Service Denied! Understanding How Regex DoS Attacks Work

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Explore the inner workings of regex denial of service (DoS) attacks in this 31-minute RailsConf 2022 talk. Dive into the CRuby regex engine to understand how regular expressions function and why certain string inputs can overwhelm your Rails application. Learn to identify vulnerable regex patterns, comprehend the CPU-intensive nature of these attacks, and discover effective strategies to protect your application from potential threats. Gain valuable insights into algorithmic complexity, state machines, NFA vs DFA, and backtracking to enhance your understanding of regex security in Rails development.

Syllabus

Introduction
Rails Infrastructure Team
Context
Denial of Service
Benchmarks
Algorithmic Complexity
Regex Example
Regular Expressions
State Machines
NFA vs DFA
Backtracking
How to Avoid
Outro

Taught by

Ruby Central

Reviews

Start your review of Service Denied! Understanding How Regex DoS Attacks Work

Taught by

Service Denied! Understanding How Regex DoS Attacks Work - Lecture

Just-in-Time Compiling Ruby Regexps on TruffleRuby

Oh No! My Regex Is Causing a Denial of Service! What Can I Do About It?

Preventing DoS Attacks in Node.js Applications - Security Best Practices

Never Stop Learning.