This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 36512979 | 0.05 | 112 |
| Cookie Slack Detector | beta | 638452 | 0.035 | 13 |
| Proxy Disclosure | beta | 603623 | 0.078 | 53 |
| Hidden File Found | release | 575766 | 0.327 | 59 |
| Backup File Disclosure | beta | 307160 | 0.494 | 57 |
| CORS Header | beta | 251959 | 0.072 | 34 |
| SQL Injection | release | 251545 | 11.537 | 93 |
| Directory Browsing | release | 192004 | 0 | 18 |
| Server Side Include | release | 158789 | 0 | 38 |
| SQL Injection - SQLite | release | 150784 | 0.028 | 37 |
| GET for POST | release | 143367 | 0 | 15 |
| Insecure HTTP Method | beta | 118875 | 0.011 | 11 |
| XSLT Injection | release | 112213 | 0.422 | 49 |
| Format String Error | release | 86688 | 0.048 | 13 |
| Cross Site Scripting (Reflected) | release | 71255 | 0 | 47 |
| .htaccess Information Leak | release | 59955 | 0.101 | 10 |
| Path Traversal | release | 56071 | 0.053 | 245 |
| Buffer Overflow | release | 54709 | 0 | 11 |
| Bypassing 403 | beta | 52647 | 0.136 | 20 |
| Anti-CSRF Tokens Check | beta | 44840 | 0.171 | 16 |
| HTTPS Content Available via HTTP | beta | 44755 | 0 | 14 |
| Relative Path Confusion | beta | 44733 | 0 | 23 |
| .env Information Leak | release | 37542 | 0.161 | 9 |
| Trace.axd Information Leak | release | 36183 | 0.183 | 11 |
| SQL Injection - Oracle | release | 35342 | 0.069 | 29 |
| Cloud Metadata Potentially Exposed | release | 31638 | 0.259 | 7 |
| Parameter Tampering | release | 20515 | 0 | 30 |
| Spring4Shell | release | 11903 | 0 | 40 |
| Advanced SQL Injection | beta | 11827 | 0 | 1281 |
| Source Code Disclosure - File Inclusion | beta | 11663 | 0.198 | 6 |