No watchdogs but puppies for online security
In order to stay up to date with the latest IT developments I always see through articles at wired. While skimming through these articles I noticed an interesting one about Netflix. We all know Netflix as a platform (B2C) that provides series and or movies against a fee. In order to secure their service and above all the accounts of their users, they run loads of application assessments (Mimoso, 2015). Customer security is important in general but especially when transactions are included. Once this is not guaranteed, loyalty of consumers might be harmed and so sales might be affected (Flavián & Guinalíu, 2007). Throughout the readings of the literature of both Designing Business Applications and Information Strategy I noticed the same, the words privacy and safety are used very often. Netflix found part of the solution and openly shared this via open sources.
So what kind of puppies are we talking about? Well, Sleeping Puppy is a cross-site scripting payload management framework that provides delayed XSS testing (Mimoso, 2015). So what is cross-site scripting? “By leveraging XSS, an attacker does not target a victim directly. Instead, an attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser” (Acunetix). By doing this attackers can get access to personal information, or they can even send messages under your name (identity theft). A typical example of cross-site scripting, people on Facebook send messages with extremely weird topics and later claim they were hacked. Companies do not want this to happen and so solutions like sleeping puppy are developed.
figure 1: simplified working of sleepy puppy (Bisson, D; 2015)
Identity theft is a serious issue, let’s hope that these ‘puppies’ bring us a step closer to guaranteed security.
Acunetix. (n.d.). Cross-site-scripting. Retrieved 9 15, 2015, from Acunetix: http://www.acunetix.com/websitesecurity/cross-site-scripting/
Bisson, D. (2015, 9 3). Netflix’s Sleepy Puppy Tool Helps Researchers Track XSS Propagation. Retrieved 9 15, 2015, from Tripwire: http://www.tripwire.com/state-of-security/latest-security-news/netflixs-sleepy-puppy-tool-helps-researchers-track-xss-propagation/
Mimoso, M. (2015, 9 2). Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications. Retrieved 9 15, 2015, from threatpost.com: https://threatpost.com/netflix-sleepy-puppy-awakens-xss-vulnerabilities-in-secondary-applications/114517/