Active Scan Rule Stats Last Month

This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.

For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics

Alert Status Alert Count False Positive % Average Time in Secs
User Agent Fuzzer release 44050391 0.038 79
Hidden File Found release 721906 0.023 30
Cookie Slack Detector beta 704951 0.016 10
Proxy Disclosure beta 690248 0.084 39
Backup File Disclosure beta 327995 0.54 46
SQL Injection release 274885 9.153 78
GET for POST release 249659 0.001 11
CORS Header beta 233858 0.014 43
Directory Browsing release 196447 0 15
SQL Injection - SQLite release 149649 0.76 29
Insecure HTTP Method beta 148974 0.896 8
XSLT Injection release 99200 0.01 48
Cross Site Scripting (Reflected) release 89210 0.056 118
Path Traversal release 59545 0.019 103
SOAP Action Spoofing beta 55827 0 10
Buffer Overflow release 46287 0.041 7
Bypassing 403 beta 45970 0.138 14
SQL Injection - Oracle release 41347 0.083 21
Source Code Disclosure - File Inclusion beta 38646 0.148 9
Relative Path Confusion beta 36359 0 8
Format String Error release 34498 0.052 9
.htaccess Information Leak release 31966 0.004 9
HTTPS Content Available via HTTP beta 28090 0 9
.env Information Leak release 25542 0.005 9
Anti-CSRF Tokens Check beta 23597 0.005 6
Parameter Tampering release 19168 0.004 22
Cross Site Scripting (DOM Based) release 17379 0 171
Trace.axd Information Leak release 16938 0.008 10
SOAP XML Injection beta 15030 0 13
Cloud Metadata Potentially Exposed release 11528 0.163 12