AppSpider web GUI fields

AppSpider web GUI fields The following sections map AppSpider Pro GUI to the corresponding

attributes in the XML config.

Main

AppSpider web GUI fields	XML config
Scan Name	```webscantest```
URL List	```http://www.webscantest.com/```
Max Links	```5000```
Restrict scan to seed URLs	```0```
Browser	```Chrome```

Attack policy

AppSpider web GUI fields		XML configs
Attack Policy	Attack Policy Name	```All Modules```
	Attack Prioritization	```Smart```
	Attacks per input	```Smart```
	Attacks Collection	```0```
	Browser Encoding	```0```
	False Positive Regex	```This web browser does not support JavaScript or JavaScript in this web browser is not enabled.```
Module Policy	Enabled	```1```
	Name	```Anonymous Access```
	Severity	```Informational```
	Max Findings	```10```
Attack Locations	Attack	```Directory\|File\|Path\|Query\|Fragment\|Post\|Cookie\|Referer\|Http Header```
Type		N/A
Description		N/A

Proxy

AppSpider web GUI fields		XML config
Proxy settings		```Internet Explorer Settings```
Proxy requires authentication	User Name	```username```
Proxy requires authentication	Password	```password```

Authentication

AppSpider web GUI fields		XML config
Automated Login		```Form```
	User Name	```username```
	Password	```password```
	SSO	``````
Macro Authentication		```Macro```
	MacroRecordsFile	```MacroRecordsFile```
	Display Macro Replay	```0```
	Browser	```Default```
HTTP Authentication		```1```
	Use Form credentials	```Form```
	User Name	```username```
	Password	```password```
Scan Bootstrap		```Bootstrap```
Selenium Script Authentication		```Selenium```
	Web Driver	```Chrome```
	Selenium Script File	```SeleniumRecordsFile```
Proxy Log Authentication		```TrafficRecordsFile```
Proxy Log Authentication	Proxy Log File	``````
Session Hijacking		```Session Takeover```
	Session Cookie	```session cookie```
	Lock cookie values for duration of scan	```1```
	New cookie list	```new cookie```
HMAC		```Form```
	Username	```username```
	Secret Key	```HMACApiKey>secret key```
	Hash Algorithm	```32771```
	HMAC Generator DLL	```HMACHeaderGenerator.dll```
OAUTH		```1```
	Resource Server URL	```resource server url```
	Authorization Server URL	```/authorize```
	Redirect URI	```redirect uri```
	Client Scope	```client scope```
	Client Secret	```client secret```
	Client Id	```client id```
	Client State	```client state```
	Username	```username```
	Password	```pasword```
	Grant Type	```Implicit```
Advanced Settings		```Form```
Configure SSL Certificates	SSL Certificate	```Certificate```
		```file```
		```password```
	SSL Subject name	```Subject```
		```name```
		```pin```
	Logged In Regex	```logged in regex```
	Assume Good Login	```1```
	Allow Initial Redirect for Non-Form Auth Single Sign-on	```SSO Redirect```

Crawler restrictions

AppSpider web GUI fields		XML config
Comprehensiveness		``````
	Default	```200```
		```10```
		```5```
		```2```
		```20```
		```10```
		```5```
		```5```
		```1```
	Fast Scan	```500```
		```50```
		```25```
		```5```
		```400```
		```200```
		```25```
		```15```
		```2```
	URL	```https://www.webscantest.com/*```
	Match Type	```Literal```
	Action	```Exclude```
	VERB	```GET```

Attack restrictions

AppSpider web GUI fields		XML config
Inherit crawl restrictions		```1```
Attack restrictions	URL	```url```
	Match Type	```Wildcard```
	Action	```Include```
	VERB	```All```
Regular expression for parameters by name to be excluded from being attacked		```value```

HTTPs headers

AppSpider web GUI fields	XML config
Protocol	```HTTP/1.1```
User-Agent	```Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36```
Accept Header	```text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8```
Accept-Charset	``````
Accept-Language	```en-US```
Extra Header	```value```
Accept-Encoding	```gzip, deflate```
Cookie	```cookie```
Lock cookie values for duration of scan	```1```
Cookie to lock	```value```

Performance

AppSpider web GUI fields		XML config
Network Settings	Number of URL Retry Attempts	```5```
	Min Delay Between Requests, ms	```25```
	Connection Timeout, ms	```60000```
	Read Timeout, ms	```60000```
	Maximum Bandwidth, KB/s	```1200```
	Max Concurrent Requests (1-64)	```16```
	Server Load	```200```
		```8```
		```250```
		```25```
		```16```
		```500```
		```10```
		```32```
		```1000```
	Secure Protocols	```SSL3\|TLS1```
	Sequential Scan	```0```
	Anti DoS	```0```
Performance Settings	Max CPU Usage	```50```
	Maximum memory ceiling (Mb)	```5600```
	Disable system resources monitoring	```1```
Logging Options	Operation log	```1```

Reporting

AppSpider web GUI fields		XML config
XML	CrawledLinks XML	```0```
	Main	```0```
	Summary	```0```
Index	Application	```1```
	Database	```1```
	Executive Summary	```1```
	Index	```1```
	Resource Details	```0```
HTML	All-links	```1```
	App Threat Modeling	```1```
	Best Practices	```1```
	By Site	```0```
	Reflection	```1```
	Remediation Summary	```1```
	Resource Summary Breakdown	```0```
	Resources	```0```
	Server	```1```
	Site Links	```1```
	StatusAndConfig	```1```
	Vulnerabilities	```1```
	Vulnerabilities By Url Standalone	```0```
Compliance	CWESANS	```1```
	DISASTIG	```1```
	FISMA	```1```
	GDPR 2016	```1```
	GLB	```1```
	HIPAA	```1```
	OWASP 2017	```1```
	OWASP 2021	```1```
	PCI31	```PCI31>1```
	SOX	```SOX>1```
Privacy	Comments	```1```
	Cookies	```1```
	Privacy	```1```
JSON	Attack Locations	```0```
	Attack Modules	```1```
	Attack Vectors	```1```
	Browser Links	```1```
	Crawl Results	```1```
	Crawled Links	```1```
	Findings	```1```
	Forms	```1```
	Scan Status	```1```
	UserMessage Log Entries	```1```
	Validation	```1```
	Vulnerabilities Summary	```0```
	Web Resources	```1```
	WebAppScan Selected Children	```1```
	WebSites	```1```
Advanced	Confidence	```1```
	IncludeDbInZip	```0```
	OWASP2017	```0```
	OWASP2010	```0```
	OWASP2013	```0```
	PCI	```0```
	PCI30	```1```
	TreatNTOEFindingFlagsSameAsUI	```0```
	UseSQLite	```0```
	ValidateApplet	```1```
Generate PDF		```0```
Create report ZIP file		```0```

Web service

AppSpider web GUI fields		XML config
Restrict scan to Swagger imported files		```0```
Restrict scan to Web Service		```0```
Swagger	Provide a hostname to overwrite the hostname from the swagger file	``````
Swagger	Swagger List	```swagger file```
WSDL	Auto discover	```1```
	Content Type	``````
	RegEx	```([?]wsdl\|[.]wsdl)$```
	Web services ehancements	```0```
	User name	``````
	Password	``````
		Password option	```Hashed```
		WSDLs list	```wsdl file```
Web service authentication	Custom web service authentication	```1```
	Web service	```C:\Users\jsmith.TOR\Downloads\wcfJsonTickelia.wsdl```
	Authentication web method	``````
	Extract and apply Authentication Token	```1```
	AuthToken parameter name in the Authentication method response	``````
	AuthToken parameter name in regualt (non-auth) method request	``````

Recorded traffic

AppSpider Web GUI fields	XML config
Restrict scan to recorded traffic	```0```
Traffic file List	```traffic file00-1```
Import Cookies From Traffic	```0```

Browser macro

AppSpider Web GUI fields	XML Config
Restrict scan to MACRO	```0```
Macro record files	```macro fileDefault0113000200001112351234```

Selenium recordings

AppSpider web GUI fields	XML config
Restrict scan to Selenium recording	```0```
Selenium record files	``````
Web Driver	```Chrome```

Parameters training

AppSpider Web GUI fields		XML config
Simple	Parameter	``` ```
	Value	``` ```
	Match Criteria	``` Literal ```
Advanced		```Usernametext,textareaenuser[:space:]name\|member[:space:](name\|id)\|user\|login\|usr.(name\|id)%RANDALPHANUM%Regex```
	Pattern	```Username```
	Text Match	``` "user[:space:]name\|member[:space:](name\|id)\|user\|login\|usr.(name\|id)" ```
	Value Match	``````
	Value	``` "%RANDALPHANUM%" ```
	Language	``` "en" ```
	Match Type	``` "Regex" ```
	Control Types	``` "text,textarea" ```

Custom URLs

AppSpider web GUI field		XML config
Custom Parsers	Name	```name```
	Rule Regex	```.*```
	Path Regex	```([^=./;]+)[=.]([^/;]*)\|([^=./;]+)```
	Query Regex	```^=&]+)=([^&]*)\|([^=&]+)```
	Path Groups	```1,2:-1,3```
	Query Groups	```1,2:-1,3```

Advanced options

AppSpider web GUI fields	XML config
AnalyzerConfig	``````
AttackerConfig	``````
AttackPolicyConfig	``````
AuthConfig	``````
AutoSequenceConfig	``````
ChromeHostConfig	``````
CrawlConfig	``````
CVSSConfig	``````
HTTPHeadersConfig	``````
MacroConfig	``````
ManualCrawlingConfig	``````
NetworkSettingsConfig	``````
NexposeRESTConfig	``````
OneTimeTokenConfig	``````
ParameterParserConfig	``````
ParameterTrainingConfig	``````
ParameterValueConfig	``````
PerformanceConfig	``````
ProxyConfig	``````
RemediationConfig	``````
ReportConfig	``````
RTCConfig	``````
ScheduleConfig	``````
SeleniumConfig	``````
SiteTechnologyConfig	``````
SSLCertConfig	``````
SystemRecommendationsConfig	``````
WAFConfig	``````
WebServiceConfig	``````