This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 40495496 | 0.047 | 104 |
| Hidden File Found | release | 779875 | 0.111 | 21 |
| Cookie Slack Detector | beta | 590002 | 0.023 | 17 |
| Proxy Disclosure | beta | 564893 | 0.068 | 50 |
| SOAP Action Spoofing | beta | 507876 | 0 | 6 |
| SQL Injection | release | 331498 | 9.074 | 68 |
| Backup File Disclosure | beta | 273181 | 0.746 | 55 |
| CORS Header | beta | 261956 | 0.025 | 37 |
| Insecure HTTP Method | beta | 188587 | 0.008 | 13 |
| GET for POST | release | 180407 | 0.006 | 8 |
| Directory Browsing | release | 178067 | 0 | 15 |
| SQL Injection - SQLite | release | 135771 | 0.225 | 20 |
| XSLT Injection | release | 134672 | 0.001 | 34 |
| SOAP XML Injection | beta | 113664 | 0.009 | 5 |
| Relative Path Confusion | beta | 101909 | 0 | 14 |
| Path Traversal | release | 90676 | 0.005 | 98 |
| Cross Site Scripting (Reflected) | release | 78624 | 0.002 | 35 |
| SQL Injection - Oracle | release | 48796 | 0.119 | 16 |
| Buffer Overflow | release | 45709 | 0.021 | 7 |
| HTTPS Content Available via HTTP | beta | 44397 | 0 | 13 |
| Bypassing 403 | beta | 41235 | 0.073 | 15 |
| Format String Error | release | 29078 | 0.08 | 8 |
| .htaccess Information Leak | release | 23276 | 0 | 8 |
| .env Information Leak | release | 20163 | 0 | 8 |
| Source Code Disclosure - File Inclusion | beta | 16246 | 0.993 | 16 |
| Cross Site Scripting (Persistent) | release | 15454 | 0.027 | 8 |
| Spring4Shell | release | 15227 | 0.123 | -13 |
| Cross Site Scripting (DOM Based) | release | 14823 | 0 | 177 |
| Source Code Disclosure - SVN | beta | 14709 | 0.121 | 15 |
| Trace.axd Information Leak | release | 14061 | 0 | 9 |