Lists,
I'm trying to write a unittest for our redos audit plugin [0] that
aims to find regular expression denial of service as explained here
[1]. My problem at this point, and this is why I'm contacting you, is
that I know for a fact that both PHP and Python are safe against this
vulnerability (because of their regex engines being safe), but I want
to have a unittest that really verifies that the plugin works and can
identify the vulnerability... which programming language should I use
to code the vulnerable script?
Thanks!
[0] https://sourceforge.net/apps/trac/w3af/browser/trunk/plugins/audit/redos.py
[1] https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
