SDL Regex Fuzzer

SDL Regex Fuzzer is a tool to help test regular expressions for potential denial of service vulnerabilities.
  • Version:


    File Name:


    Date Published:


    File Size:

    2.4 MB

      Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition. SDL Regex Fuzzer is a tool to help test regular expressions for these potential vulnerabilities during the Verification phase of the Microsoft Security Development Lifecycle (SDL) process.
  • Supported Operating System

    Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP

      .NET Framework 3.5
    • 1. Download and install the RegexFuzzerSetup*.msi on your machine.
      2. Launch SDL Regex Fuzzer from the Start menu.
      3. Enter the regular expression pattern to be tested into the pattern input field.
      4. Select the attack character set and number of iterations to test.
      5. Press the Start button to start fuzzing.
      6. (Optional) If SDL Regex Fuzzer detects a vulnerability, you can file a bug into a Team Foundation Server 2008 or 2010 Team Project by pressing the "File A Bug" button.
Site feedback

What category would you like to give web site feedback on?

Rate your level of satisfaction with this web page today: