Andres:
I'm in the oven, I'll try to read the links and make something up. Meanwhile,
what are you asking for is a language or library that suffers for this kind of
vulnerability, aren't you?
I did not try the javascript code [1], isn't what are you asking for?
Carlos Pantelides
@dev4sec
http://seguridad-agile.blogspot.com/
________________________________
From: Andres Riancho <andres.rian...@gmail.com>
To: "w3af-develop@lists.sourceforge.net" <W3af-develop@lists.sourceforge.net>;
w3af-us...@lists.sourceforge.net
Sent: Wednesday, August 1, 2012 3:40 PM
Subject: Re: [W3af-users] Regular expression DoS
Ping! Someone can help me out?
On Thu, Jul 26, 2012 at 1:59 PM, Andres Riancho
<andres.rian...@gmail.com> wrote:
> Lists,
>
> I'm trying to write a unittest for our redos audit plugin [0] that
> aims to find regular expression denial of service as explained here
> [1]. My problem at this point, and this is why I'm contacting you, is
> that I know for a fact that both PHP and Python are safe against this
> vulnerability (because of their regex engines being safe), but I want
> to have a unittest that really verifies that the plugin works and can
> identify the vulnerability... which programming language should I use
> to code the vulnerable script?
>
> Thanks!
>
> [0]
> https://sourceforge.net/apps/trac/w3af/browser/trunk/plugins/audit/redos.py
> [1]
> https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
>
> Regards,
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-users mailing list
w3af-us...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
