ZAP – Active Scan Rule Stats Last Month

This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.

For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics

Alert	Status	Alert Count	False Positive %	Average Time in Secs
User Agent Fuzzer	release	48314463	0.025	84
Hidden File Found	release	879327	0.045	26
Cookie Slack Detector	beta	876363	0.011	11
Proxy Disclosure	beta	741748	0.055	36
SQL Injection	release	292261	15.615	77
Directory Browsing	release	277014	0	18
CORS Header	beta	270422	0.016	27
Backup File Disclosure	beta	211362	0.652	43
GET for POST	release	208981	0.002	9
SQL Injection - SQLite	release	176494	0.154	28
XSLT Injection	release	119072	0.004	41
Insecure HTTP Method	beta	91307	0.017	8
Cross Site Scripting (Reflected)	release	80302	0.001	34
Bypassing 403	beta	74688	0.034	12
Path Traversal	release	71724	0.052	179
Relative Path Confusion	beta	67954	0	9
Buffer Overflow	release	51627	0.119	7
SQL Injection - Oracle	release	37729	0.1	27
HTTPS Content Available via HTTP	beta	36387	0	8
Source Code Disclosure - File Inclusion	beta	33511	0.075	6
Anti-CSRF Tokens Check	beta	31940	0	8
Format String Error	release	29252	0.06	10
Spring4Shell	release	23504	0	23
.htaccess Information Leak	release	20620	0.071	8
Cross Site Scripting (DOM Based)	release	18628	0	223
Parameter Tampering	release	16394	0	23
Cloud Metadata Potentially Exposed	release	15655	0.146	10
.env Information Leak	release	14407	0.102	9
External Redirect	release	10955	0	50
Cross Site Scripting (Persistent)	release	9055	0.027	10