RailsConf 2022 - Service Denied! Understanding How Regex DoS Attacks Work by Kevin Menard
Did you know that people can knock your Rails application offline just by submitting specially formatted strings in a form or API request? In this talk, we’ll take a look at what’s really going on with a regex denial of service (DoS) attack. We’ll take a peek into the CRuby regex engine to see what it’s really doing when we ask it to match against a string. With a basic understanding of how regular expressions work, we can better understand what these attacks do, why they tie up so much CPU, and what we can do to guard against them. _____________________________________________________________ Cloud 66 - Deploy your Rails code directly from your repo to any cloud in minutes. Cloud 66 offers the convenience of Heroku, but on any cloud and in any region, with persistent storage, custom network configuration, zero downtime deployments, blue/green and canary releases, WAF, and more. Get $100 Cloud 66 Free Credits with the code: RailsConf2022 ($100 Cloud 66 Free Credits, for the new user only, valid till 31st December 2022) Cloud 66: https://cloud66.com/frameworks/rails?utm_source=e&utm_medium=d&utm_campaign=ytRailsConf-22