[Owasp-boston] July meeting is Tuesday July 8 - 6:30 Akamai
jim.weiler at owasp.org
Mon Jul 7 19:48:22 UTC 2014
Just FYI - 2 talks by web app sec researchers - plus news and views you can
use and abuse, announcements etc.
*Talk number one:* *Grails Security*
Presentation Overview: Grails is a framework developed for Groovy in the
vein of Rails for Ruby. It provides a lot of features for web app security,
but does it do enough? What might you need to implement yourself, and what
might be provided? This presentation will discuss tips on securing Grails
applications, including tools that the framework provides by default for
security. It'll also discuss several shortcomings in the current toolset,
and how you can avoid them.
Bio: Cyrus Malekpour (@cmalekpour) is currently interning at nVisium,
working on web app development and security. He's currently an
undergraduate student at the University of Virginia, where he's studying
computer science with an emphasis on security and backend development.
*Talk number two: Validating Cross-Site Scripting Vulns with
xssValidator is a tool developed to automate the testing and validation
of Cross-Site Scripting (xss) vulnerabilities within web applications.
Automated scanners tend to report large amounts of false-positives, and as
consultants we're forced spending our time trying to verify these findings.
xssValidator leverages scriptable web-browsers such as PhantomJS and
Slimer.js to automatically validate these findings.
Bio: John Poulin is an application security consultant for nVisium who
specializes in web application security. He worked previously as a web
developer and software engineer that focused on building multi-tier web
applications. When he's not hacking on web apps, John spends his time
building tools to help him hack on web apps! You can find him on twitter:
@forced_request and on myspace: REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-boston