This panel allows you to configure cookies and HTTP parameters that will be excluded from security checks and also HTTP headers that will be included in security checks.
•
Excluded Cookies
Cookie Name Expression Filter
This is a list of cookies that will be excluded from N-Stalker's scan engine security tests. It is usually efficient to remove common session cookies from security tests (as they are already exhaustively tested against common problems). You may add/remove cookie patterns using "Plus/Minus" button in the upper right corner.
•
Excluded Parameters
Parameter Name Expression Filter
This is a list of HTTP parameters (GET/POST/etc) that will be excluded from N-Stalker's scan engine security tests. It is usually efficient to remove common control variables from security tests (as they are already exhaustively tested against common problems). You may add/remove parameters using "Plus/Minus" button in the upper right corner.
•
Included HTTP Headers
Header Fields used for Security Tests
This is a list of HTTP header fields used by N-Stalker to perform security tests. Default values usually have some relation to the application itself and worth the assessment time. You may add/remove values using "Plus/Minus" button in the upper right corner.
