Module Notes
Regular Expressions
Regular expressions are extensively used to process strings which makes it easy for developers to use ( Larson (2018)). Regular expressions are used in searching, validate data on web page form and processing data.
The Regular expression Denial of Service (ReDoS) according to Weidman (n.d.) is Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly and an attacker can then cause program using a Regular Expression (Regex) to enter these extreme situations and hang.
A Regex pattern is called an Evil Regex if it can get stuck on special crafted input. These are designed to cause the regular expression inefficient and take a very long time to evaluate and effectively crashing the system.
Poorly written Regex can be inefficient leading to performance issues in applications that use them and this can be avoided by making sure that regular expressions used do not use inefficient features like repeated patterns. Also, poorly sanitized regular expressions can be vulnerable to attacks and cause denial of services and even system crashes (Larson (2018)), so make sure user input is properly sanitized.
According to Larson (2018). Regular expressions can be used to help validating data on web forms and this can help prevent attackers from abusing the systems.
What is Secure Programming?
According to Pillai (2017), there are several factors that determine whether a programming language is secure or not. Some of the factors include;
1. How the language manage memory. If the language manage memory well, it prevent memory leaks that are used by attackers
2. How well the language is documented also determine how secure it is. If a language has a well written documentation it can help developers understand it and help maintain security features.
3. The community using the programming language also plays a role in determining the security of a language. A strong community will easily identify weak points and fix them.
I consider python to be a secure language as fulfils all the above points that have been noted.