Python DoS Prevention: The ReDOS Attack

What is a “ReDoS” Attack, and how can you make sure your code is safe?

What is DoS?

I’ve covered this in a few earlier posts, but DoS stands for Denial-of-Service. Denial-of-Service is a type of cyber attack technique where the attacker attempts to disrupt the availability of a service, application, or company. DoS attacks generally exist in one of two broad categories, Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS). Both have the same general intent in mind, but they take very different forms. Within the DoS there are a Network based attacks and Application based attacks.

Application layer attacks, also sometime called Layer 7 attacks, involve putting operational strain on the software serving the requests in such a way that it cannot handle additional requests — this is what we’ll be looking at with the ReDoS attack.

What is Regex?

Before we can look at ReDoS, we need to understand what Regex is and why it’s used. Regex stands for Regular Expression. Regular Expressions were first discussed as a concept in the early 50’s by mathematicians and those interested in theoretical computer science. Regex didn’t rise to mainstream use until the late 60’s when it was used to accomplish two primary use…