Developed and owned by Netflix free για όλους τους ενδιαφερόμενους, ένα εργαλείο για τον εντοπισμό ευπαθειών cross-site scripting (XSS).
The Sleeping Puppy tool contains Netflix-developed security tools. The tools include the Fully Integrated Defense Automated Incident Response Platform, the Dirty Laundry blabbing staff monitor, and the Scumblr, Sketchy, and Workflowable hack monitors.
The developers of Netflix, Scott Behrens (helloarbit) and Patrick Kelley (monkeysecurity) have created Sleeping Puppy with a payload that can help admins to detect cross-site scripting (XSS) vulnerabilities in their web applications.
“Often, when testing for client side injections (such as HTML and JavaScript) security engineers look for where the injection through the application they test them," report the researchers.
"While this provides fairly good coverage for the scope of the application, there is a case for attackers to inject and reflect from a completely separate application."
Administrators can check with Sleepy Puppy data such as URLs, referrers, cookies, user agents, Document Object Models, and screenshots.
Η platform it works with Docker, and is extremely flexible, allowing users to implement their own payloads and monitoring tools.
It can also be connected to Burp suite or ZAR suite using APIs.
See all Netflix tools in GitHub.
You can download Sleepy Puppy from here.