1.2 When and How to Use Regex - RX

00:00

welcome back to introduction off regular expressions. Today. We'll go over off when it's a good idea to use him and when it's not.

00:09

First, let's start with a brief review.

00:11

On our previous lesson, we discuss the basics of Fredricks what it is, what kind of we use it for its benefits and tools that can assist us to put it all into one sentence. It's a defense search parameter that will enhance our experience. Working with information security tools

00:28

on today's lesson will cover a few examples on when it's beneficial to use regular expression. And when it's not big spoiler alert just because it works on a radical tools, it does not mean our information security tools will accept it S s I have personal experiences both in the Web security appliance as well as in data loss prevention tools.

00:48

But don't be scared,

00:49

because in this lesson you will learn how to avoid these errors and be efficient.

00:53

*** samples will go over, are fairly simple and even know we have not learned how to properly read Rogic's jet. You will be able to understand this lesson, and I believe it actually helps better understand the concept, not knowing 100% how the Reddick structure works,

01:10

then knowing the structure because then you will not be able to see the complexity factor that this type of examples will bring to the table.

01:19

Like I mentioned, there's no reason to get frustrated. This is what I'm here for. So let's go over quick and simple example. For this exercise, I'll be using their previously percent to tool register dot com

01:32

expression shown intense. Identify our credit card like formative sequence of numbers that intern 01

01:38

02

01:40

03

01:42

or syrup for which sequences aren't divided by D's pipe symbols,

01:47

which I'm clearly highlighting in red.

01:52

Now,

01:53

even without knowledge of Red IX, we can see that identifying thes sequence

01:59

took us a little bit of time, even with me explaining it to you.

02:02

This behavior it's similar when we introduce this type of rejects into our security tools are tools will have to go over each and every one of these strings of data

02:16

and analyze it given to the Red X, not the 1st 1 the second, the third of four, but all together at the same time, results showing in light blue currently off does that matched back right here?

02:30

Now, as mentioned earlier?

02:31

Well, the Rodgers is looking is for D string of characters and either in 01

02:38

02

02:39

03

02:42

or syrup, for which, if you can appreciate, it's the only thing that changes in this value of star in different colors.

02:50

If we highlight this area, you can see that only the 1st 4 values match this criteria.

02:55

Now, as you may be aware, there's always more than one method to apply a technique and rejects its no exception.

03:05

Let's take a quick example here. We can actually eliminate the rest up this value

03:09

and modify the Value Indian to actually show us the different alternatives that were presented to us. In this case, we can use the pipes to identify the differences between the strings of data. And once we close it with another blanket, you can see that the same highlighted values are still presented, a k a. The 1st 4 values.

03:30

Now, even though they're Rodricks, it's shorter and more simple.

03:35

The same principles will still apply.

03:38

We will still compare the string of data

03:42

to the numerical values showing up off, highlighted in this red square, and I apologized for my squiggly line. It didn't came out as pretty as I wanted,

03:50

but as you can see now, it's way easier to identify.

03:53

But the purposes, which is to end in either 123 or four.

03:59

Now this can get a lot simpler for a system to analyse, which is highlighted in this little rule over here. Don't worry. We'll go into further detail in future lessons. But what the rule is trying to say is that we don't really needs the pipes,

04:13

just putting the numbers in between the bracket. It's an option itself, however, For inexperienced reader, this might not seem it's obvious and therefore more complex. Now. One very important factor to take into consideration is dead

04:27

even Know this is a very simple Raj X,

04:30

and it works in red X er, it doesn't mean our security tools will be able to handle it. Remember, just a lot of different flavors, heretics and even know someone compatibles with our tools

04:43

how efficient our tools are processing. These

04:46

are different,

04:47

and I remember writing a rule very similar to the one of off,

04:53

and my solution just simply stopped processing because off the your statement and I basically had to write it down as four,

05:03

five or even six different Syntex is. And once I've performed this option, he was Maur optimized and actually performed intended action. Now the string of character, instead of being analyzed by that red X above it, will actually go four times over these simple strings of red X shown below.

05:24

Now let's compare. It is too simple math.

05:26

And don't panic.

05:28

Don't be scared. We don't need math and scorches its shells an example, and we'll keep it at this level

05:34

if you some five plus five, you already know that the answer is 10. And if you do this four times, you know what the answer is gonna be. However, when we add a multiplication, even knows something we might know or might remember we did some point in our past,

05:49

you might still have to think over exactly what the end result for this is. Right in front Reddick's. It's not much difference.

05:58

The security tools will prefer adding up, then multiplying right. And this is just hypothetical. Speaking is just to put you in an example of how these tools work. Now let's quickly review what we learned today. It is not always the best option

06:12

process can actually be broken, if not properly implemented.

06:15

No es. An example shown in red bricks. Or it is easier to read several simple Reddick cyst entities to read one at Band

06:25

Complex Radic and therefore my recommendation when applying into information security tools on our next lesson will actually dive into our second model. When you actually get our hands stare, too irregular expressions. By letting a regular expression structure,

06:39

we'll divide this money into several smaller lessons that once we finish, you will have a more broader view on how to read and write regular expressions by understanding how to use the cheat sheet show on the right side of the screen.