This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 30335476 | 0.048 | 102 |
| SQL Injection | release | 1447156 | 0.024 | 235 |
| NoSQL Injection - MongoDB | alpha | 1423456 | 0 | 329 |
| Cookie Slack Detector | beta | 496532 | 0.028 | 12 |
| Hidden File Found | release | 376248 | 0.004 | 68 |
| Proxy Disclosure | beta | 333520 | 0.004 | 54 |
| CORS Header | beta | 182883 | 0.001 | 29 |
| Backup File Disclosure | beta | 151129 | 0.959 | 434 |
| SQL Injection - SQLite | release | 145641 | 0.004 | 139 |
| GET for POST | release | 137918 | 0 | 99 |
| Anti-CSRF Tokens Check | beta | 129110 | 1.072 | 12 |
| Directory Browsing | release | 127606 | 0 | 241 |
| .htaccess Information Leak | release | 119411 | 0 | 114 |
| Cross Site Scripting (Reflected) | release | 111775 | 0.001 | 62 |
| XSLT Injection | release | 97781 | 1.328 | 72 |
| Insecure HTTP Method | beta | 85325 | 0 | 9 |
| Path Traversal | release | 59180 | 0.04 | 299 |
| .env Information Leak | release | 53381 | 0 | 10 |
| Trace.axd Information Leak | release | 50381 | 0 | 13 |
| Cloud Metadata Potentially Exposed | release | 50130 | 0 | 51 |
| Buffer Overflow | release | 46298 | 0 | 11 |
| SQL Injection - Oracle | release | 43799 | 0 | 32 |
| Relative Path Confusion | beta | 37519 | 0 | 17 |
| HTTPS Content Available via HTTP | beta | 30109 | 0 | 523 |
| Bypassing 403 | beta | 27048 | 0.158 | 12 |
| Source Code Disclosure - File Inclusion | beta | 21221 | 0.054 | 8 |
| Cross Site Scripting (DOM Based) | release | 18633 | 0 | 3417 |
| Format String Error | release | 18008 | 0.179 | 15 |
| Source Code Disclosure - CVE-2012-1823 | release | 17717 | 0 | 66 |
| Spring4Shell | beta | 16431 | 0.029 | 53 |