[Owasp-appsensor-project] Do we need a Blacklist Regex Repository?

Colin Watson colin.watson at owasp.org
Tue Feb 21 21:46:01 UTC 2012


Yes I think standalone.

I think these types of great ideas are more likely to be maintained if
they don't just become a part of something else. For example I was
thinking of submitting some things to the OWASP Logging project,
rather than adding it to the AppSensor book v2 (yes it has begun).

Colin

On 21 February 2012 21:29, John Melton <jtmelton at gmail.com> wrote:
> +1 for me as a standalone project - it'll be beneficial to others, and
> I certainly don't have the chops to make it happen :)
>
> On Tue, Feb 21, 2012 at 4:18 PM, Ryan Barnett <ryan.barnett at owasp.org> wrote:
>> I wanted to send this to the list for feedback.  I have been thinking quite
>> a bit on a this particular issue, especially after the recent thread on the
>> SQL Injection detection RegExes -
>> http://lists.owasp.org/pipermail/owasp-appsensor-project/2012-February/000342.html
>>
>> I think that we (OWASP) need to develop a Blacklist Regex Repository for
>> detecting common attack payloads (SQL injection, XSS, RFI, etc…).  Something
>> similar to this old Validation RegEx Repo but for attacks -
>> https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository
>>
>> My thinking is that we should focus on the RegEx Repo and then various other
>> projects can import/use them (AppSensor, ModSecurity CRS, etc..).  I would
>> like to get good participation from the Breaker community to help vet the
>> RegExs.  I know they will never be 100% foolproof but looking at some of the
>> "example" blacklist RegExs floating around in various project code makes me
>> cringe…  We can do better.
>>
>> Not sure if this should be a stand-alone project or not (probably) but I
>> would like your feedback.
>>
>> Thanks.
>>
>> --
>> Ryan Barnett
>> Trustwave SpiderLabs
>> ModSecurity Project Leader
>> OWASP ModSecurity CRS Project Leader
>>
>> _______________________________________________
>> Owasp-appsensor-project mailing list
>> Owasp-appsensor-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project


More information about the Owasp-appsensor-project mailing list