CIP Cyber

Iron Web application Advanced Security testing Platform

Table of Contents

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.

  • It’s Free and Open source
  • GUI based and very easy to use, no security expertise required
  • Powerful and effective scanning engine
  • Supports recording Login sequence
  • Reporting in both HTML and RTF formats
  • Checks for over 25 different kinds of well known web vulnerabilities
  • False Positives detection support
  • False Negatives detection suppport
  • Industry leading built-in scripting engine that supports Python and Ruby
  • Extensibile via plug-ins or modules in Python, Ruby, C# or VB.NET
  • Comes bundled with a growing number of Modules built by researchers in the security community.
    •     WiHawk – WiFi Router Vulnerability Scanner by Anamika Singh
    •     XmlChor – Automatic XPATH Injection Exploitation Tool by Harshal Jamdade
    •     IronSAP – SAP Security Scanner by Prasanna K
    •     SSL Security Checker – Scanner to discover vulnerabilities in SSL installations by Manish Saindane
    •     OWASP Skanda – Automatic SSRF Exploitation Tool by Jayesh Singh Chauhan
    •     CSRF PoC Generator – Tool for automatically generating exploits for CSRF vulnerabilities by Jayesh Singh Chauhan
    •     HAWAS – Tool for automatically detecting and decoding encoded strings and hashes in websites by Lavakumar Kuppan

The False Positive Detection Support is provided by the scanner giving precise and detailed information on how a vulnerability was detected and why it was reported along with instructions on how to test if it is a False Positive.


The False Negative Detection Support is made possible through Anomaly detection. This is most likely the first time that Anomaly detection technique is used in the context of web security scanning.

Details on how these systems function and achieve their claimed goals is available below. But before that, if you are not very familiar with how web security scanners work and why False Positives and False Negatives occur, then the next section will bring you up to speed.

The Basics:
False Positives and False Negatives are an unfortunate reality with web vulnerability scanners. Before we delve into the details let’s clarify the terminology first.

False Positive:
When a scanner reports that a particular vulnerability is present on the scanned application but in reality this vulnerability does not exist in the application, it is called a False Positive.

False Positives occur when a scanner incorrectly determines that a vulnerability is present in an application.

False Negative:
When a vulnerability is actually present in an application but a scanner fails to detect its presence, it is called a False Negative.

Download the program.
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings