Netflix has released Sleepy Puppy: a tool for detecting flaws in XSS. The tool has been created in an effort to fight malicious cross-site scripting, which is a type of vulnerability that allows attackers to execute arbitrary scripts in a victim’s browser. XSS vulnerabilities have been one of the leading security vulnerabilities for more than 10 years, with an estimated 47% of all websites containing a vulnerability of this type. Sleepy Puppy helps prevent these attacks by providing an XSS payload management framework that makes it simpler for engineers to capture, manage, and track XSS propagation. Netflix seeks outside involvement in the development of this software, and the code is hosted on their GitHub account.
For more information, read the official blog post from Netflix.
