Deprecated: Function create_function() is deprecated in /home/phototor/domains/ on line 3
Regular Expression | Suman Tiwari Travellography, Cyber Security & Photography Blog Regular Expression – Suman Tiwari Travellography, Cyber Security & Photography Blog

Regular Expression

  Posted in Cyber Security on

  by Suman Tiwari


Regular Expression is also known as Rational Expression or Regex.

Regexp Security Checklist OWASP
Regexp Security Checklist OWASP

Regular expression is a sequence of characters that define a search pattern. Usually such patterns are used by string searching algorithms for “find” or “find and replace” operations on strings, or for input validation. It is a technique developed in theoretical computer science and formal language theory. (Wikipedia)

All most all major languages (.net, java, perl, python, PHP, c++ etc ) supports regular expression.

Majority of security vulnerabilities like XSS (Cross Site Scripting), SQL Injection, Malicious file upload, Denial of service etc. can be mitigated by input validation. Regular expression is one way to do input validation and its knowledge become necessity for doing manual secure source code review.

There are several online regex pattern checking tool that can be used to see what all patterns are allowed/disallowed using regular expression validation technique. Regex101 is one of such tool which is very popular among Security Consultants, Developers and Functional Testers. Using tools like Regex101, one can get to know the allowed type of numbers, characters, lowercase, uppercase etc.
Regex101 Online Validator Tool

The below mentioned expressions are widely used Regex and their description is mentioned for ease of understanding.

^Start of string
*0 or more
 +1 or more
?0 or 1
.Any char but \n
{5}Exactly 5
{5, }5 or more
{5, 7}5 or 6 or 7
{5|7}5 or 7
[567]5 or 6 or 7. same as {5, 7}
[^56]Not 5 or 6
[a-z]lowercase a-z
[A-Z]uppercase A-Z
[0-9]digit 0-9
\DNot digit
\wA-Z, a-z, 0-9
\WNot A-Z, a-z, 0-9
\sWhite Space (\t\r\n\f)
\SNot (\t\r\n\f)
reg[ex]“rege” or “regx”
regex?“rege” or “regex”
regex*“rege” w/ 0 or more x
regex+“rege” w/ 1 or more x
[Rr]egex“Regex” or “regex”
\d{5}Exactly 5 digits
\d{5, }5 or more digits
[aeiou]Any 1 vowel
( 0 [3-9] | 1[0-9] | 2[0-5] )Numbers 03-25

Good Reads:

OWASP Regexp Security Checklist

Exploiting Regular Expressions

Security Innovation



Suman Tiwari is a Cyber Security Professional by Profession and photographer by passion.

His Linkedin profile can be visited here for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *