https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=HttpsonlyOWASP - User contributions [en]2026-04-23T13:27:23ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222133Regular Expression Security Cheatsheet2016-10-05T12:11:40Z<p>Httpsonly: /* Introduction */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in regular expressions, which can cause bypass of written rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code.<br />
<br><br />
<br><br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br><br><br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br><br><br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222132Regular Expression Security Cheatsheet2016-10-05T12:11:32Z<p>Httpsonly: /* Introduction */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code.<br />
<br><br />
<br><br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br><br><br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br><br><br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222131Regular Expression Security Cheatsheet2016-10-05T12:11:18Z<p>Httpsonly: /* Introduction */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code.<br />
<br><br />
<br><br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br><br><br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br><br><br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222130Regular Expression Security Cheatsheet2016-10-05T12:11:12Z<p>Httpsonly: /* Cheatsheet */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code.<br />
<br><br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br><br><br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br><br><br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222129Regular Expression Security Cheatsheet2016-10-05T12:10:51Z<p>Httpsonly: /* Other Cheatsheets */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code.<br />
<br><br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br><br><br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222128Regular Expression Security Cheatsheet2016-10-05T12:10:39Z<p>Httpsonly: /* Introduction */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code.<br />
<br><br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br><br><br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]<br />
<br />
== Other Cheatsheets ==<br />
{{Cheatsheet_Navigation}}<br />
<br />
[[Category:Cheatsheets]]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222127Regular Expression Security Cheatsheet2016-10-05T12:10:26Z<p>Httpsonly: /* https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code. <br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br><br><br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]<br />
<br />
== Other Cheatsheets ==<br />
{{Cheatsheet_Navigation}}<br />
<br />
[[Category:Cheatsheets]]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222126Regular Expression Security Cheatsheet2016-10-05T12:10:10Z<p>Httpsonly: /* https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code. <br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]<br />
<br />
== Other Cheatsheets ==<br />
{{Cheatsheet_Navigation}}<br />
<br />
[[Category:Cheatsheets]]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222125Regular Expression Security Cheatsheet2016-10-05T12:10:02Z<p>Httpsonly: /* Authors and Primary Editors */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code. <br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br />
(c) Vladimir Ivanov<br />
@httpsonly<br />
<br />
=Authors and Primary Editors=<br />
<br />
Vladimir Ivanov<br><br />
[http://twitter.com/httpsonly @httpsonly]<br />
<br />
== Other Cheatsheets ==<br />
{{Cheatsheet_Navigation}}<br />
<br />
[[Category:Cheatsheets]]</div>Httpsonlyhttps://wiki.owasp.org/index.php?title=Regular_Expression_Security_Cheatsheet&diff=222124Regular Expression Security Cheatsheet2016-10-05T12:09:26Z<p>Httpsonly: /* DRAFT CHEAT SHEET - WORK IN PROGRESS */</p>
<hr />
<div>= Regular Expression Security Cheatsheet =<br />
<br />
== Introduction ==<br />
<br />
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in their regular expressions, which can cause bypass of their rules.<br><br />
Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code. <br />
<br />
== Cheatsheet == <br />
<br />
Due to the fact, that OWASP's MediaWiki styling could not compete to Markdown, I decided not to include full table here, but provide a link to GitHub repository instead:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet https://github.com/attackercan/regexp-security-cheatsheet] ===<br />
<br />
<br />
== SAST ==<br />
<br />
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyse all regular expressions from your PHP project:<br><br />
<code><br />
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"<br />
</code><br />
<br />
SAST can be downloaded from here:<br />
=== [https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser] ===<br />
<br />
(c) Vladimir Ivanov<br />
@httpsonly<br />
<br />
=Authors and Primary Editors=<br />
<br />
TODO<br />
<br />
== Other Cheatsheets ==<br />
{{Cheatsheet_Navigation}}<br />
<br />
[[Category:Cheatsheets]]</div>Httpsonly