Free Anti-DoS Tool from Microsoft: SDL Regex Fuzzer

By on October 13th, 2010 10:27 GMT

Microsoft has made available for download a new tool designed to help customers evaluate their projects and see whether their Cloud applications are exposed to Denial of Service attacks.

The SDL Regex Fuzzer is now up for grabs from the Microsoft Download Center, free of charge, and as the official label implies, the tool has been developed by the team behind the Security Development Lifecycle.

According to the software giant, SDL Regex Fuzzer can tests regular expressions in order to sniff out any potential DoS vulnerabilities.

Bryan Sullivan, security product manager SDL team explained that the security solution is a must have for customers that are relying on Cloud apps in order to run their business.

“I’ve predicted before that as cloud computing gains wider adoption, we’ll start to see a significant increase in denial of service (DoS) attacks against those services,” Sullivan said.

While the Cloud does offer inherent advantages to end users, such as lower cost in combination with scalability, per the pay-as-you-go model, it also opens up new revenue avenues for attacks.

Cloud customers are paying for processor time, bandwidth and storage, so attacks can no longer target the infrastructure, but only aim to consume the resources available to users, causing the customer to pay inflated bills.

“Attackers will shift from pursuing elusive privilege elevation vulnerabilities to simply blackmailing SaaS providers: pay me $10,000 or I’ll make your app consume $20,000 worth of server resources,” Sullivan added.

Customers leveraging the SDL Regex Fuzzer will be able to bulletproof their applications against exploits for DoS vulnerabilities in a SaaS context (software as a service).

In this regard, SDL Regex Fuzzer is especially set up to enable customers to identify and resolve vulnerabilities which allow for regular expression DoS (or ReDoS).

“Until now, the only way to detect ReDoS vulnerabilities was through manual code review. So I’m pleased to announce the immediate availability of a new tool, the SDL Regex Fuzzer, as a free download,” Sullivan added.

“SDL Regex Fuzzer will evaluate regular expression patterns to determine whether they could be vulnerable to ReDoS. It usually takes only a few seconds of testing to make a determination.

“And like the rest of the suite of SDL tools, SDL Regex Fuzzer integrates with the SDL Process Template and MSF-Agile+SDL Process Template to help you track and eliminate detected vulnerabilities.”

SDL Regex Fuzzer is available for download here.

Comments

Security Development Lifecycle
   Security Development Lifecycle