AnchorSec’s founder, Gareth, develops a tool to help him find and verify Regular Expression Denial of Service (ReDoS) vulnerabilities in code. This blog explores the cause of this class of vulnerability, how to find ReDoS vulnerabilities and the implications for security. The blog also describes the development of a new tool to assist in finding these vulnerabilities, and the next steps for security testers.