Iron Web application Advanced Security testing Platform

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.

  • It’s Free and Open source
  • GUI based and very easy to use, no security expertise required
  • Powerful and effective scanning engine
  • Supports recording Login sequence
  • Reporting in both HTML and RTF formats
  • Checks for over 25 different kinds of well known web vulnerabilities
  • False Positives detection support
  • False Negatives detection suppport
  • Industry leading built-in scripting engine that supports Python and Ruby
  • Extensibile via plug-ins or modules in Python, Ruby, C# or VB.NET
  • Comes bundled with a growing number of Modules built by researchers in the security community.
    •     WiHawk – WiFi Router Vulnerability Scanner by Anamika Singh
    •     XmlChor – Automatic XPATH Injection Exploitation Tool by Harshal Jamdade
    •     IronSAP – SAP Security Scanner by Prasanna K
    •     SSL Security Checker – Scanner to discover vulnerabilities in SSL installations by Manish Saindane
    •     OWASP Skanda – Automatic SSRF Exploitation Tool by Jayesh Singh Chauhan
    •     CSRF PoC Generator – Tool for automatically generating exploits for CSRF vulnerabilities by Jayesh Singh Chauhan
    •     HAWAS – Tool for automatically detecting and decoding encoded strings and hashes in websites by Lavakumar Kuppan

The False Positive Detection Support is provided by the scanner giving precise and detailed information on how a vulnerability was detected and why it was reported along with instructions on how to test if it is a False Positive.


The False Negative Detection Support is made possible through Anomaly detection. This is most likely the first time that Anomaly detection technique is used in the context of web security scanning.

Details on how these systems function and achieve their claimed goals is available below. But before that, if you are not very familiar with how web security scanners work and why False Positives and False Negatives occur, then the next section will bring you up to speed.

The Basics:
False Positives and False Negatives are an unfortunate reality with web vulnerability scanners. Before we delve into the details let’s clarify the terminology first.

False Positive:
When a scanner reports that a particular vulnerability is present on the scanned application but in reality this vulnerability does not exist in the application, it is called a False Positive.

False Positives occur when a scanner incorrectly determines that a vulnerability is present in an application.

False Negative:
When a vulnerability is actually present in an application but a scanner fails to detect its presence, it is called a False Negative.

Download the program.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...