Microsoft intorduces a new tools called “SDL Regex Fuzzer” that help test regular expressions for potential denial of service vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for e.g., grouping clauses containing repetition that’re themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.
SDL Regex Fuzzer will evaluate regular expression patterns to determine whether they could be vulnerable to ReDoS. It usually takes only a few seconds of testing to make a determination. And like the rest of the suite of SDL tools, SDL Regex Fuzzer integrates with the SDL Process Template and MSF-Agile+SDL Process Template to help you track and eliminate detected vulnerabilities.
More Info: Download