Time to brag:
Security Consultant at TCS for bread and
Love speaking and training
Got lucky with Google, Y!, Microsoft,
Twitter .. Etc
Love anime and politics !!
Trying to contribute to the security
community and start-ups in Hyd.
For the next 40 minutes
How to use
Few comparisons between IronWASP and Burpsuite
Resources and Credits
What does it do??
Checks for OWASP top 10 and Sans top 25
Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET
False positive detection
Generate reports in HTML and RTF formats
Why the developers think that the
tool is great??
Powerful and effective
WiHawk - WiFi Router Vulnerability Scanner by
XmlChor - Automatic XPATH Injection Exploitation Tool IronSAP - SAP
Security Scanner SSL Security Checker - Scanner to discover
vulnerabilities in SSL installations
OWASP Skanda - Automatic SSRF Exploitation Tool
CSRF PoC Generator - Tool for automatically generating exploits for
HAWAS - Tool for automatically detecting and decoding encoded
strings and hashes in websites
Why do I like it??
HP WebInspect 10.0 starts at $1,500
and is licensed per application
IBM Appscan Singe User 4500$
IBM Appscan enterprise 155,000$
Acunetix 1 year 3195$
Acunetix with maintenance 5995$
BurpSuite Professional per year
Simple to use
No rocket science required
Good for beginners
Good for companies to use during low budget projects
Little better than other free tools
Finally, developed by an Indian researcher. Support him !!
Resources : http://blog.ironwasp.org/
And his team:
WiHawk Anamika Singh
XmlChor Harshal Jamdade
IronSAP Prasanna K
SSL Security Checker Manish Saindane
OWASP Skanda Jayesh Singh Chauhan
CSRF PoC Generator Jayesh Singh
Founder of the IronWASP Project.
Author of many Security Tools.
Lets catch up:
Also thank you