Netflix Open Sources Sleepy Puppy XSS Flaw Detection Tool
Cloud computing platforms make headlines every day now, including leading open source platforms, but few organizations have the true cloud expertise that Netflix has. The company also has an admirable history of open sourcing many of its most useful cloud tools and accompanying security tools. We've reported on Netflix open sourcing a series of interesting "Monkey" cloud tools as part of its "simian army," which it has deployed as a series satellite utilities orbiting its central cloud platform. Netflix has also released three of its internal tools that help protect the security of its platform, and function as convenient utilities.
And now, Netflix has released 'Sleepy Puppy,' XSS flaw detection software to the open source community, which can make XSS vulnerability detection easier and more efficient through secondary application tests.
The Sleeping Puppy tool is one of many security-focused tools that Netflix has open source, including Scumblr, Workflowable and Sketchy--all available now.
According to a post on Sleeping Puppy:
Sleepy Puppy is a XSS payload management framework that enables security engineers to simplify the process of capturing, managing, and tracking XSS propagation over long periods of time and numerous assessments.
Security engineers can leverage the Sleepy Puppy assessment model to categorize payloads and subscribe to email notifications when delayed cross-site scripting events are triggered. Sleepy Puppy also exposes an API for users who may want to develop plugins for scanners such as Burp or Zap.
Sleepy Puppy is available now on the Netflix Open Source site. You can try out Sleepy Puppy using Docker. Detailed instructions on setup and configuration are available on the wiki page.
Netflix previously released Janitor Monkey and Chaos Monkey, which are cloud tools. You can peruse Netflix's overall open source software resource center on GitHub. The company is steadily releasing proven tools that can be quite useful for administrators. Netflix has also said that it has more tools to be open sourced soon.