IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.
What’s new in IronWASP v0.9.6.5
IronWASP v0.9.6.5 is now available for download. Users of older versions should get an update prompt when using IronWASP. This is what you get with the new version.
- Completely redesigned awesome new Results section
- Support for editing, scanning and fuzzing SOAP messages
- New active checks for Server Side Includes, Sever Side Request Forgery and Expression Language Injection
- New passive check for JSON messages that are vulnerable to JSON hijacking
- Significantly faster and robust parsers for XML, JSON and Multi-part messages with auto-detection support
- Enhancements to the Payload Effect Analysis feature
- Enhancements to the Scan Trace Viewer feature
- Ability to create Request in Manual Testing section from clipboards
- New Network address parsing APIs
- Update to FiddlerCore v2.4.4.8
Detailed changelog here >> http://blog.ironwasp.org/2013/08/whats-new-in-ironwasp-v0965.html