This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 49569782 | 0.04 | 99 |
| Hidden File Found | release | 876814 | 0.057 | 28 |
| Cookie Slack Detector | beta | 774690 | 0.026 | 9 |
| Proxy Disclosure | beta | 709520 | 0.06 | 49 |
| SOAP Action Spoofing | beta | 391193 | 0 | 12 |
| SQL Injection | release | 313774 | 12.131 | 89 |
| Backup File Disclosure | beta | 273944 | 0.786 | 39 |
| GET for POST | release | 265951 | 0.001 | 12 |
| CORS Header | beta | 246604 | 0.023 | 45 |
| Directory Browsing | release | 213543 | 0 | 21 |
| SQL Injection - SQLite | release | 165559 | 0.108 | 29 |
| Insecure HTTP Method | beta | 146980 | 0.024 | 11 |
| SOAP XML Injection | beta | 140931 | 0.002 | 9 |
| XSLT Injection | release | 98845 | 0.016 | 50 |
| Path Traversal | release | 74355 | 0.011 | 122 |
| Cross Site Scripting (Reflected) | release | 69869 | 0.082 | 48 |
| Buffer Overflow | release | 65579 | 0.027 | 9 |
| Relative Path Confusion | beta | 63152 | 0 | 9 |
| Bypassing 403 | beta | 46589 | 0.071 | 15 |
| SQL Injection - Oracle | release | 41640 | 0.099 | 23 |
| HTTPS Content Available via HTTP | beta | 33386 | 0 | 10 |
| Source Code Disclosure - File Inclusion | beta | 29813 | 0.944 | 6 |
| Format String Error | release | 26524 | 0.235 | 11 |
| .htaccess Information Leak | release | 24290 | 0 | 10 |
| .env Information Leak | release | 22812 | 0 | 11 |
| Parameter Tampering | release | 18894 | 0.004 | 27 |
| Anti-CSRF Tokens Check | beta | 17346 | 0.006 | 7 |
| Cross Site Scripting (DOM Based) | release | 14564 | 0 | 226 |
| Spring4Shell | release | 14355 | 0.021 | 31 |
| Trace.axd Information Leak | release | 14303 | 0 | 13 |