Regular Expression Denial of Service Alex Roichman Chief Architect, Checkmarx Adar Weidman Senior Programmer, Checkmarx Checkmarx Confidential and Proprietary - 2008 • DoS attack • Regex and DoS - ReDoS • Exploiting ReDoS: Why, Where & How • Leveraging ReDoS to Web attacks – Server-side ReDoS – Client-side ReDoS • Preventing ReDoS • Conclusions Agenda Checkmarx Confidential and Proprietary - 2008