This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:OWASP Proactive Controls

From OWASP
Revision as of 21:02, 18 July 2014 by Jmanico (talk | contribs)

Jump to: navigation, search

Thomas: Very interesting, move this here? https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository

Hi Jim,

When looking at your your project page, maybe I have something, that you might be interested in.

A while ago, Torsten figured out how to write the password policy of Windows (3 out of 4) as an regular expression:

^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°()\|\[\]\-\$\^\@\/]{8,32}$

A short explanation:

password length 8 -32 Character set: -Za-z0-9!/~<>,;:_=?*+-#."&§$%^°()[]|@ at least 3 out 4 (uppercase and lowercase letters, numbers and special characters) no more than 2 equal characters in a row (that's not Windows)

More on your document maybe later.

Best Regards, Thomas