Abstract

Github All Web Applications share the same architectural underpinnings but each one has subtle differences in implementation. These differences make it impossible to write a generic Web Security Scanner that works for all applications. As a Penetration Tester, I routinely observe and understand how each application is designed before testing them. I had always dreamt of a day when I could feed my understanding of the application in to a scanner and let it take over from there. IronWASP is the realization of that dream.

IronWASP is an extremely flexible and powerful web security scanner with components to test for most of the common web application vulnerabilities. These components can be extended and altered either in Python or Ruby. More importantly it has an integrated scripting engine which can be used to create your own web security scanner, customized for a specific web application, in a matter of minutes, in a few lines of Python or Ruby using the IronwASP API. It packs many clever features in a simple and clear UI including a JavaScript Analyzer to scan for DOM-based XSS. If you are in to Web Application Security then IronWASP will most likely make you drool!