Exploiting Input Sanitization for Regex Denial of Service

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specificall...

Full description

Saved in:
Bibliographic Details
Published in:2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE) pp. 883 - 895
Main Authors: Barlas, Efe, Du, Xin, Davis, James C.
Format: Conference Proceeding
Language:English
Published: ACM 01.05.2022
Subjects:
algorithmic complexity attacks
denial of service
Empirical software engineering
Libraries
Probes
ReDoS
regular expressions
Security
Servers
Software
Usability
web security
Web services
ISSN:1558-1225
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Be the first to leave a comment!
You must be logged in first