Once a user is registered and logged in, they can switch over to Tutorial section and walk through the vulnerabilities in the application. Each vulnerability comes with a high level description, a hint to find it in Grails.nV, and a solution for how to address it in the code.
So far, Grails.nV has 17 vulnerabilities built in, from CRSF to SQL injection. There’s lots of variety and they can be found on both the Grails side and template/JS side.
The Github page has all the instructions to get it setup and running.
We have a lot more planned for Grails.nV and more vulnerable training apps are coming down the pike. This is just the first release of Grails.nV and we have new vulnerabilities and features we’re looking to add. We hope Grails developers find this tool useful and help further the security of Grails applications.
Submit bugs and new ideas to the issues page on Github.
A big shout out to Cyrus Malekpour for his hard work building Grails.nV.