Vb net validating input
Unless the business will allow updating "bad" regexes on a daily basis and support someone to research new attacks regularly, this approach will be obviated before long.
Rather than accept or reject input, another option is to change the user input into an acceptable format Any characters which are not part of an approved list can be removed, encoded or replaced.
Here are some examples: If you expect a phone number, you can strip out all non-digit characters.
Detecting attempts to find these weaknesses is a critical protection mechanism.Data from the client should never be trusted for the client has every possibility to tamper with the data.