SDL Regex Fuzzer Helps Testing Regular Expressions: A Microsoft Security Tool

Microsoft intorduces a new tools called "SDL Regex Fuzzer" that help test regular expressions for potential denial of service vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for e.g., grouping clauses containing repetition that're themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.SDL Regex Fuzzer will evaluate […]

Microsoft intorduces a new tools called "SDL Regex Fuzzer" that help test regular expressions for potential denial of service vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for e.g., grouping clauses containing repetition that're themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.

SDL Regex Fuzzer will evaluate regular expression patterns to determine whether they could be vulnerable to ReDoS. It usually takes only a few seconds of testing to make a determination. And like the rest of the suite of SDL tools, SDL Regex Fuzzer integrates with the SDL Process Template and MSF-Agile+SDL Process Template to help you track and eliminate detected vulnerabilities.

More Info: Download

[Source]

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.