Video streaming service Netflix has a opensource tool launched that allows web applications on their cross-site scripting can test. Cross-site scripting (XSS) is a problem that places an attacker to run code on a website which is then executed in the browser of visitors.
In this way, an attacker can steal cookies, for example, and thus gain access to the account of a user. Although XSS already been known for years, it is since 2004 in the OWASP Top 10 most common security problems. According to recent research would be almost half of web applications contain one or more XSS vulnerabilities.
There are already several tools available to detect XSS problems, just as Netflix cover that not everything within an application or multiple applications for which a security engineer is responsible. For example, the tools do not test for XSS in secondary applications. As a solution, Netflix decided to develop in their own words more complete framework for testing for XSS, which should make it easier to identify XSS, so to overcome the problem quickly.
The result is "Sleepy Puppy", as the tool is called. Through the framework can security engineers the process of finding, managing and tracking XSS over longer periods and simplify multiple assessments. Netflix, the tool also open source created. The video streaming service says Sleepy Puppy also be used for finding XSS and wonders how the open source community, the tool will use. According to Daniel Miessler HP and OWASP, who was already a demonstration in July, Sleepy Puppy is a promising tool.
No comments:
Post a Comment