IronWASP (Iron Web application Advanced Security testing Platform)

The need to ensure comprehensive penetration testing of an application with multiple attack payloads manually is a very tedious task, which is both tasking & time-consuming. The usage of security scanning tools has been complimentary to the manual testing activity in this game of Application security testing. The need was always to have an efficient, effective & an elegant tool which is user-friendly and also ensure maximum hit rate of identifying the actual vulnerabilities with a minimal number of false positives being identified. IronWASP is one such fantabulous open source tool. 

In this article let’s have a cursory insight into this open source testing tool “IronWASP” - Iron Web application Advanced Security testing Platform.

IronWASP is an environment for web application security testing designed for an optimum mix of manual and automated testing. It has a GUI interface which doesn’t require any installation and comes with Built-in Crawler, Scan Manager & Proxy and embedded with modules & plugins. IronWASP is able to detect most of the vulnerabilities with least number of "false positives" and enables the tester to define custom Security Scanner in a very short time.

Though an advanced user with Python/Ruby scripting skills will be able to ensure a comprehensive usage of this scanner, a majority of the tool's features are simple enough to be used by absolute beginners. 

The prime features of this tool being:

  • Simple UI interface offering ease of use, without much knowledge on in-depth application security/testing aspects. 
  • Powerful and effective scanning engine with automatic and manual crawling options. 
  • Supports recording Login sequence. 
  • Facilitates generation of reports in both HTML and RTF formats.
  • Checks for over 25+ varied & well-known web vulnerabilities across OWASP Top 10 and SANS 25 Framework. 
  • Support for False Positives detection Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET 
  • In-built with modules from researchers in the security community. 
  • Embedded interactive testing tools to test for:
    - CSRF Protection
    - Broken Authentication
    - Hidden Parameters
    - Privilege Escalation

You can download the tool from the given link 

Refer to the attached PDF for in-depth information on the tool, its features, installation & deployment, interactive testing methodologies etc.

Authored By - Rajesh Rao Budhnar
TCS Cyber Security Practice


Rate this article: 
Average: 4 (4 votes)
Article category: