regfuzz on the loose

»regfuzz is a barebones regular expression fuzzer which has found numerous vulnerabilities across many regular expression engines.

In late 2007, taviso and I spent a good deal of time examining regular expression engines. We reported a number of vulnerabilities. These vulnerabilities were found using either this tool or manual auditing.

We presented twice on this topic. The slides and pdf can be found below:
- Insecure Context Switching (WOOT'08)
- Regular Exceptions: slides | demos (IT Defense '08)

This page does not necessarily reflect the views of my employer or anyone I'm associated with.