This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 36575686 | 0.041 | 83 |
| Cookie Slack Detector | beta | 659092 | 0.035 | 14 |
| Proxy Disclosure | beta | 645994 | 0.02 | 55 |
| Hidden File Found | release | 571515 | 0.122 | 42 |
| SQL Injection | release | 342092 | 16 | 128 |
| Backup File Disclosure | beta | 288253 | 0.452 | 65 |
| CORS Header | beta | 206883 | 0.069 | 34 |
| Directory Browsing | release | 176632 | 0 | 17 |
| GET for POST | release | 129441 | 0 | 9 |
| Insecure HTTP Method | beta | 127733 | 0 | 13 |
| SQL Injection - SQLite | release | 126192 | 0.037 | 34 |
| XSLT Injection | release | 86938 | 0.561 | 46 |
| Relative Path Confusion | beta | 81332 | 0 | 16 |
| Cross Site Scripting (Reflected) | release | 71503 | 0.001 | 43 |
| Path Traversal | release | 54254 | 0.085 | 212 |
| Bypassing 403 | beta | 53223 | 0.158 | 17 |
| HTTPS Content Available via HTTP | beta | 51908 | 0 | 32 |
| Buffer Overflow | release | 46687 | 0 | 9 |
| Format String Error | release | 39197 | 0.044 | 11 |
| Anti-CSRF Tokens Check | beta | 34691 | 0.011 | 16 |
| SQL Injection - Oracle | release | 26420 | 0.164 | 22 |
| Parameter Tampering | release | 23097 | 0 | 28 |
| Cloud Metadata Potentially Exposed | release | 20537 | 0.223 | 9 |
| Source Code Disclosure - File Inclusion | beta | 19525 | 0.119 | 7 |
| .htaccess Information Leak | release | 16445 | 0.109 | 9 |
| Cross Site Scripting (DOM Based) | release | 16409 | 0 | 210 |
| .env Information Leak | release | 11733 | 0.153 | 11 |
| Advanced SQL Injection | beta | 9872 | 0 | 953 |
| Trace.axd Information Leak | release | 8862 | 0.215 | 11 |
| NoSQL Injection - MongoDB | alpha | 8508 | 0 | 57 |