[Owasp-boston] July meeting is Tuesday July 8 - 6:30 Akamai

Jim Weiler jim.weiler at owasp.org
Mon Jul 7 19:48:22 UTC 2014


Just FYI - 2 talks by web app sec researchers - plus news and views you can
use and abuse, announcements etc.

   -

   *Talk number one:* *Grails Security*

   Presentation Overview: Grails is a framework developed for Groovy in the
   vein of Rails for Ruby. It provides a lot of features for web app security,
   but does it do enough? What might you need to implement yourself, and what
   might be provided? This presentation will discuss tips on securing Grails
   applications, including tools that the framework provides by default for
   security. It'll also discuss several shortcomings in the current toolset,
   and how you can avoid them.

   Bio: Cyrus Malekpour (@cmalekpour) is currently interning at nVisium,
   working on web app development and security. He's currently an
   undergraduate student at the University of Virginia, where he's studying
   computer science with an emphasis on security and backend development.

   *Talk number two: Validating Cross-Site Scripting Vulns with
   xssValidator*

   xssValidator is a tool developed to automate the testing and validation
   of Cross-Site Scripting (xss) vulnerabilities within web applications.
   Automated scanners tend to report large amounts of false-positives, and as
   consultants we're forced spending our time trying to verify these findings.
   xssValidator leverages scriptable web-browsers such as PhantomJS and
   Slimer.js to automatically validate these findings.

   Bio: John Poulin is an application security consultant for nVisium who
   specializes in web application security. He worked previously as a web
   developer and software engineer that focused on building multi-tier web
   applications. When he's not hacking on web apps, John spends his time
   building tools to help him hack on web apps! You can find him on twitter:
   @forced_request and on myspace: REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20140707/4052759b/attachment.html>


More information about the Owasp-boston mailing list