https://wiki.owasp.org/index.php?action=history&feed=atom&title=Category%3AOWASP_Blackist_Regex_RepositoryCategory:OWASP Blackist Regex Repository - Revision history2026-04-12T02:21:01ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Category:OWASP_Blackist_Regex_Repository&diff=125753&oldid=prevRcbarnett at 14:27, 8 March 20122012-03-08T14:27:44Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 14:27, 8 March 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l12" >Line 12:</td>
<td colspan="2" class="diff-lineno">Line 12:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Overview ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Overview ==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Blacklist filtering, when used in conjunction with proper whitelisting input validation, is an important component of layered security as it provides attack category context.  With properly categorizing input validation exceptions, it is difficult to label the payload is malicious vs. only anomalous or suspicious.  With blacklist filtering, input validation exceptions can be properly labeled and the associated severity level can be determined.  For instance, if you have identified that your application has SQL Injection vulnerabilities, then properly labeling input validation exceptions as SQL Injection attacks helps to raise the threat level of events for web application defenders who are tasked with protecting the live application.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Blacklist filtering, when used in conjunction with proper whitelisting input validation, is an important component of layered security as it provides attack category context.  With properly categorizing input validation exceptions, it is difficult to label the payload is malicious vs. only anomalous or suspicious.  With blacklist filtering, input validation exceptions can be properly labeled and the associated severity level can be determined.  For instance, if you have identified that your application has SQL Injection vulnerabilities, then properly labeling input validation exceptions as SQL Injection attacks helps to raise the threat level of events for web application defenders who are tasked with protecting the live application.</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l21" >Line 21:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The Builder Community's focus should be on utilizing whitelist input validation methods.  They should not have to deal with attempting to enumerate all various types of attack and evasion methods used by attackers.  That is the responsibility of the Defender Community.  The purpose of the Blacklist Regex Repository, is to provide a platform agnostic set of well vetted attack patterns that can be easily consumed and reused by the Builder Community in other projects such as [[http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project OWASP AppSensor Project]] or [[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]].</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The Builder Community's focus should be on utilizing whitelist input validation methods.  They should not have to deal with attempting to enumerate all various types of attack and evasion methods used by attackers.  That is the responsibility of the Defender Community.  The purpose of the Blacklist Regex Repository, is to provide a platform agnostic set of well vetted attack patterns that can be easily consumed and reused by the Builder Community in other projects such as [[http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project OWASP AppSensor Project]] or [[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]].</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">== Regular Expression Engine ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">The regular expressions use [[http://www.pcre.org/ PCRE]] as the engine.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Attack Categories ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Attack Categories ==</div></td></tr>
</table>Rcbarnetthttps://wiki.owasp.org/index.php?title=Category:OWASP_Blackist_Regex_Repository&diff=125751&oldid=prevRcbarnett: Created page with "{{OWASP Defenders}} {{Social Media Links}} = Home = {| width="100%" |- ! width="80%" | ! width="20%" | |- valign="top" | == Overview == Blacklist filtering, when used ..."2012-03-08T14:20:42Z<p>Created page with "{{OWASP Defenders}} {{Social Media Links}} = Home = {| width="100%" |- ! width="80%" | ! width="20%" | |- valign="top" | == Overview == Blacklist filtering, when used ..."</p>
<p><b>New page</b></p><div>{{OWASP Defenders}}<br />
{{Social Media Links}}<br />
<br />
= Home =<br />
<br />
{| width="100%"<br />
|-<br />
! width="80%" | <br />
! width="20%" | <br />
|- valign="top"<br />
| <br />
<br />
== Overview ==<br />
<br />
<br />
Blacklist filtering, when used in conjunction with proper whitelisting input validation, is an important component of layered security as it provides attack category context. With properly categorizing input validation exceptions, it is difficult to label the payload is malicious vs. only anomalous or suspicious. With blacklist filtering, input validation exceptions can be properly labeled and the associated severity level can be determined. For instance, if you have identified that your application has SQL Injection vulnerabilities, then properly labeling input validation exceptions as SQL Injection attacks helps to raise the threat level of events for web application defenders who are tasked with protecting the live application.<br />
<br />
== Blacklist Regex Repository Purpose ==<br />
<br />
'''''CAUTION - This project is used for attack detection and is not intended to be used in place of proper whitelisting input validation.'''''<br />
<br />
The Builder Community's focus should be on utilizing whitelist input validation methods. They should not have to deal with attempting to enumerate all various types of attack and evasion methods used by attackers. That is the responsibility of the Defender Community. The purpose of the Blacklist Regex Repository, is to provide a platform agnostic set of well vetted attack patterns that can be easily consumed and reused by the Builder Community in other projects such as [[http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project OWASP AppSensor Project]] or [[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]].<br />
<br />
== Attack Categories ==<br />
<br />
*SQL Injection<br />
*Cross-site Scripting<br />
*Directory Traversal<br />
*Local File Inclusion<br />
*Remote File Inclusion<br />
*OS Command Execution<br />
*File Access Attempt<br />
*Code Injection<br />
<br />
Project Sponsored by:<br />
[[Image:SpiderLabs Logo 2011.JPG|200px|left|link=https://www.trustwave.com/spiderLabs.php]]<br />
<br />
|<br />
<br />
<br />
|}<br />
<br />
{| width="100%"<br />
|-<br />
! width="33%" | <br />
! width="33%" | <br />
! width="33%" | <br />
|- valign="top"<br />
| <br />
== Let's talk here ==<br />
<br />
[[Image:Asvs-bulb.jpg]]'''Blacklist Regex Communities''' <br />
<br />
If you would like to help with the development of the Blacklist Regex Repository or have any questions, please [mailto:ryan.barnett@owasp.org contact us]. <br />
<br />
| <br />
== Want to help? ==<br />
<br />
[[Image:Asvs-waiting.JPG]]'''Blacklist Regex Development''' <br />
<br />
We are always on the lookout for volunteers who are interested in contributing. We need help in the following areas: <br />
<br />
*Improving false negative detection<br />
*Minimizing false positives<br />
*Testing the regular expressions for performance<br />
<br />
|<br />
== Related resources ==<br />
<br />
[[Image:Asvs-satellite.jpg]]'''OWASP Resources''' <br />
<br />
*[[https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository OWASP Validation Regex Repository]]<br />
<br />
|}</div>Rcbarnett