This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 37767563 | 0.029 | 101 |
| CORS Header | beta | 851193 | 0 | 17 |
| SOAP Action Spoofing | beta | 577909 | 0 | 7 |
| Hidden File Found | release | 502583 | 0.008 | 22 |
| Cookie Slack Detector | beta | 366714 | 0.072 | 6 |
| Proxy Disclosure | beta | 366592 | 0.201 | 29 |
| SQL Injection | release | 315370 | 9.288 | 74 |
| Directory Browsing | release | 208484 | 0 | 16 |
| Backup File Disclosure | beta | 164523 | 1.151 | 34 |
| SQL Injection - SQLite | release | 162295 | 0.084 | 31 |
| GET for POST | release | 148171 | 0.007 | 14 |
| SOAP XML Injection | beta | 126270 | 0 | 7 |
| Cross Site Scripting (Reflected) | release | 87819 | 0 | 48 |
| Buffer Overflow | release | 83083 | 0.016 | 8 |
| Insecure HTTP Method | beta | 63152 | 0.092 | 6 |
| Path Traversal | release | 54103 | 0.009 | 99 |
| XSLT Injection | release | 28670 | 0 | 48 |
| Bypassing 403 | beta | 28410 | 0.19 | 10 |
| HTTPS Content Available via HTTP | beta | 24736 | 0 | 7 |
| Cross Site Scripting (DOM Based) | release | 24621 | 0 | 186 |
| Format String Error | release | 24408 | 0.081 | 11 |
| Relative Path Confusion | beta | 22792 | 0 | 6 |
| Source Code Disclosure - File Inclusion | beta | 22594 | 0.722 | 6 |
| Spring4Shell | release | 21687 | 0.047 | 31 |
| .htaccess Information Leak | release | 20585 | 0 | 10 |
| .env Information Leak | release | 16324 | 0 | 15 |
| Parameter Tampering | release | 11941 | 0 | 19 |
| Cross Site Scripting (Persistent) | release | 11143 | 0.018 | 13 |
| Integer Overflow Error | beta | 9608 | 0 | 7 |
| SQL Injection - Oracle | release | 8351 | 0 | 23 |