Attack Restrictions

Top  Previous  Next

This panel allows you to configure cookies and HTTP parameters that will be excluded from security checks and also HTTP headers that will be included in security checks.

 

Excluded Cookies

 

attack-1

 

Cookie Name Expression Filter

This is a list of cookies that will be excluded from N-Stalker's scan engine security tests. It is usually efficient to remove common session cookies from security tests (as they are already exhaustively tested against common problems). You may add/remove cookie patterns using "Plus/Minus" button in the upper right corner.

 

Excluded Parameters

 

attack-2

 

Parameter Name Expression Filter

This is a list of HTTP parameters (GET/POST/etc) that will be excluded from N-Stalker's scan engine security tests. It is usually efficient to remove common control variables from security tests (as they are already exhaustively tested against common problems). You may add/remove parameters using "Plus/Minus" button in the upper right corner.

 

Included HTTP Headers

 

attack-3

 

Header Fields used for Security Tests

This is a list of HTTP header fields used by N-Stalker to perform security tests. Default values usually have some relation to the application itself and worth the assessment time. You may add/remove values using "Plus/Minus" button in the upper right corner.