An Interest In:
Web News this Week
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
September 2, 2015 10:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/vo1qoVEtmr0/netflix-open-sources-sleepy-puppy-xss-hunter
Netflix Open Sources Sleepy Puppy XSS Hunter
msm1267 writes: Netflix has released a tool it calls Sleepy Puppy. The tool injects cross-site scripting payloads into a target app that may not be vulnerable, but could be stored in a database and tracks the payload if it's reflected to a secondary application that makes use of the data in the same field. "We were looking for a way to provide coverage on applications that come from different origins or may not be publicly accessible," said co-developer Scott Behrens, a senior application security engineer at Netflix. "We also wanted to observe where stored data gets reflected back, and how data that may be stored publicly could also be reflected in a large number of internal applications." Sleepy Puppy is available on Netflix's Github repository and is one of a slew of security tools its engineers have released to open source.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/vo1qoVEtmr0/netflix-open-sources-sleepy-puppy-xss-hunter
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot