This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.
For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics
| Alert | Status | Alert Count | False Positive % | Average Time in Secs |
|---|---|---|---|---|
| User Agent Fuzzer | release | 33032463 | 0.126 | 98 |
| Cookie Slack Detector | beta | 524666 | 0.008 | 18 |
| Proxy Disclosure | beta | 522546 | 0.01 | 70 |
| Hidden File Found | release | 420666 | 0.001 | 59 |
| Backup File Disclosure | beta | 301626 | 0.495 | 79 |
| Anti-CSRF Tokens Check | beta | 267438 | 0.286 | 18 |
| CORS Header | beta | 245595 | 0 | 46 |
| SQL Injection | release | 209152 | 0.124 | 127 |
| Directory Browsing | release | 178244 | 0 | 50 |
| SQL Injection - SQLite | release | 157975 | 0.012 | 59 |
| .htaccess Information Leak | release | 157196 | 0 | 11 |
| XSLT Injection | release | 105650 | 1.334 | 72 |
| Relative Path Confusion | beta | 105248 | 0 | 18 |
| HTTPS Content Available via HTTP | beta | 103711 | 0 | 21 |
| Insecure HTTP Method | beta | 101689 | 0 | 16 |
| Cross Site Scripting (Reflected) | release | 89369 | 0.006 | 70 |
| Path Traversal | release | 67463 | 0.032 | 160 |
| .env Information Leak | release | 55202 | 0 | 12 |
| Cloud Metadata Potentially Exposed | release | 55106 | 0 | 6 |
| GET for POST | release | 54876 | 0 | 13 |
| Trace.axd Information Leak | release | 51576 | 0 | 16 |
| SQL Injection - Oracle | release | 50990 | 0.027 | 64 |
| Bypassing 403 | beta | 40564 | 0.066 | 26 |
| Buffer Overflow | release | 36089 | 0 | 12 |
| Source Code Disclosure - File Inclusion | beta | 34488 | 0.064 | 23 |
| Integer Overflow Error | beta | 25411 | 0 | 41 |
| Format String Error | release | 21065 | 0.031 | 19 |
| Spring4Shell | beta | 19787 | 0.343 | 44 |
| SQL Injection - MySQL | release | 16684 | 0 | 235 |
| Cross Site Scripting (DOM Based) | release | 16213 | 0 | 930 |