Category:OWASP Blacklist Regex Repository

= Home =

{| width="100%" ! width="80%" | ! width="20%" |
 * - valign="top"

Overview
Blacklist filtering, when used in conjunction with proper whitelisting input validation, is an important component of layered security as it provides attack category context. With properly categorizing input validation exceptions, it is difficult to label the payload is malicious vs. only anomalous or suspicious. With blacklist filtering, input validation exceptions can be properly labeled and the associated severity level can be determined. For instance, if you have identified that your application has SQL Injection vulnerabilities, then properly labeling input validation exceptions as SQL Injection attacks helps to raise the threat level of events for web application defenders who are tasked with protecting the live application.

Blacklist Regex Repository Purpose
CAUTION - This project is used for attack detection and is not intended to be used in place of proper whitelisting input validation.

The Builder Community's focus should be on utilizing whitelist input validation methods. They should not have to deal with attempting to enumerate all various types of attack and evasion methods used by attackers. That is the responsibility of the Defender Community. The purpose of the Blacklist Regex Repository, is to provide a platform agnostic set of well vetted attack patterns that can be easily consumed and reused by the Builder Community in other projects such as [OWASP AppSensor Project] or [OWASP Enterprise Security API].

Regular Expression Engine
The regular expressions use [PCRE] as the engine.

Attack Categories

 * SQL Injection
 * Cross-site Scripting
 * Directory Traversal
 * Local File Inclusion
 * Remote File Inclusion
 * OS Command Execution
 * File Access Attempt
 * Code Injection

Project Sponsored by:




 * }

{| width="100%" ! width="33%" | ! width="33%" | ! width="33%" |
 * - valign="top"

Let's talk here
Blacklist Regex Communities

If you would like to help with the development of the Blacklist Regex Repository or have any questions, please [mailto:ryan.barnett@owasp.org contact us].



Want to help?
Blacklist Regex Development

We are always on the lookout for volunteers who are interested in contributing. We need help in the following areas:


 * Improving false negative detection
 * Minimizing false positives
 * Testing the regular expressions for performance



Related resources
OWASP Resources


 * [OWASP Validation Regex Repository]


 * }