This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 38693201 | 0.049 | 82 |
| Cookie Slack Detector | beta | 820114 | 0.033 | 17 |
| Proxy Disclosure | beta | 751052 | 0.104 | 57 |
| Hidden File Found | release | 505124 | 0.173 | 47 |
| Backup File Disclosure | beta | 449212 | 0.319 | 70 |
| SQL Injection | release | 368347 | 0.128 | 110 |
| CORS Header | beta | 323906 | 0.194 | 32 |
| GET for POST | release | 284247 | 0 | 14 |
| Directory Browsing | release | 214756 | 0 | 25 |
| SQL Injection - SQLite | release | 179336 | 0.046 | 38 |
| XSLT Injection | release | 146669 | 0.333 | 62 |
| Cross Site Scripting (Reflected) | release | 103504 | 0.006 | 59 |
| Insecure HTTP Method | beta | 85847 | 0.026 | 12 |
| Path Traversal | release | 84690 | 0.126 | 182 |
| .htaccess Information Leak | release | 81392 | 0.031 | 13 |
| Buffer Overflow | release | 66261 | 0 | 8 |
| Cloud Metadata Potentially Exposed | release | 62805 | 0.201 | 5 |
| Anti-CSRF Tokens Check | beta | 58301 | 0.116 | 10 |
| .env Information Leak | release | 56687 | 0.045 | 12 |
| Trace.axd Information Leak | release | 55439 | 0.049 | 15 |
| Relative Path Confusion | beta | 50585 | 0 | 12 |
| SQL Injection - Oracle | release | 44359 | 0.086 | 38 |
| Bypassing 403 | beta | 43732 | 0.203 | 23 |
| Format String Error | release | 39825 | 0.392 | 12 |
| HTTPS Content Available via HTTP | beta | 34888 | 0 | 12 |
| Cross Site Scripting (DOM Based) | release | 24931 | 0.002 | 248 |
| Generic Padding Oracle | release | 20302 | 0.001 | 15 |
| Spring4Shell | release | 19938 | 0.058 | 27 |
| Source Code Disclosure - File Inclusion | beta | 19301 | 0.296 | 8 |
| Server Side Template Injection | release | 16606 | 0 | 77 |