Active Scan Rule Stats Last Month

This page shows the statistics for the top 30 (by alert count) Active Scan rules last month. You can sort on any column - just click on the column headers.

For more details on what the stats mean see the blog post: Monthly Active Scan Rule Statistics

Alert Status Alert Count False Positive % Average Time in Secs
User Agent Fuzzer release 39637893 0.072 95
Cookie Slack Detector beta 662415 0.054 10
Proxy Disclosure beta 632845 0.01 75
Hidden File Found release 501994 0.106 50
CORS Header beta 375857 0.002 58
SQL Injection release 281047 0.244 140
Insecure HTTP Method beta 255911 0.005 17
GET for POST release 192925 0 11
Anti-CSRF Tokens Check beta 185059 1.633 11
Directory Browsing release 166669 0 44
.htaccess Information Leak release 164398 0.008 11
SQL Injection - SQLite release 137922 0.025 33
Backup File Disclosure beta 127703 1.166 28
Cross Site Scripting (Reflected) release 119672 0.004 62
XSLT Injection release 108735 0.876 59
Path Traversal release 81819 0.279 186
SOAP Action Spoofing beta 78934 0 15
Relative Path Confusion beta 69603 0 19
SQL Injection - Oracle release 65854 0.046 30
Cloud Metadata Potentially Exposed release 59782 0.071 8
.env Information Leak release 49443 0.028 12
Trace.axd Information Leak release 46536 0.031 14
Bypassing 403 beta 35140 0.249 31
HTTPS Content Available via HTTP beta 34461 0 7
Cross Site Scripting (DOM Based) release 30562 0 190
Format String Error release 26715 0.629 16
Buffer Overflow release 25805 0.008 11
Integer Overflow Error beta 19066 0.014 16
Spring4Shell release 18703 0.01 41
Source Code Disclosure - File Inclusion beta 15380 0.127 6