if (c.get().length < 8) C.isValid = !1, c.hasErrors = !0, c.errors = [{
                message: "Password too short"
            }];
            else if (c.get().length > 256) C.isValid = !1, c.hasErrors = !0, c.errors = [{
            message: "Password too long" 
        }];
        else if (/^[a-zA-Z0-9`~!@#\$%^&*()_=+\[\]{};:'",.<>\/? -]*$/.test(c.get())) {
            var e = 0;
            /[a-z]/.test(c.get()) && (e += 1), /[A-Z]/.test(c.get()) && (e += 1), /[0-9]/.test(c.get()) && (e += 1), /[`~!@#\$%^&*()_=+\[\]{};:'",.<>\/? -]/.test(c.get()) && (e += 2), 3 > e ? (C.isValid = !1, c.hasErrors = !0, c.errors = [{
                message: "Password too simple"
            }]) : (c.hasErrors = !1, c.errors.length = 0)
        } else C.isValid = !1, c.hasErrors = !0, c.errors = [{
            message: "Invalid symbols in password" 
        }]

Maybe they could've used https://github.com/dropbox/zxcvbn to determine password strength.

BinaryIdiot — thanks for a great feedback! I'll answer in several posts.

# What's Wallarm Cloud?

A very good question! We can't run machine-learning stuff on the Nodes as it is performance consuming thing. But we can get all the metrics from all the node (some of our customers have 300+ of them) and craft blocking rules in our cloud. We don't get data; we analyze only statistics. So, we don't have sensitive data. Also, it's possible to deploy a standalone version of Wallarm Cloud.

Here's how it works: 1. All web traffic is proxied through Wallarm Nodes which instantly block any malicious/abnormal request preventing it reaching the application. 2. To get rid of false positives and for better protection, Wallarm Nodes like New Relic agents share application metrics in exchange for an updated blocking ruleset. Wallarm Cloud crafts application profile, its structure, normal user behaviour—and updates corresponding blocking rules every 15 minutes using machine learning. Updated blocking rules are distributed among all the Wallarm Nodes. 3. A built-in vulnerability scanner discovers security flaws in an application and checks the actual severity of each payload detected in attacks (is it targeting existing vulnerability?) allowing to prioritize company defensive efforts.

The only case when we're receiving the data from the request when we detect a malicious request. We need this request to show analytics in the user interface and get a payload to check if it's targeting vulnerability. To avoid situations when we get sensitive data with attacks details, it's possible to configure Wallarm Node to cut all the data from sensitive fields (cookies, password, SSNs, etc.). We have companies with HIPAA certificates.

Look at: https://wallarm.com/how-it-works.html

# Password and registration

Almost the whole team is almost paranoid about the passwords. But I totally agree that requirement for the password are not clear now. Will make it work smoother.

- Seems too black-box-y to me. I'd like to see something more to the point. Then again I'm an engineer but typically for products like this I've found you need at least some engineer buy-in to sell it to a company.

Could you elaborate on this. What details do we need to add the website to make it less blackboxy? BTW, did you have a look at docs.wallarm.com?

> Why do I have a "permissions":["admin"] in my profile? :)

Congratulations! :) You're admin of your company. You can add another admin who can deploy nodes or can add analyst guys who can only view data on attacks and vulnerabilities you have.

Does it seem weird that you have Admin status?