RailsConf 2022 - Service Denied! Understanding How Regex DoS Attacks Work by Kevin Menard

Channel:
United States Confreaks
Subscribers:
42,400
Published on ● Video Link: https://www.youtube.com/watch?v=XpF3H6w1NSY


Duration: 30:44
109 views
0

Did you know that people can knock your Rails application offline just by submitting specially formatted strings in a form or API request? In this talk, we’ll take a look at what’s really going on with a regex denial of service (DoS) attack. We’ll take a peek into the CRuby regex engine to see what it’s really doing when we ask it to match against a string. With a basic understanding of how regular expressions work, we can better understand what these attacks do, why they tie up so much CPU, and what we can do to guard against them.



Other Videos By Confreaks


2023-01-16RailsConf 2022 - Diversity in Engineering; a community perspective
2023-01-16RailsConf 2022 - Keynote: RailsConf 2022 - It's been a minute! by Aaron Patterson
2023-01-16RailsConf 2022 - Testing legacy code when you dislike tests (and legacy code) by Maeve Revels
2023-01-16RailsConf 2022 - Don't page me! How we limit pager noise at New Relic by Chuck Lauer Vose
2023-01-16RailsConf 2022 - ELI5: A Game Show on Rails by Andy Glass
2023-01-16RailsConf 2022 - Spacecraft! The care and keeping of a legacy ... by Annie Lydens & Jenny Allar
2023-01-16RailsConf 2022 - The pitfalls of realtime-ification by Vladimir Dementyev
2023-01-16RailsConf 2022 - Computer science you might (not) want to know by Andy Andrea
2023-01-16RailsConf 2022 - Bringing Your Rails Monolith Along As The Business Grows - Ontra - Carrick Rogers
2023-01-16RailsConf 2022 - Unboxing Rails 7What's new in the latest major version by Claudio Baccigalupo
2023-01-16RailsConf 2022 - Service Denied! Understanding How Regex DoS Attacks Work by Kevin Menard
2023-01-16RailsConf 2022 - Laying the Cultural and Technical Foundation for Big Rails by Alex Evanczuk
2023-01-16RailsConf 2022 - Your Service Layer Needn't be Fancy, It Just Needs to Exist by David Copeland
2023-01-16RailsConf 2022 - Browser History Confessional: Searching My Recent Searches by Kevin Murphy
2023-01-16RailsConf 2022 - Shopify
2023-01-16RailsConf 2022 - Keynote: The Success of Ruby on Rails by Eileen Uchitelle
2023-01-16RailsConf 2022 - Keynote: Meditations on Software by Vaidehi Joshi
2023-01-16RailsConf 2022 - Building a diverse engineering team - Wrapbook - Zaid Zawaideh & Jessica Lawrence
2023-01-16RailsConf 2022 - The Queue Continuum: Applied Queuing Theory by Justin Bowen
2023-01-16RailsConf 2022 - Open the gate a little: strategies to protect and share data by Fernando Petrales
2023-01-16RailsConf 2022 - Your TDD Treasure Map by Christopher "Aji" Slater


Tags:
RailsConf
Rails
RubyonRails
DHH