San Francisco: +1 (415) 635 3784  |  Geneva: +41 (22) 723 2424   |  
ImmuniWeb®: Login | Register

Web Application Security and Compliance

Web Penetration Testing | Managed Vulnerability Scanning | PCI DSS Compliance

ImmuniWeb® Assures your Web Application Security and Compliance

ImmuniWeb® On-Demand

  • Four flexible packages suitable for any website
  • Managed vulnerability scanning platform
  • Manual web penetration test by professionals
  • OWASP Top Ten and application logic testing
  • PCI DSS requirements 6.6 and 11.3 fulfillment
  • Custom solutions in manually-written report
  • Zero-false positives guaranteed
  • Instant secure online payment

ImmuniWeb® Continuous

  • All benefits of ImmuniWeb® On-Demand
  • 24/7 managed vulnerability scanning
  • 24/7 web application change monitoring
  • Flexible daily, weekly or monthly manual testing
  • SAST, DAST and IAST testing technology
  • Secure vulnerability management dashboard
  • One-click patch validation and re-testing
  • Flexible vulnerability alerts (email/SMS/phone)
Strategic Partners

Web Application Security
Continuous Monitoring and Compliance

ImmuniWeb technology combines managed vulnerability scanning with manual penetration testing performed in parallel by experienced security auditors. Thanks to our hybrid security testing approach we detect the most complex vulnerabilities, guarantee zero false-positives and provide custom recommendations on vulnerability remediation.

ImmuniWeb On-Demand enables businesses to order and configure an ad-hoc web application security audit within few minutes from your PC or any mobile device. ImmuniWeb Continuous offers 24/7 continuous monitoring of web applications and Just-in-Time manual penetration testing thanks to our cutting-edge vulnerability scanning and change detection platform.

ImmuniWeb holistic risk assessment and continuous monitoring helps to achieve and sustain compliance with PCI DSS, HIPAA, SOX, GLBA and FISMA.

Show Details
ImmuniWeb® Awards and Recognitions
The Most Complete Solution Web Security 2015
Info Security Products Guide 2016
Online Trust Honor Roll 2015
ITProPortal Editor Review 2015
#37 in Cybersecurity 500 2016
Top Vendor Vulnerability Management

How we are Different?
Reliable, Simple and Cost-Effective

ImmuniWeb relies on our award-winning hybrid security testing technology that efficiently combines the strengths of human brain and machine-learning.

The speed and the capacity to improve scanning and vulnerability detection algorithms after each security assessment of our proprietary scanning platform, combined with human expertise and experience of our auditors accurately detect the most complex web security flaws.

Via ImmuniWeb Portal and human team behind it, we aim to deliver highest flexibility, simplicity and comfort of usage. We don't just report problems, we solve them for you.

Show Details

Security Assessment Specifications

ImmuniWeb combines managed web vulnerability scanning with manual penetration testing that relies on a mix of industry-accepted penetration testing guidelines and methodologies, such as OWASP, OSSTMM, SANS SEC542 and NIST SP800-115.

Our hybrid technology reliably detects vulnerabilities from OWASP Top 10 and CWE-25, such as XSS and SQL injections. Manual expertise enables us to verify application logic and detect complicated Web 2.0 and HTML5 vulnerabilities, including SSRF, XXE, Dom-Based XSS, and race condition.

Show Details
ImmuniWeb® Architecture and Components
ImmuniWeb® Customer Portal

ImmuniWeb portal is a secure web interface designed to manage and monitor ImmuniWeb projects in real-time in simple and user-friendly manner. To launch ImmuniWeb on-demand security assessment you just need to enter the URL of a website, select assessment date, and make secure online payment by a credit card, bank transfer or via PayPal.

Advanced users can also configure and customize assessment technical details: specify any particular testing requirements (scope, methodology, user roles) or request to spend more time on particular attack types or vectors. ImmuniWeb portal multi-user project management feature enables you to grant various access levels to your projects to your colleagues.

Show Details
ImmuniWeb® Vulnerability Scanning Platform

ImmuniWeb vulnerability scanning platform is a proprietary cloud-based platform for web vulnerabilities and weaknesses detection. The platform is entirely developed and supported by High-Tech Bridge. It supports all types of existing CMS and frameworks, from open source WordPress and Joomla to complicated Microsoft SharePoint and Dynamics CRM.

The platform is based on unique concept of managed machine-learning, when each security assessment improves current vulnerability detection algorithms under thorough control of ImmuniWeb auditors. Differently from 'human-augmented' solutions, the platform is managed by security auditors in real-time, constantly providing them with useful information.

Show Details
ImmuniWeb® Security Auditors

ImmuniWeb auditors are a team of High-Tech Bridge's web security experts and penetration testers. In parallel with automated assessment by ImmuniWeb vulnerability scanning platform they perform manual penetration testing of the web application, verify application logic, test authentication mechanisms, and perform other sophisticated security tests that automated software cannot do.

ImmuniWeb auditors also carefully monitor and manage the process of vulnerability scanning. The auditors carefully craft Proof-of-Concept or exploit code, assign appropriate risk level, and provide customized solutions for each security flaw assuring completeness and accuracy of information.

Show Details
Show Preview
ImmuniWeb® On-Demand
Manually Written PDF Report

ImmuniWeb assessment report groups vulnerabilities detected during the assessment. We guarantee zero false-positives as every vulnerability is manually tested and verified by security auditor. Our auditors carefully examine every vulnerability to suggest the most appropriate and efficient patching technique. Remediation guidelines are written in straightforward and simple manner.

Eight working hours after completion of your ImmuniWeb on-demand security assessment you will be able to download the report from ImmuniWeb portal. The report may be securely stored on the portal for up to 60 days, or immediately deleted upon download, based on your privacy preference.

ImmuniWeb Web Security Assessment Report Page 1 ImmuniWeb Web Security Assessment Report Page 2 ImmuniWeb Web Security Assessment Report Page 3 ImmuniWeb Web Security Assessment Report Page 4
ImmuniWeb Web Security Assessment Report Page 5 ImmuniWeb Web Security Assessment Report Page 6 ImmuniWeb Web Security Assessment Report Page 7 ImmuniWeb Web Security Assessment Report Page 8
ImmuniWeb Web Security Assessment Report Page 9 ImmuniWeb Web Security Assessment Report Page 10 ImmuniWeb Web Security Assessment Report Page 11 ImmuniWeb Web Security Assessment Report Page 12
ImmuniWeb Web Security Assessment Report Page 12 ImmuniWeb Web Security Assessment Report Page 14 ImmuniWeb Web Security Assessment Report Page 15
ImmuniWeb® Continuous
Interactive Vulnerability Management Dashboard
Show Preview

ImmuniWeb dashboard provides you with verified information about new vulnerabilities and weaknesses in your web applications. You can archive some vulnerabilities, setting up reminders to verify their patches later. Manual patch verification can be done in just one click. You can grant various types of access to the dashboard to your colleagues or authorized third-parties, such as PCI QSA auditors.

For different risk levels you can configure customized notifications by email, SMS or phone in 24/7 mode. For example you will get a call for critical vulnerabilities, you and your deputy will receive an SMS for high risk flaws, while medium and low risk vulnerabilities will be reported by email to you web development team.

Active Vulnerabilities Tab - ImmuniWeb® Continuous Vulnerability Management Dashboard Vulnerability Details and History - ImmuniWeb® Continuous Vulnerability Management Dashboard Vulnerability Notification Management - ImmuniWeb® Continuous Vulnerability Management Dashboard Group Project Access Management - ImmuniWeb® Continuous Vulnerability Management Dashboard
Testimonials and Customer References
Crédit Agricole Financements (Suisse) SA

Didier Ramella
CISO

Crédit Agricole Financements (Suisse) SA

Immuniweb is an efficient and very easy-to-use solution that combines automatic and human tests. The results are complete, straightforward and easy to understand. It’s an essential tool for the development of the new digital activities.
UN

Viktor Polic
Chief Security Officer

Specialized Agency of The UN

ImmuniWeb significantly enhanced our vulnerability assessment capacity. It's an indispensable tool for continuous auditing of web based systems.
Manor AG

Urs Schmid
CISO

Manor AG

ImmuniWeb is easy to use – even starting an urgent penetration test via mobile - and it delivers excellent value for money. We will carry on using it.
GS Banque

Dimitri Beetschen
Head of Information System

GS Banque

ImmuniWeb is a simple and effective solution that shows the current security of company’s website at a reasonable price, known in advance.
Swissquote Bank SA

Marc Furrer
Head of IT & Security

Swissquote Bank SA

Immuniweb is straightforward, flexible and time saving. Reports are easy to read, pragmatic and help prioritizing in solving issues. A very good adding to our security toolbox, that integrates efficiently in our development process.
Tinkoff Bank

Kislitsyn Alexey
Head of Information Security

Tinkoff Bank

We are very impressed by the speed and the results of the assessment, all of the detected issues are confirmed, no single false-positive. Each vulnerability had a custom exploit, proving its existence. Each vulnerability had a custom solution, including virtual patching by WAF.
Banca dello Stato del Cantone Ticino

Marco Molteni
Head of Security Service (IT and logistics)

Banca dello Stato del Cantone Ticino

Thanks to the security audit conducted with ImmuniWeb, it was possible to assess and address the weaknesses identified. The ImmuniWeb approach is the right combination of a high level of expertise with an efficient working methodology.
UNIRISC GROUP

Jean-Michel Beylard-Ozeroff
Head of IT

UNIRISC GROUP

Immuniweb is a great innovative service that brings unbeatable ROI. It is undoubtedly the best way to quickly and easily guarantee your customers that their data is safe with you - and yours too by the way! Efficient and effective!
iPresent

Neil Bostrom
Chief Technical Officer

iPresent

ImmuniWeb is an invaluable tool for iPresent with both automated and manual penetration testing. The fantastic manual testing has found even the most hidden and complicated bugs in our security and ImmuniWeb has delivered first class knowledge. The self-service interface also gives us great control to schedule and monitor tests when we need them.
Arab Bank (Switzerland) Ltd.

Vincent Robert
Project Management Office

Arab Bank (Switzerland) Ltd.

ImmuniWeb is easy to use and to parameterise. The test can be initiated any time which is an advantage. The reports are clear, easy to read and contain useful information on detected vulnerabilities and possible remediation.
legalvision

Evan Tait-Styles
Chief Technical Officer

Legal Vision Pty Ltd

We engaged ImmuniWeb to conduct an initial security assessment of one of our web applications and have been very happy with the service. It was very easy to setup and the report was quite thorough. We will do a more in depth assessment at a later date and will definitely recommend their services.
Palexpo SA

Dario Mangano
Head of Information Systems

Palexpo SA

The Security assessment process proposed by Immuniweb is very efficient in time and in money. Results are already available the day after the assessment, clearly exposed and identified vulnerabilities are precisely described allowing a rapid understanding of the issue and related possible solutions.