This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 30216982 | 0.035 | 64 |
| HTTPS Content Available via HTTP | beta | 985717 | 0 | 18 |
| SOAP Action Spoofing | beta | 648327 | 0 | 5 |
| CORS Header | beta | 596897 | 0 | 16 |
| Backup File Disclosure | beta | 410515 | 0.548 | 32 |
| Proxy Disclosure | beta | 399921 | 0.044 | 26 |
| Cookie Slack Detector | beta | 385438 | 0.045 | 5 |
| SQL Injection | release | 322836 | 21.194 | 63 |
| Hidden File Found | release | 201516 | 0.158 | 21 |
| Insecure HTTP Method | beta | 179833 | 0.029 | 4 |
| SOAP XML Injection | beta | 128746 | 0.002 | 5 |
| Directory Browsing | release | 127064 | 0 | 15 |
| GET for POST | release | 117268 | 0.004 | 5 |
| Cross Site Scripting (Reflected) | release | 100434 | 0.245 | 32 |
| Buffer Overflow | release | 56779 | 0 | 7 |
| Path Traversal | release | 52365 | 0.016 | 92 |
| SQL Injection - SQLite | release | 48433 | 0.243 | 16 |
| .htaccess Information Leak | release | 39387 | 0 | 7 |
| .env Information Leak | release | 32343 | 0 | 7 |
| HTTP Only Site | beta | 31954 | 0.009 | 2 |
| Format String Error | release | 26783 | 0.087 | 9 |
| Bypassing 403 | beta | 22179 | 0.267 | 10 |
| Relative Path Confusion | beta | 21756 | 0 | 8 |
| Cross Site Scripting (DOM Based) | release | 19335 | 0 | 241 |
| Advanced SQL Injection | beta | 18015 | 0 | 625 |
| Source Code Disclosure - File Inclusion | beta | 17528 | 2.091 | 7 |
| XSLT Injection | release | 16850 | 0 | 19 |
| Parameter Tampering | release | 14326 | 0 | 21 |
| Anti-CSRF Tokens Check | beta | 11434 | 0.015 | 5 |
| Integer Overflow Error | beta | 11117 | 0.007 | 6 |