This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Blackist Regex Repository"

From OWASP
Jump to: navigation, search
(Created page with "{{OWASP Defenders}} {{Social Media Links}} = Home = {| width="100%" |- ! width="80%" | ! width="20%" | |- valign="top" | == Overview == Blacklist filtering, when used ...")
 
 
Line 12: Line 12:
  
 
== Overview ==
 
== Overview ==
 
  
 
Blacklist filtering, when used in conjunction with proper whitelisting input validation, is an important component of layered security as it provides attack category context.  With properly categorizing input validation exceptions, it is difficult to label the payload is malicious vs. only anomalous or suspicious.  With blacklist filtering, input validation exceptions can be properly labeled and the associated severity level can be determined.  For instance, if you have identified that your application has SQL Injection vulnerabilities, then properly labeling input validation exceptions as SQL Injection attacks helps to raise the threat level of events for web application defenders who are tasked with protecting the live application.
 
Blacklist filtering, when used in conjunction with proper whitelisting input validation, is an important component of layered security as it provides attack category context.  With properly categorizing input validation exceptions, it is difficult to label the payload is malicious vs. only anomalous or suspicious.  With blacklist filtering, input validation exceptions can be properly labeled and the associated severity level can be determined.  For instance, if you have identified that your application has SQL Injection vulnerabilities, then properly labeling input validation exceptions as SQL Injection attacks helps to raise the threat level of events for web application defenders who are tasked with protecting the live application.
Line 21: Line 20:
  
 
The Builder Community's focus should be on utilizing whitelist input validation methods.  They should not have to deal with attempting to enumerate all various types of attack and evasion methods used by attackers.  That is the responsibility of the Defender Community.  The purpose of the Blacklist Regex Repository, is to provide a platform agnostic set of well vetted attack patterns that can be easily consumed and reused by the Builder Community in other projects such as [[http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project OWASP AppSensor Project]] or [[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]].
 
The Builder Community's focus should be on utilizing whitelist input validation methods.  They should not have to deal with attempting to enumerate all various types of attack and evasion methods used by attackers.  That is the responsibility of the Defender Community.  The purpose of the Blacklist Regex Repository, is to provide a platform agnostic set of well vetted attack patterns that can be easily consumed and reused by the Builder Community in other projects such as [[http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project OWASP AppSensor Project]] or [[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]].
 +
 +
== Regular Expression Engine ==
 +
 +
The regular expressions use [[http://www.pcre.org/ PCRE]] as the engine.
  
 
== Attack Categories ==
 
== Attack Categories ==

Latest revision as of 14:27, 8 March 2012

OWASP Defenders logo.png This project is part of the OWASP Defenders community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.


Home

Overview

Blacklist filtering, when used in conjunction with proper whitelisting input validation, is an important component of layered security as it provides attack category context. With properly categorizing input validation exceptions, it is difficult to label the payload is malicious vs. only anomalous or suspicious. With blacklist filtering, input validation exceptions can be properly labeled and the associated severity level can be determined. For instance, if you have identified that your application has SQL Injection vulnerabilities, then properly labeling input validation exceptions as SQL Injection attacks helps to raise the threat level of events for web application defenders who are tasked with protecting the live application.

Blacklist Regex Repository Purpose

CAUTION - This project is used for attack detection and is not intended to be used in place of proper whitelisting input validation.

The Builder Community's focus should be on utilizing whitelist input validation methods. They should not have to deal with attempting to enumerate all various types of attack and evasion methods used by attackers. That is the responsibility of the Defender Community. The purpose of the Blacklist Regex Repository, is to provide a platform agnostic set of well vetted attack patterns that can be easily consumed and reused by the Builder Community in other projects such as [OWASP AppSensor Project] or [OWASP Enterprise Security API].

Regular Expression Engine

The regular expressions use [PCRE] as the engine.

Attack Categories

  • SQL Injection
  • Cross-site Scripting
  • Directory Traversal
  • Local File Inclusion
  • Remote File Inclusion
  • OS Command Execution
  • File Access Attempt
  • Code Injection

Project Sponsored by:

SpiderLabs Logo 2011.JPG


Let's talk here

Asvs-bulb.jpgBlacklist Regex Communities

If you would like to help with the development of the Blacklist Regex Repository or have any questions, please contact us.

Want to help?

Asvs-waiting.JPGBlacklist Regex Development

We are always on the lookout for volunteers who are interested in contributing. We need help in the following areas:

  • Improving false negative detection
  • Minimizing false positives
  • Testing the regular expressions for performance

Related resources

Asvs-satellite.jpgOWASP Resources

This category currently contains no pages or media.