This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 39293116 | 0.049 | 98 |
| Cookie Slack Detector | beta | 586827 | 0.04 | 19 |
| XSLT Injection | release | 582714 | 0.066 | 65 |
| Proxy Disclosure | beta | 566380 | 0.045 | 63 |
| Hidden File Found | release | 530757 | 0.061 | 68 |
| SQL Injection | release | 500935 | 0.071 | 106 |
| GET for POST | release | 345295 | 0 | 16 |
| CORS Header | beta | 297658 | 0.129 | 36 |
| .htaccess Information Leak | release | 235206 | 0.003 | 15 |
| SQL Injection - SQLite | release | 194150 | 0.025 | 37 |
| Backup File Disclosure | beta | 187677 | 0.8 | 51 |
| Directory Browsing | release | 164035 | 0 | 29 |
| Path Traversal | release | 140169 | 0.05 | 146 |
| Insecure HTTP Method | beta | 107754 | 0.002 | 15 |
| Cross Site Scripting (Reflected) | release | 99457 | 0.004 | 98 |
| Anti-CSRF Tokens Check | beta | 97138 | 0.023 | 15 |
| Cloud Metadata Potentially Exposed | release | 61965 | 0.196 | 8 |
| .env Information Leak | release | 53788 | 0.013 | 16 |
| Trace.axd Information Leak | release | 52990 | 0.014 | 21 |
| SQL Injection - Oracle | release | 50874 | 0.07 | 30 |
| Bypassing 403 | beta | 38866 | 0.201 | 24 |
| Spring4Shell | release | 35946 | 0.014 | 32 |
| HTTPS Content Available via HTTP | beta | 35876 | 0 | 16 |
| Relative Path Confusion | beta | 35653 | 0 | 18 |
| Buffer Overflow | release | 34655 | 0 | 11 |
| Format String Error | release | 23830 | 0.806 | 14 |
| Cross Site Scripting (DOM Based) | release | 16737 | 0 | 271 |
| Source Code Disclosure - File Inclusion | beta | 14598 | 0.121 | 11 |
| Integer Overflow Error | beta | 12903 | 0.009 | 14 |
| Server Side Include | release | 12762 | 0 | 45 |