Overview
Explore the inner workings of regex denial of service (DoS) attacks in this 31-minute RailsConf 2022 talk. Dive into the CRuby regex engine to understand how regular expressions function and why certain string inputs can overwhelm your Rails application. Learn to identify vulnerable regex patterns, comprehend the CPU-intensive nature of these attacks, and discover effective strategies to protect your application from potential threats. Gain valuable insights into algorithmic complexity, state machines, NFA vs DFA, and backtracking to enhance your understanding of regex security in Rails development.
Syllabus
Introduction
Rails Infrastructure Team
Context
Denial of Service
Benchmarks
Algorithmic Complexity
Regex Example
Regular Expressions
State Machines
NFA vs DFA
Backtracking
How to Avoid
Outro
Taught by
Ruby Central