Most Comprehensive Web Security Testing
Web Penetration Testing Combined With Managed Vulnerability Scanning
Crédit Agricole Financements (Suisse) SA
Chief Security Officer
Specialized Agency of The UN
Head of Information System
Head of IT & Security
Swissquote Bank SA
Head of Information Security
Head of Security Service (IT and logistics)
Banca dello Stato del Cantone Ticino
Head of IT
Chief Technical Officer
Project Management Office
Arab Bank (Switzerland) Ltd.
Chief Technical Officer
Legal Vision Pty Ltd
Head of Information Systems
Lee Chye Seng
Director, Learning Systems and Applications
Computer Security Expert,
Blogger and Public Speaker
Deputy Head of Information Security
IT System Administrator
AS Latvijas Pasta Banka
Security Assessment Report
ImmuniWeb On-Demand report provides you with verified vulnerabilities with manually tested exploits and personalized solutions.
Our auditors carefully examine every vulnerability and related risks in order to suggest the most appropriate and efficient patching technique. Remediation guidelines are written in straightforward and simple manner.
The report may be downloaded in PDF or XML format, and easily integrated into your corporate bug tracker or SIEM.
Vulnerability Management Dashboard
ImmuniWeb Continuous Dashboard provides you with real-time information about verified vulnerabilities and weaknesses in your web applications.
You can request instant or scheduled patch validation by our auditors in just one click. For every risk level you customize 24/7 alerts get instant notifications by email, SMS or phone.
Group project management allows you managing access permissions of your team to various assessment projects. You can easily export vulnerability data for your SIEM in just few clicks.
|Scalability & Cost-Efficiency||Vulnerability |
|Human Augmented |
|Suitable for business of any size|
|Turnkey or customizable packages|
|Instant 24/7 online secure order|
|Continuous and On-Demand offering|
|Multiuser Vulnerability Management platform|
|Instant and scheduled patch verification|
|Technical Efficiency||Vulnerability |
|Human Augmented |
|OWASP Top 10 vulnerabilities detection|
|PCI DSS 6.5.x vulnerabilities detection|
|SANS Top 25 vulnerabilities detection|
|Web Services (WS) security testing|
|Zero-day vulnerabilities detection|
|Manual application logic testing|
|Compliance & Portability||Vulnerability |
|Human Augmented |
|PCI DSS & NIST compliant methodologies|
|CVE, CWE and CVSSv3 certified solution|
|XML data export to bug trackers and SIEM|
|Integration with Web Application Firewall|
|Reporting Accuracy||Vulnerability |
|Human Augmented |
|Zero false-positives guaranteed|
|Tested exploit for each flaw, e.g. WAF bypass|
|Customized solution for each flaw|
ImmuniWeb® Web Security Testing
Hybrid web security testing technology, on which ImmuniWeb® is based, accurately and reliably detects all the vulnerabilities from the following cybersecurity industry standards:
- OWASP Top 10
- PCI DSS 6.5.x
- CWE/SANS Top 25
ImmuniWeb vulnerability reporting format is:
- CVE Certified
- CWE Certified
- CVSSv3 Compliant
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Authentication & Session Management
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Unvalidated Redirects and Forwards
- Using Components with Known Vulnerabilities
Vulnerability Management Portal
ImmuniWeb portal allows you managing web security assessment in simple and user-friendly manner from any device connected to the Internet. To launch a new ImmuniWeb security assessment, you just need to enter the URL, select assessment date, and make secure online payment by a credit card, PayPal or bank transfer.
Advanced users can easily customize any assessment - specify particular web security testing requirements, scope or methodology, define user roles, or ask to spend more time on particular attacks or exploitation vectors.
Select attack methodologies you want to add or to exclude.
Pick the assessment date that suits you the best.
With any type of Credit Card, PayPal or Bank Transfer.
Enable multi-user access to your projects within your company.
Control your ImmuniWeb assessment progress in real-time.
Have any questions? We are at your service!
Configure instant email or SMS alerts for new vulnerabilities of each risk level.
With just one click you can request manual patch verification at no additional cost.
Cannot patch a flaw right now? Just tell us when to check it, and we will come back to you.
You can easily export XML vulnerability data into your corporate SIEM or WAF.
Real-time graphical statistics will show your current and past performance in details.
Managed Vulnerability Scan Technology
Managed vulnerability scanning process is entirely based on High-Tech Bridge's proprietary engine and technology. The process is always supervised and optimized by the auditors in real-time. Speed and accuracy of the vulnerability detection algorithms are based on managed machine-learning technology and are continuously improving, leveraging the power of big data and the genius of human intellect.
The platform supports all types of existing web programming languages, CMS and frameworks, from open source WordPress and Joomla to more complicated Microsoft SharePoint and Dynamics CRM.
The core vulnerability scanning engine rapidly crawls, thoroughly analyzes and reliably detects web vulnerabilities. Machine-learning technology continuously improves accuracy and speed of vulnerability detection algorithms.
The vulnerability intelligence component of ImmuniWeb platform will thoroughly analyze all publicly-available sources about existing flaws and weaknesses in your web application software, framework or CMS.
This mechanism thoroughly crawls various websites, social networks, and archives to get information about internal, new or hidden parts of your application for holistic security analysis.
ImmuniWeb Continuous carefully crawls your web application to detect changes or modifications of every page or web service behind, correlates it with various external data sources and automatically analyzes every change for potential vulnerabilities.
Security and Compliance
Also available online, the SSL security and compliance service constantly analyses SSL/TLS implementation on your web servers for compliance with PCI DSS requirements, NIST guidelines and various industry best-practices.
Security Auditors Team (SOC)
In parallel with managed vulnerability scanning, security experts and auditors from High-Tech Bridge's Security Operations Center (SOC) perform manual web penetration testing, verify authentication mechanisms, test application logic and chained exploitation of vulnerabilities, and do other sophisticated tests that automated vulnerability scanners cannot do.
For each vulnerability, we provide a working exploit or PoC code, assign appropriate risk level depending on vulnerability's practical exportability, and provide customized action-based solution.
In addition to continuous platform management, the auditors do manual pen-testing, using globally recognized testing standards, such as PCI DSS, SANS SEC542, NIST SP800-115, PTES and OSSTMM.
The auditors constantly monitor and supervise the automated vulnerability assessment by ImmuniWeb platform to optimize on-fly vulnerability detection, exception management and speed.
Together with our security engineers, the auditors observe and control machine-learning process used to constantly improve and accelerate vulnerability detection algorithms.
For each vulnerability, auditors develop an exploit or PoC code that will harmlessly demonstrate practical exploitation of the vulnerability (e.g. WAF bypass) on your system with your particular settings.
and Patch Advice
The auditors carefully analyze vulnerabilities in order to suggest the most appropriate and cost-efficient solution for customer's technical environment, compliance and risk appetite.
For ImmuniWeb Continuous, the auditors constantly monitor new threats, attack vectors, vulnerabilities and exploits that may suddenly appear on public and put your systems at risk.