Regular Expression

Regular Expression is also known as Rational Expression or Regex.

Regular expression is a sequence of characters that define a search pattern. Usually such patterns are used by string searching algorithms for “find” or “find and replace” operations on strings, or for input validation. It is a technique developed in theoretical computer science and formal language theory. (Wikipedia)

All most all major languages (.net, java, perl, python, PHP, c++ etc ) supports regular expression.

Majority of security vulnerabilities like XSS (Cross Site Scripting), SQL Injection, Malicious file upload, Denial of service etc. can be mitigated by input validation. Regular expression is one way to do input validation and its knowledge become necessity for doing manual secure source code review.

There are several online regex pattern checking tool that can be used to see what all patterns are allowed/disallowed using regular expression validation technique. Regex101 is one of such tool which is very popular among Security Consultants, Developers and Functional Testers. Using tools like Regex101, one can get to know the allowed type of numbers, characters, lowercase, uppercase etc.

https://regex101.com/ — Regex101 Online Validator Tool

The below mentioned expressions are widely used Regex and their description is mentioned for ease of understanding.

Expression	Description
^	Start of string
*	0 or more
+	1 or more
?	0 or 1
.	Any char but \n
{5}	Exactly 5
{5, }	5 or more
{5, 7}	5 or 6 or 7
{5\|7}	5 or 7
[567]	5 or 6 or 7. same as {5, 7}
[^56]	Not 5 or 6
[a-z]	lowercase a-z
[A-Z]	uppercase A-Z
[0-9]	digit 0-9
\d	Digit
\D	Not digit
\w	A-Z, a-z, 0-9
\W	Not A-Z, a-z, 0-9
\s	White Space (\t\r\n\f)
\S	Not (\t\r\n\f)
reg[ex]	“rege” or “regx”
regex?	“rege” or “regex”
regex*	“rege” w/ 0 or more x
regex+	“rege” w/ 1 or more x
[Rr]egex	“Regex” or “regex”
\d{5}	Exactly 5 digits
\d{5, }	5 or more digits
[aeiou]	Any 1 vowel
( 0 [3-9] \| 1[0-9] \| 2[0-5] )	Numbers 03-25