Regex, ReDoS and Evil Regex
Regular expressions are extensively used to process strings which makes it easy for developers to use ( Larson (2018)). Regular expressions are used in searching, validate data on web page form and processing data.
The Regular expression Denial of Service (ReDoS) according to Weidman (n.d.) is Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly and an attacker can then cause program using a Regular Expression (Regex) to enter these extreme situations and hang.
A Regex pattern is called an Evil Regex if it can get stuck on special crafted input. These are designed to cause the regular expression inefficient and take a very long time to evaluate and effectively crashing the system.
Poorly written Regex can be inefficient leading to performance issues in applications that use them and this can be avoided by making sure that regular expressions used do not use inefficient features like repeated patterns. Also, poorly sanitized regular expressions can be vulnerable to attacks and cause denial of services and even system crashes (Larson (2018)), so make sure user input is properly sanitized.
According to Larson (2018). Regular expressions can be used to help validating data on web forms and this can help prevent attackers from abusing the systems.