[Owasp-appsensor-project] Do we need a Blacklist Regex Repository?

Ryan Barnett ryan.barnett at owasp.org
Tue Feb 21 21:18:30 UTC 2012

I wanted to send this to the list for feedback.  I have been thinking quite
a bit on a this particular issue, especially after the recent thread on the
SQL Injection detection RegExes -

I think that we (OWASP) need to develop a Blacklist Regex Repository for
detecting common attack payloads (SQL injection, XSS, RFI, etcŠ).  Something
similar to this old Validation RegEx Repo but for attacks -

My thinking is that we should focus on the RegEx Repo and then various other
projects can import/use them (AppSensor, ModSecurity CRS, etc..).  I would
like to get good participation from the Breaker community to help vet the
RegExs.  I know they will never be 100% foolproof but looking at some of the
"example" blacklist RegExs floating around in various project code makes me
cringeŠ  We can do better.

Not sure if this should be a stand-alone project or not (probably) but I
would like your feedback.


Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20120221/a411dd6b/attachment.html>

More information about the Owasp-appsensor-project mailing list