Regular Expression Security Cheatsheet

= Regular Expression Security Cheatsheet =

Introduction
This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in regular expressions, which can cause bypass of written rules. Despite original work was focused on finding "weak places" in regular expressions of Intrusion Detection Systems (WAFs), it can be effectively applied to any other code.

Cheatsheet
Here is a link to GitHub RegEx repository:

SAST
In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyze all regular expressions from your project:

SAST can be downloaded from here:

https://github.com/attackercan/regexp-security-cheatsheet/tree/master/RegexpSecurityParser
=Authors and Primary Editors=

Vladimir Ivanov @httpsonly