San Francisco: +1 (415) 635 3784  |  Geneva: +41 (22) 723 2424   |  
ImmuniWeb®: Login | Register

Web Application Security and Compliance

Web Penetration Testing | Managed Vulnerability Scanning | PCI DSS Compliance

ImmuniWeb® Assures your Web Application Security and Compliance

ImmuniWeb® On-Demand

  • Four flexible packages suitable for any website
  • Managed vulnerability scanning platform
  • Manual web penetration test by professionals
  • OWASP Top Ten and application logic testing
  • PCI DSS requirements 6.6 and 11.3 fulfillment
  • Custom solutions in manually-written report
  • Zero-false positives guaranteed
  • Instant secure online payment

ImmuniWeb® Continuous

  • All benefits of ImmuniWeb® On-Demand
  • 24/7 managed vulnerability scanning
  • 24/7 web application change monitoring
  • Flexible daily, weekly or monthly manual testing
  • SAST, DAST and IAST testing technology
  • Secure vulnerability management dashboard
  • One-click patch validation and re-testing
  • Flexible vulnerability alerts (email/SMS/phone)
Strategic Partners

Web Application Security
Continuous Monitoring and Compliance

ImmuniWeb technology combines managed vulnerability scanning with manual penetration testing performed in parallel by experienced security auditors. Thanks to our hybrid security testing approach we detect the most complex vulnerabilities, guarantee zero false-positives and provide custom recommendations on vulnerability remediation.

ImmuniWeb On-Demand enables businesses to order and configure an ad-hoc web application security audit within few minutes from your PC or any mobile device. ImmuniWeb Continuous offers 24/7 continuous monitoring of web applications and Just-in-Time manual penetration testing thanks to our cutting-edge vulnerability scanning and change detection platform.

ImmuniWeb holistic risk assessment and continuous monitoring helps to achieve and sustain compliance with PCI DSS, HIPAA, SOX, GLBA and FISMA.

Show Details
ImmuniWeb® Awards and Recognitions
The Most Complete Solution
Web Security Market Insight 2015
Info Security
Products Guide 2015

Online Trust
Honor Roll 2015
Editor Review 2015
Top 50 in
Cybersecurity500 2015
Top Vendor
Vulnerability Management

How we are Different?
Reliable, Simple and Cost-Effective

ImmuniWeb relies on our award-winning hybrid security testing technology that efficiently combines the strengths of human brain and machine-learning.

The speed and the capacity to improve scanning and vulnerability detection algorithms after each security assessment of our proprietary scanning platform, combined with human expertise and experience of our auditors accurately detect the most complex web security flaws.

Via ImmuniWeb Portal and human team behind it, we aim to deliver highest flexibility, simplicity and comfort of usage. We don't just report problems, we solve them for you.

Show Details

Security Assessment Specifications

ImmuniWeb combines managed web vulnerability scanning with manual penetration testing that relies on a mix of industry-accepted penetration testing guidelines and methodologies, such as OWASP, OSSTMM, SANS SEC542 and NIST SP800-115.

Our hybrid technology reliably detects vulnerabilities from OWASP Top 10 and CWE-25, such as XSS and SQL injections. Manual expertise enables us to verify application logic and detect complicated Web 2.0 and HTML5 vulnerabilities, including SSRF, XXE, Dom-Based XSS, and race condition.

Show Details
ImmuniWeb® Architecture and Components
ImmuniWeb® Customer Portal

ImmuniWeb portal is a secure web interface designed to manage and monitor ImmuniWeb projects in real-time in simple and user-friendly manner. To launch ImmuniWeb on-demand security assessment you just need to enter the URL of a website, select assessment date, and make secure online payment by a credit card, bank transfer or via PayPal.

Advanced users can also configure and customize assessment technical details: specify any particular testing requirements (scope, methodology, user roles) or request to spend more time on particular attack types or vectors. ImmuniWeb portal multi-user project management feature enables you to grant various access levels to your projects to your colleagues.

Show Details
ImmuniWeb® Vulnerability Scanning Platform

ImmuniWeb vulnerability scanning platform is a proprietary cloud-based platform for web vulnerabilities and weaknesses detection. The platform is entirely developed and supported by High-Tech Bridge. It supports all types of existing CMS and frameworks, from open source WordPress and Joomla to complicated Microsoft SharePoint and Dynamics CRM.

The platform is based on unique concept of managed machine-learning, when each security assessment improves current vulnerability detection algorithms under thorough control of ImmuniWeb auditors. Differently from 'human-augmented' solutions, the platform is managed by security auditors in real-time, constantly providing them with useful information.

Show Details
ImmuniWeb® Security Auditors

ImmuniWeb auditors are a team of High-Tech Bridge's web security experts and penetration testers. In parallel with automated assessment by ImmuniWeb vulnerability scanning platform they perform manual penetration testing of the web application, verify application logic, test authentication mechanisms, and perform other sophisticated security tests that automated software cannot do.

ImmuniWeb auditors also carefully monitor and manage the process of vulnerability scanning. The auditors carefully craft Proof-of-Concept or exploit code, assign appropriate risk level, and provide customized solutions for each security flaw assuring completeness and accuracy of information.

Show Details
Show Preview
ImmuniWeb® On-Demand
PDF Report

ImmuniWeb assessment report groups vulnerabilities detected during the assessment. We guarantee zero false-positives as every vulnerability is manually tested and verified by security auditor. Our auditors carefully examine every vulnerability to suggest the most appropriate and efficient patching technique. Remediation guidelines are written in straightforward and simple manner.

Eight working hours after completion of your ImmuniWeb on-demand security assessment you will be able to download the report from ImmuniWeb portal. The report may be securely stored on the portal for up to 60 days, or immediately deleted upon download, based on your privacy preference.

ImmuniWeb Web Security Assessment Report Page 1 ImmuniWeb Web Security Assessment Report Page 2 ImmuniWeb Web Security Assessment Report Page 3 ImmuniWeb Web Security Assessment Report Page 4
ImmuniWeb Web Security Assessment Report Page 5 ImmuniWeb Web Security Assessment Report Page 6 ImmuniWeb Web Security Assessment Report Page 7 ImmuniWeb Web Security Assessment Report Page 8
ImmuniWeb Web Security Assessment Report Page 9 ImmuniWeb Web Security Assessment Report Page 10 ImmuniWeb Web Security Assessment Report Page 11 ImmuniWeb Web Security Assessment Report Page 12
ImmuniWeb Web Security Assessment Report Page 12 ImmuniWeb Web Security Assessment Report Page 14 ImmuniWeb Web Security Assessment Report Page 15 ImmuniWeb Web Security Assessment Report Page 16
ImmuniWeb Web Security Assessment Report Page 17 ImmuniWeb Web Security Assessment Report Page 18 ImmuniWeb Web Security Assessment Report Page 19 ImmuniWeb Web Security Assessment Report Page 20
ImmuniWeb Web Security Assessment Report Page 17 ImmuniWeb Web Security Assessment Report Page 18 ImmuniWeb Web Security Assessment Report Page 19 ImmuniWeb Web Security Assessment Report Page 19
ImmuniWeb Web Security Assessment Report Page 17 ImmuniWeb Web Security Assessment Report Page 18
Show Preview
ImmuniWeb® Continuous
Interactive Dashboard

ImmuniWeb dashboard provides you with verified information about new vulnerabilities and weaknesses in your web applications. You can archive some vulnerabilities, setting up reminders to verify their patches later. Manual patch verification can be done in just one click. You can grant various types of access to the dashboard to your colleagues or authorized third-parties, such as PCI QSA auditors.

For different risk levels you can configure customized notifications by email, SMS or phone in 24/7 mode. For example you will get a call for critical vulnerabilities, you and your deputy will receive an SMS for high risk flaws, while medium and low risk vulnerabilities will be reported by email to you web development team.

ImmuniWeb Continuous Interactive Dashboard 1
Testimonials and Customer References
Crédit Agricole Financements (Suisse) SA

Didier Ramella

Crédit Agricole Financements (Suisse) SA

Immuniweb is an efficient and very easy-to-use solution that combines automatic and human tests. The results are complete, straightforward and easy to understand. It’s an essential tool for the development of the new digital activities.

Viktor Polic
Chief Security Officer

Specialized Agency of The UN

ImmuniWeb significantly enhanced our vulnerability assessment capacity. It's an indispensable tool for continuous auditing of web based systems.
Swissquote Bank SA

Marc Furrer
Head of IT & Security

Swissquote Bank SA

Immuniweb is straightforward, flexible and time saving. Reports are easy to read, pragmatic and help prioritizing in solving issues. A very good adding to our security toolbox, that integrates efficiently in our development process.
Palexpo SA

Dario Mangano
Head of Information Systems

Palexpo SA

The Security assessment process proposed by Immuniweb is very efficient in time and in money. Results are already available the day after the assessment, clearly exposed and identified vulnerabilities are precisely described allowing a rapid understanding of the issue and related possible solutions.
Manor AG

Urs Schmid

Manor AG

ImmuniWeb is easy to use – even starting an urgent penetration test via mobile - and it delivers excellent value for money. We will carry on using it.

Jean-Michel Beylard-Ozeroff
Head of IT


Immuniweb is a great innovative service that brings unbeatable ROI. It is undoubtedly the best way to quickly and easily guarantee your customers that their data is safe with you - and yours too by the way! Efficient and effective!
Banca dello Stato del Cantone Ticino

Marco Molteni
Head of Security Service (IT and logistics)

Banca dello Stato del Cantone Ticino

Thanks to the security audit conducted with ImmuniWeb, it was possible to assess and address the weaknesses identified. The ImmuniWeb approach is the right combination of a high level of expertise with an efficient working methodology.
GS Banque

Dimitri Beetschen
Head of Information System

GS Banque

ImmuniWeb is a simple and effective solution that shows the current security of company’s website at a reasonable price, known in advance.
Arab Bank (Switzerland) Ltd.

Vincent Robert
Project Management Office

Arab Bank (Switzerland) Ltd.

ImmuniWeb is easy to use and to parameterise. The test can be initiated any time which is an advantage. The reports are clear, easy to read and contain useful information on detected vulnerabilities and possible remediation.

Neil Bostrom
Chief Technical Officer


ImmuniWeb is an invaluable tool for iPresent with both automated and manual penetration testing. The fantastic manual testing has found even the most hidden and complicated bugs in our security and ImmuniWeb has delivered first class knowledge. The self-service interface also gives us great control to schedule and monitor tests when we need them.

Sergey Smolin
Information Security Lead Engineer

OAO Medicine, The Swiss Leading Hospitals member

ImmuniWeb technology efficiently combines managed vulnerability scanning and manual penetration testing. Simplicity and speed of assessment configuration and delivery outperform competition. The report is simple and straightforward with custom recommendations on remediation of detected vulnerabilities.