This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 22804693 | 0.001 | 204 |
| Cookie Slack Detector | beta | 485406 | 0.003 | 13 |
| Proxy Disclosure | beta | 321989 | 0.002 | 74 |
| Hidden File Found | release | 306295 | 0.005 | 69 |
| CORS Header | beta | 253982 | 0 | 52 |
| Backup File Disclosure | beta | 193358 | 1.138 | 40 |
| Directory Browsing | release | 170320 | 0 | 25 |
| SQL Injection | release | 133000 | 0.061 | 175 |
| Insecure HTTP Method | beta | 125798 | 0 | 11 |
| Cross Site Scripting (Reflected) | release | 106780 | 0.029 | 75 |
| Relative Path Confusion | beta | 101982 | 0.002 | 10 |
| .htaccess Information Leak | release | 62803 | 0 | 10 |
| SQL Injection - SQLite | release | 61469 | 0.002 | 89 |
| Anti-CSRF Tokens Check | beta | 59684 | 0 | 11 |
| XSLT Injection | release | 58941 | 0 | 89 |
| Path Traversal | release | 50130 | 0.366 | 298 |
| Cloud Metadata Potentially Exposed | release | 40443 | 0 | 6 |
| Buffer Overflow | release | 36886 | 0 | 20 |
| Bypassing 403 | beta | 36848 | 0 | 24 |
| HTTPS Content Available via HTTP | beta | 25976 | 0 | 9 |
| GET for POST | release | 25391 | 0 | 5 |
| Source Code Disclosure - File Inclusion | beta | 22896 | 0.475 | 19 |
| Cross Site Scripting (DOM Based) | release | 22567 | 0 | 708 |
| External Redirect | release | 22402 | 0.172 | 120 |
| SQL Injection - MySQL | release | 22322 | 0 | 56 |
| Remote File Inclusion | release | 17674 | 0 | 104 |
| Format String Error | release | 17448 | 0.241 | 23 |
| SQL Injection - Oracle | release | 17429 | 0 | 78 |
| Cross-Domain Misconfiguration | beta | 13308 | 0 | 2 |
| Remote OS Command Injection | release | 12701 | 0 | 170 |