This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 43230179 | 0.041 | 62 |
| Cookie Slack Detector | beta | 710323 | 0.022 | 11 |
| Hidden File Found | release | 649836 | 0.157 | 35 |
| Proxy Disclosure | beta | 567567 | 0.058 | 54 |
| SQL Injection | release | 434474 | 12.286 | 84 |
| Backup File Disclosure | beta | 266871 | 0.555 | 52 |
| Directory Browsing | release | 223563 | 0 | 18 |
| CORS Header | beta | 208606 | 0.017 | 32 |
| SQL Injection - SQLite | release | 153374 | 0.034 | 33 |
| GET for POST | release | 144056 | 0 | 9 |
| Insecure HTTP Method | beta | 127590 | 0.077 | 9 |
| Cross Site Scripting (Reflected) | release | 90055 | 0.004 | 39 |
| XSLT Injection | release | 88079 | 0.005 | 46 |
| Path Traversal | release | 76581 | 0.093 | 147 |
| Relative Path Confusion | beta | 68685 | 0 | 16 |
| Bypassing 403 | beta | 63802 | 0.099 | 17 |
| Buffer Overflow | release | 48048 | 0 | 8 |
| HTTPS Content Available via HTTP | beta | 46332 | 0 | 13 |
| Format String Error | release | 41260 | 0.065 | 10 |
| SQL Injection - Oracle | release | 39102 | 0.179 | 31 |
| Anti-CSRF Tokens Check | beta | 38292 | 0.008 | 9 |
| .htaccess Information Leak | release | 27231 | 0.101 | 9 |
| Parameter Tampering | release | 25312 | 0 | 30 |
| SOAP Action Spoofing | beta | 24601 | 0 | 11 |
| Source Code Disclosure - File Inclusion | beta | 23180 | 0.094 | 8 |
| Trace.axd Information Leak | release | 21385 | 0.137 | 11 |
| Cloud Metadata Potentially Exposed | release | 21290 | 0.26 | 10 |
| .env Information Leak | release | 20474 | 0.134 | 10 |
| Spring4Shell | release | 17977 | 0.001 | 26 |
| External Redirect | release | 17951 | 0 | 53 |