Methods and systems of screening input strings that are intended for use by a Web server are described. In the described embodiment, an attack pattern is determined that can be used to attack a Web server. A search pattern is defined that can be used to detect the attack pattern. The search pattern is defined in a flexible, extensible manner that permits variability among its constituent parts. An input string that is intended for use by a Web server is received and evaluated using the search pattern to ascertain whether the attack pattern is present. If an attack pattern is found that matches the search pattern, then a remedial action is implemented.