Scala is an increasingly popular language that runs on the JVM. LiftWeb and Play are the two main web application frameworks developed for Scala. The language is getting really hot in the web start-up and Financial Tech world, but nobody has dug deep into the frameworks to see if they're secure. This talk reviews the various exploitation mitigations built into each framework and what this means for attackers and defenders. The core of our talk examines the OWASP Top 10 as it applies to Lift/Play and we'll also publicly release our "hack me" app as well a Scala library to help prevent SSRF.