Netflix Open Sources Sleepy Puppy XSS Hunter

msm1267 writes: Netflix has released a tool it calls Sleepy Puppy. The tool injects cross-site scripting payloads into a target app that may not be vulnerable, but could be stored in a database and tracks the payload if it's reflected to a secondary application that makes use of the data in the same field. "We were looking for a way to provide coverage on applications that come from different origins or may not be publicly accessible," said co-developer Scott Behrens, a senior application security engineer at Netflix. "We also wanted to observe where stored data gets reflected back, and how data that may be stored publicly could also be reflected in a large number of internal applications." Sleepy Puppy is available on Netflix's Github repository and is one of a slew of security tools its engineers have released to open source.

Re:Correct Me If I Am Wrong, But

[taustin]

Er, no. The summary is, as usual on /., largely unrelated to the actual article.

It is apparently (the article is a little fuzzy, too) a tool for people designing web sites to track cross-site scripting, to look for vulnerabilities. This is a good thing. I think.