Wednesday, October 13, 2010
SDL Regex Fuzzer released
Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.SDL Regex Fuzzer is a tool to help test regular expressions for potential denial of service vulnerabilities.
1. Download and install the RegexFuzzerSetup.msi on your machine.2. Launch SDL Regex Fuzzer.3. Enter the regular expression pattern to be tested into the pattern input field.4. Select the attack character set and number of iterations to test.5. Press the Start button to start fuzzing.6. (Optional) If SDL Regex Fuzzer detects a vulnerability, you can file a bug into a Team Foundation Server 2008 or 2010 Team Project by pressing the File A Bug button