Regular Expression Denial of Service

June 9, 2023
(781 views)

Service uptime and availability is a crucial factor that determines the success of online businesses. In a rapidly evolving world, it is important that transactions remain productive, and they help clients meet their business goals in a timely manner. A downtime in service availability is a form of attack known as Denial of Service. In this article, we will be learning about a specific form of Denial-of-Service attack that can be caused by regular expression malfunctioning. In a Snyk report published in 2019, ReDoS attack has spiked by 143% in Node applications.

To better understand ReDoS, or Regex DOS, let us understand some under-the-hood concepts about Regular Expressions and how are they consumed in modern web applications.

Regular Expressions: A Primer

A regular expression is a pattern consisting of a sequence of characters that define a search pattern. They are a powerful tool for manipulating text, but they can be complex and difficult to master. They can match a wide range of patterns, including specific characters, words, numbers, and symbols, as well as more complex patterns, such as groups, repetitions, and alternations. Regular expressions use special characters and operators, such as * (zero or more), + (one or more), ? (zero or one), and | (or), to create these patterns. Proper testing....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.