[Owasp-appsensor-project] Do we need a Blacklist Regex Repository?

Ryan Barnett ryan.barnett at owasp.org
Tue Feb 21 21:18:30 UTC 2012


I wanted to send this to the list for feedback.  I have been thinking quite
a bit on a this particular issue, especially after the recent thread on the
SQL Injection detection RegExes -
http://lists.owasp.org/pipermail/owasp-appsensor-project/2012-February/00034
2.html

I think that we (OWASP) need to develop a Blacklist Regex Repository for
detecting common attack payloads (SQL injection, XSS, RFI, etcŠ).  Something
similar to this old Validation RegEx Repo but for attacks -
https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository

My thinking is that we should focus on the RegEx Repo and then various other
projects can import/use them (AppSensor, ModSecurity CRS, etc..).  I would
like to get good participation from the Breaker community to help vet the
RegExs.  I know they will never be 100% foolproof but looking at some of the
"example" blacklist RegExs floating around in various project code makes me
cringeŠ  We can do better.

Not sure if this should be a stand-alone project or not (probably) but I
would like your feedback.

Thanks.

-- 
Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20120221/a411dd6b/attachment.html>


More information about the Owasp-appsensor-project mailing list