1. Evaluating a login validation regex
Backend DeveloperBackground
A developer is implementing a new email and username validation schema on a Node.js server.
Problem
Nested quantifiers in the validation regex might expose the server to ReDoS attacks if a malicious user submits a carefully crafted payload.
How to use
Paste the regex ^(\w+\s?)*$ into the Regex List, set Max Evil Input Length to 64, and run the scan.
Flags: (empty), Max Evil Input Length: 64, Simulation Runs: 200Outcome
The scanner flags the pattern as 'critical', reports the worst simulated execution time, and suggests a non-backtracking alternative.