This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 35084124 | 0.052 | 83 |
| Cookie Slack Detector | beta | 621369 | 0.027 | 15 |
| Proxy Disclosure | beta | 584015 | 0.086 | 60 |
| Hidden File Found | release | 467222 | 0.115 | 66 |
| Backup File Disclosure | beta | 376512 | 0.392 | 65 |
| CORS Header | beta | 265301 | 0.068 | 29 |
| SQL Injection | release | 240765 | 0.163 | 113 |
| XSLT Injection | release | 185596 | 0.254 | 67 |
| GET for POST | release | 164552 | 0 | 13 |
| SQL Injection - SQLite | release | 156463 | 0.042 | 36 |
| Directory Browsing | release | 132860 | 0 | 26 |
| Insecure HTTP Method | beta | 85550 | 0.014 | 10 |
| Cross Site Scripting (Reflected) | release | 83478 | 0.007 | 53 |
| .htaccess Information Leak | release | 74302 | 0.022 | 13 |
| Path Traversal | release | 69710 | 0.183 | 227 |
| Anti-CSRF Tokens Check | beta | 53966 | 0.123 | 9 |
| SOAP Action Spoofing | beta | 49878 | 0 | 10 |
| Cloud Metadata Potentially Exposed | release | 47122 | 0.327 | 8 |
| Relative Path Confusion | beta | 44238 | 0 | 11 |
| .env Information Leak | release | 43848 | 0.037 | 12 |
| Trace.axd Information Leak | release | 43281 | 0.041 | 14 |
| Buffer Overflow | release | 42954 | 0 | 14 |
| Bypassing 403 | beta | 42679 | 0.149 | 20 |
| SQL Injection - Oracle | release | 38375 | 0.06 | 38 |
| Format String Error | release | 37576 | 0.375 | 22 |
| HTTPS Content Available via HTTP | beta | 34583 | 0 | 11 |
| Advanced SQL Injection | beta | 19562 | 0.005 | 1010 |
| Cross Site Scripting (DOM Based) | release | 15579 | 0 | 533 |
| Source Code Disclosure - File Inclusion | beta | 15307 | 0.162 | 6 |
| Parameter Tampering | release | 12630 | 0 | 37 |