RE: Exploring Regular Expression Denial of Service

Zitieren

DEF CON

Davisson, Eric (XlogicX)

Formale Metadaten

Titel

RE: Exploring Regular Expression Denial of Service

Alternativer Titel

REvisiting RE DoS

Serientitel

DEF CON 23

Anzahl der Teile

109

Autor

Davisson, Eric (XlogicX)

Lizenz

CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/36363 (DOI)

Herausgeber

DEF CON

Erscheinungsjahr

2015

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

Regular Expression Denial of Service has existed for well over a decade, but has not received the love it deserves lately. There are some proof of concept attacks out there currently, most of which are ineffective due to implementation optimizations. Regardless of the effectiveness most of these PoC's are geared only to NFA engines. This talk will demonstrate working PoC's that bypass optimizations. Both NFA and DFA engines will get love. Tools will be released (with demonstration) that benchmark NFA/DFA engines and automate creation of 'evil strings' given an arbitrary regular expression. Attendees can expect a review of regex and a deep under the hood explanation of both regex engines before abuses ensue. ^ Not a security researcher