Web applications are one of the most targeted systems on internet as they need to interact and be available to any user, we have on a daily bases new vulnerabilities discovered on these critical applications. Some hackers enjoy using Google search engine to identify some vulnerable website versions for attacking them or testing their knowledge on real platform.
Today with diverse security tools we need to have some advanced utilities for testing web applications and identifying vulnerabilities before any hacker do, you can find on internet some paid programs that help in scanning web applications but they are expensive for some users.
Why going to paid programs if we can have some free open source applications that can serve us in this operation. One program that you can consider in your software portfolio is IronWASP, an open source program that I find very useful for scanning your web assets.
IronWASP is a flexible application allows user to run an automated scan that include crawling web resources, checking against different vulnerabilities such as XSS , SOLi, or you can customize scripts and plugins you use when you scan your target.
you can use proxy for scanning web application because usualy some website ban your IP address during the scan so you need to select proxy server that will be changing your IP at each request, Logs are also important for getting some trace of what you are doing, and plugins component are just as any scanner need to be updated and if you can use any XML format file to make the platform more effeciant.
You can download the tool at the official website.