Stay in touch with us: Facebook | Twitter | LinkedIn | Newsletter
ImmuniWeb® by High-Tech Bridge


High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

High-Tech Bridge Security Blog

Drive-by-login attack: the end of safe web April 7, 2015
In this blog post, we are going to share some interesting facts about a new vector of drive-by-download attack that we called ‘drive-by-login’.


How much is your website worth on the Black Market? February 25, 2015
Web applications are becoming a vital part of our everyday life. Almost any application has a web interface, or a web API. Microsoft and Google are moving their flagship products to the cloud accessible and manageable via web interfaces. Even mobile applications interact with web interfaces to send and receive data. Almost any database in the world is connected to a web interface or web application. However, global “webization” has many hidden threats that companies and individuals do not realize. In this blog post we will try to explain why hackers are targeting your website, and how they can make money on it.


RansomWeb: emerging website threat that may outshine DDoS, data theft and defacements? January 28, 2015
More and more people become victims of ransomware, a malware that encrypts your data and demand money to decrypt them. A new trend on the market shows that cybercriminals will now target your website as well to get a ransom payment from you.


How long does website penetration testing take? January 26, 2015
Penetration testing is usually billed by the number of hours the security auditors (pen testers) spend on a project, many of us face the same question: how long does a penetration test take and so how much will it cost? In this blog post we will try to clarify how much time a web penetration test should normally take.


Web security and hacking trends for 2015 January 5, 2015
What are biggest risks and threats your web applications will probably face in 2015?


How to keep your website safe in 2015 December 17, 2014
Vulnerability scanning can be very cheap or even free, while penetration testing can be considered quite expensive and time-consuming to plan and execute. However, penetration testing brings significant added-value in comparison to all types of malware or vulnerability scanning currently on the web security market. In this article we will see how businesses can use both types of services in parallel to achieve the highest level of website security.


XSS: the easiest way to hack your website in 2014 November 20, 2014
There is no need to convince people that XSS was, is and probably will be the most frequent web vulnerability. However, many people, including security engineers, team leaders and web developers, still seriously underestimate the impact of XSS and its consequences. In this blog post, we will try to reveal the most commonly ignored risks of XSS vulnerabilities.


CVE-2014-3669: Integer overflow in unserialize() PHP function October 20, 2014
In this blog post we are going to analyze an integer overflow we discovered in PHP (version <= 5.6.1, 5.5.17, 5.4.33) during our security research campaign which was conducted on a Ubuntu 14.04.1 LTS 32bit system.


Efficiency and effectiveness: the missing combination in a fragile security industry October 14, 2014
When Symantec, one of the grand old dames of security, decided to split itself into two separate companies last week, it raised questions about the entire security market. It seems that Symantec is separating security (Symantec) from information management (Veritas, which it bought for $13.5 billion in 2005) because neither is currently showing any growth. Symantec's security division revenue is down 0.3% year on year.


Plugins and extensions: the Achilles heel of popular CMSs September 30, 2014
A by-product of High-Tech Bridge’s ImmuniWeb® web application penetration test SaaS is the frequent discovery of vulnerabilities in popular web applications and CMSs.