Grails Security and Validating Cross-Site Scripting Vulns with xssValidator

Please note that this meeting is on Tuesday, July 8th instead of Wednesday.

Talk number one: Grails Security

Presentation Overview: Grails is a framework developed for Groovy in the vein of Rails for Ruby. It provides a lot of features for web app security, but does it do enough? What might you need to implement yourself, and what might be provided? This presentation will discuss tips on securing Grails applications, including tools that the framework provides by default for security. It'll also discuss several shortcomings in the current toolset, and how you can avoid them.

Bio: Cyrus Malekpour (@cmalekpour) is currently interning at nVisium, working on web app development and security. He's currently an undergraduate student at the University of Virginia, where he's studying computer science with an emphasis on security and backend development.

Talk number two: Validating Cross-Site Scripting Vulns with xssValidator

xssValidator is a tool developed to automate the testing and validation of Cross-Site Scripting (xss) vulnerabilities within web applications. Automated scanners tend to report large amounts of false-positives, and as consultants we're forced spending our time trying to verify these findings. xssValidator leverages scriptable web-browsers such as PhantomJS and Slimer.js to automatically validate these findings.

Bio: John Poulin is an application security consultant for nVisium who specializes in web application security. He worked previously as a web developer and software engineer that focused on building multi-tier web applications. When he's not hacking on web apps, John spends his time building tools to help him hack on web apps! You can find him on twitter: @forced_request and on myspace: REDACTED.