13 Jun, 2014

Introducing Grails.nV: The vulnerable Grails application

by nVisium Team

nVisium is proud to announce the release of Grails.nV, the intentionally vulnerable Grails application. nVisium developed this application with the needs of Grails application developers in mind. Quality training that is customized for the language and framework being used is a must. We wanted to create this application to address that need in the Grails world. Without further ado, here’s Grail.nV! 

Here’s a link to the project: Grail.nV

Grails.nV is a simulated employment application. Users can register, login, edit their profile, browse jobs and more.

Once a user is registered and logged in, they can switch over to Tutorial section and walk through the vulnerabilities in the application. Each vulnerability comes with a high level description, a hint to find it in Grails.nV, and a solution for how to address it in the code.

So far, Grails.nV has 17 vulnerabilities built in, from CRSF to SQL injection. There’s lots of variety and they can be found on both the Grails side and template/JS side.

The Github page has all the instructions to get it setup and running.

We have a lot more planned for Grails.nV and more vulnerable training apps are coming down the pike. This is just the first release of Grails.nV and we have new vulnerabilities and features we’re looking to add. We hope Grails developers find this tool useful and help further the security of Grails applications.

Submit bugs and new ideas to the issues page on Github.

A big shout out to Cyrus Malekpour for his hard work building Grails.nV.