Iron Web application Advanced Security testing Platform

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.

  • It’s Free and Open source
  • GUI based and very easy to use, no security expertise required
  • Powerful and effective scanning engine
  • Supports recording Login sequence
  • Reporting in both HTML and RTF formats
  • Checks for over 25 different kinds of well known web vulnerabilities
  • False Positives detection support
  • False Negatives detection suppport
  • Industry leading built-in scripting engine that supports Python and Ruby
  • Extensibile via plug-ins or modules in Python, Ruby, C# or VB.NET
  • Comes bundled with a growing number of Modules built by researchers in the security community.
    •     WiHawk – WiFi Router Vulnerability Scanner by Anamika Singh
    •     XmlChor – Automatic XPATH Injection Exploitation Tool by Harshal Jamdade
    •     IronSAP – SAP Security Scanner by Prasanna K
    •     SSL Security Checker – Scanner to discover vulnerabilities in SSL installations by Manish Saindane
    •     OWASP Skanda – Automatic SSRF Exploitation Tool by Jayesh Singh Chauhan
    •     CSRF PoC Generator – Tool for automatically generating exploits for CSRF vulnerabilities by Jayesh Singh Chauhan
    •     HAWAS – Tool for automatically detecting and decoding encoded strings and hashes in websites by Lavakumar Kuppan

The False Positive Detection Support is provided by the scanner giving precise and detailed information on how a vulnerability was detected and why it was reported along with instructions on how to test if it is a False Positive.


The False Negative Detection Support is made possible through Anomaly detection. This is most likely the first time that Anomaly detection technique is used in the context of web security scanning.

Details on how these systems function and achieve their claimed goals is available below. But before that, if you are not very familiar with how web security scanners work and why False Positives and False Negatives occur, then the next section will bring you up to speed.

The Basics:
False Positives and False Negatives are an unfortunate reality with web vulnerability scanners. Before we delve into the details let’s clarify the terminology first.

False Positive:
When a scanner reports that a particular vulnerability is present on the scanned application but in reality this vulnerability does not exist in the application, it is called a False Positive.

False Positives occur when a scanner incorrectly determines that a vulnerability is present in an application.

False Negative:
When a vulnerability is actually present in an application but a scanner fails to detect its presence, it is called a False Negative.

Download the program.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...