniumFile><SeleniumFileName><![CDATA[C:\Users\jsmith.TOR\Downloads\simple selenium test files\local_driver_login.jar]]></SeleniumFileName></SeleniumFile></SeleniumFileList></SeleniumConfig>

Web Driver

<SeleniumConfig><WebDriverForHtml>Chrome</WebDriverForHtml></SeleniumConfig>

Parameters training
AppSpider Web GUI fieldsXML config
SimpleParameter

<ParameterValueConfig><ParameterValueList><ParameterValue><br><Parameter></Parameter><br></ParameterValue></ParameterValueList></ParameterValueConfig>

Value

<ParameterValueConfig><ParameterValueList><ParameterValue><br><Value></Value><br></ParameterValue></ParameterValueList></ParameterValueConfig>

Match Criteria

<ParameterValueConfig><ParameterValueList><ParameterValue><br><MatchCriteria>Literal</MatchCriteria><br></ParameterValue></ParameterValueList></ParameterValueConfig>

Advanced

<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><PatternName>Username</PatternName><Types>text,textarea</Types><Language>en</Language><Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match><Value>%RANDALPHANUM%</Value><ValueMatch></ValueMatch><MatchCriteria>Regex</MatchCriteria></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>

Pattern

<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><PatternName>Username</PatternName></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>

Text Match

"<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><Match>user[:space:]*name|member[:space:]*(name|id)|user|login|usr.(name|id)</Match></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>"

Value Match

<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><ValueMatch></ValueMatch></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>

Value

"<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><Value>%RANDALPHANUM%</Value></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>"

Language

"<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><Language>en</Language></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>"

Match Type

"<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><MatchCriteria>Regex</MatchCriteria></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>"

Control Types

"<ParameterTrainingConfig><TrainingParameterList><TrainingParameter><Types>text,textarea</Types></TrainingParameter></TrainingParameterList></ParameterTrainingConfig>"

Custom URLs
AppSpider web GUI fieldXML config
Custom ParsersName

<ParameterParserConfig><MultiRegexURLParserConfigList><ParserName>name</ParserName><MultiRegexURLParserConfig></ParameterParserConfig>

Rule Regex

<ParameterParserConfig><MultiRegexURLParserConfigList><RuleRegex>.*</RuleRegex><MultiRegexURLParserConfig></ParameterParserConfig>

Path Regex

<ParameterParserConfig><MultiRegexURLParserConfigList><PathRegex>([^=./;]+)[=.]([^/;]*)|([^=./;]+)</PathRegex><MultiRegexURLParserConfig></ParameterParserConfig>

Query Regex

<ParameterParserConfig><MultiRegexURLParserConfigList><QueryRegex>^=&]+)=([^&]*)|([^=&]+)</QueryRegex><MultiRegexURLParserConfig></ParameterParserConfig>

Path Groups

<ParameterParserConfig><MultiRegexURLParserConfigList><PathParameterGroups>1,2:-1,3</PathParameterGroups><MultiRegexURLParserConfig></ParameterParserConfig>

Query Groups

<ParameterParserConfig><MultiRegexURLParserConfigList><QueryParameterGroups>1,2:-1,3</QueryParameterGroups><MultiRegexURLParserConfig></ParameterParserConfig>

Advanced options
AppSpider web GUI fieldsXML config
AnalyzerConfig

<AnalyzerConfig></AnalyzerConfig>

AttackerConfig

<AttackerConfig></AttackerConfig>

AttackPolicyConfig

<AttackPolicyConfig></AttackPolicyConfig>

AuthConfig

<AuthConfig></AuthConfig>

AutoSequenceConfig

<AutoSequenceConfig></AutoSequenceConfig>

ChromeHostConfig

<ChromeHostConfig></ChromeHostConfig>

CrawlConfig

<CrawlConfig></CrawlConfig>

CVSSConfig

<CVSSConfig>CVSSConfig>

HTTPHeadersConfig

<HTTPHeadersConfig></HTTPHeadersConfig>

MacroConfig

<MacroConfig></MacroConfig>

ManualCrawlingConfig

<ManualCrawlingConfig></ManualCrawlingConfig>

NetworkSettingsConfig

<NetworkSettingsConfig></NetworkSettingsConfig>

NexposeRESTConfig<NexposeRESTConfig></NexposeRESTConfig>
OneTimeTokenConfig <OneTimeTokenConfig></OneTimeTokenConfig>
ParameterParserConfig<ParameterParserConfig></ParameterParserConfig>
ParameterTrainingConfig<ParameterTrainingConfig></ParameterTrainingConfig>
ParameterValueConfig <ParameterValueConfig></ParameterValueConfig>
PerformanceConfig <PerformanceConfig></PerformanceConfig>
ProxyConfig <ProxyConfig></ProxyConfig>
RemediationConfig <RemediationConfig></RemediationConfig>
ReportConfig <ReportConfig></ReportConfig>
RTCConfig <RTCConfig></RTCConfig>
ScheduleConfig <ScheduleConfig></ScheduleConfig>
SeleniumConfig <SeleniumConfig></SeleniumConfig>
SiteTechnologyConfig <SiteTechnologyConfig></SiteTechnologyConfig>
SSLCertConfig <SSLCertConfig></SSLCertConfig>
SystemRecommendationsConfig <SystemRecommendationsConfig></SystemRecommendationsConfig>
WAFConfig <WAFConfig><WAFConfig>
WebServiceConfig <WebServiceConfig></WebServiceConfig>