Difference between revisions of "Regular Expression Security Cheatsheet"

Jump to: navigation, search
m (Project cleanup)
Line 27: Line 27:
Vladimir Ivanov<br>
Vladimir Ivanov<br>
[http://twitter.com/httpsonly @httpsonly]
[http://twitter.com/httpsonly @httpsonly]
{{taggedDocument| type=delete| comment=Tagged via fixme/delete.}}

Latest revision as of 09:51, 15 July 2019

Regular Expression Security Cheatsheet


This cheatsheet can be effectively used by security specialists and programmers to reveal unwanted constructions in regular expressions. This can cause bypass of intended validation rules.


Here is a link to the GitHub RegEx repository:



In order to save time for security practitioners, Static Application Security Testing tool was written. You can use the following code to analyze all regular expressions from your project:
grep -iorP "reg_\w+\s*\((\s*['\"](.*?)['\"])," * > regexp.txt && php index.php --file="./regexp.txt"

SAST can be downloaded from here:


Authors and Primary Editors

Vladimir Ivanov

This page has been recommended for deletion.
You can help OWASP by improving it or discussing it on its Talk page. See FixME
Comment: Tagged via fixme/delete.