Service uptime and availability is a crucial factor that determines the success of online businesses. In a rapidly evolving world, it is important that transactions remain productive, and they help clients meet their business goals in a timely manner. A downtime in service availability is a form of attack known as Denial of Service. In this article, we will be learning about a specific form of Denial-of-Service attack that can be caused by regular expression malfunctioning. In a Snyk report published in 2019, ReDoS attack has spiked by 143% in Node applications.
To better understand ReDoS, or Regex DOS, let us understand some under-the-hood concepts about Regular Expressions and how are they consumed in modern web applications.
Regular Expressions: A Primer
A regular expression is a pattern consisting of a sequence of characters that define a search pattern. They are a powerful tool for manipulating text, but they can be complex and difficult to master. They can match a wide range of patterns, including specific characters, words, numbers, and symbols, as well as more complex patterns, such as groups, repetitions, and alternations. Regular expressions use special characters and operators, such as * (zero or more), + (one or more), ? (zero or one), and | (or), to create these patterns. Proper testing....