[Owasp-appsensor-project] Do we need a Blacklist Regex Repository?

John Melton jtmelton at gmail.com
Tue Feb 21 21:29:27 UTC 2012


+1 for me as a standalone project - it'll be beneficial to others, and
I certainly don't have the chops to make it happen :)

On Tue, Feb 21, 2012 at 4:18 PM, Ryan Barnett <ryan.barnett at owasp.org> wrote:
> I wanted to send this to the list for feedback.  I have been thinking quite
> a bit on a this particular issue, especially after the recent thread on the
> SQL Injection detection RegExes -
> http://lists.owasp.org/pipermail/owasp-appsensor-project/2012-February/000342.html
>
> I think that we (OWASP) need to develop a Blacklist Regex Repository for
> detecting common attack payloads (SQL injection, XSS, RFI, etc…).  Something
> similar to this old Validation RegEx Repo but for attacks -
> https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository
>
> My thinking is that we should focus on the RegEx Repo and then various other
> projects can import/use them (AppSensor, ModSecurity CRS, etc..).  I would
> like to get good participation from the Breaker community to help vet the
> RegExs.  I know they will never be 100% foolproof but looking at some of the
> "example" blacklist RegExs floating around in various project code makes me
> cringe…  We can do better.
>
> Not sure if this should be a stand-alone project or not (probably) but I
> would like your feedback.
>
> Thanks.
>
> --
> Ryan Barnett
> Trustwave SpiderLabs
> ModSecurity Project Leader
> OWASP ModSecurity CRS Project Leader
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>


More information about the Owasp-appsensor-project mailing list