San Francisco: +1 (415) 635 3784  |  Geneva: +41 (022) 723 2424   |  
ImmuniWeb® Login | Register

On-Demand Web Security Testing

Web Penetration Testing & Managed Vulnerability Scanning

On-demand hybrid security testing technology
ImmuniWeb® relies on our award-winning hybrid security testing technology that efficiently combines the strengths of human and machine. Manual web application penetration testing performed in parallel with vulnerability scanning by our proprietary self-learning web vulnerability scanner is what differentiates ImmuniWeb from all other solutions that rely on automated testing only.
The speed and the capacity to improve scanning algorithms after each security assessment of ImmuniWeb security scanner, combined with human expertise and experience of our auditors accurately detect the most complex web security flaws. Manually written assessment report guarantees zero false-positives and personalized solution for each security vulnerability.
OWASP Top Ten Vulnerabilities Detection
ImmuniWeb accurately detects OWASP Top Ten vulnerabilities, such as XSS, SQL injections, and CSRF:
OWASP: Open Web Application Security Project
  • Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Authentication & Session Management
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Unvalidated Redirects and Forwards
  • Using Components with Known Vulnerabilities
Complex web 2.0 vulnerabilities detection & Application Logic testing
ImmuniWeb identifies complex Web 2.0, authentication bypass, application logic and chained vulnerabilities:
Path Traversal
CWE-22
OS Command Injection
CWE-78
Stored XSS
CWE-79
Reflected XSS
CWE-79
DOM-Based XSS
CWE-79
SQL Injection
CWE-89
Blind SQL Injection
CWE-89
LDAP Injection
CWE-90
XML Injection
CWE-91
XPath Injection
CWE-91
XXE Injection
CWE-91
Code Injection
CWE-94
AJAX Injection
CWE-94
JSON Injection
CWE-94
Local PHP File Inclusion
CWE-98
Remote PHP File Inclusion
CWE-98
HTTP Response Splitting
CWE-113
Information Disclosure
CWE-200
Authentication Bypass
CWE-287
Cross-Site Request Forgery
CWE-352
Session Fixation
CWE-384
Arbitrary File Upload
CWE-434
Open Redirect
CWE-601
Insufficient Session Expiration
CWE-613
Misconfigurations and weaknesses enumeration
ImmuniWeb also detects various misconfigurations and weaknesses of web application and web server:
CVE, CWE and CVSS Compatibility
ImmuniWeb is certified as CVE, CWE and CVSSv2 compatible solution, that can be easily integrated with your current Vulnerability Management solutions.
ImmuniWeb® is CVE compatible ImmuniWeb® is CWE compatible ImmuniWeb® Security Assessment is CVSS Compatible

PCI DSS requirements 6.6 and 11.3 fulfillment
ImmuniWeb combines managed vulnerability scanning with penetration testing that relies on a mix of industry-accepted penetration testing approaches and methodologies, such as OWASP, OSSTMM, SANS SEC542 and NIST SP800-115.

ImmuniWeb® Customer Portal
ImmuniWeb Portal is a secure web interface designed to manage and monitor ImmuniWeb projects in simple and user-friendly manner from any device connected to the Internet. To launch ImmuniWeb security assessment you just need to enter the URL of a website, select the assessment date, and make secure online payment by a credit card or via PayPal.
Advanced users can also configure and customize assessment technical details and specify any particular testing requirements (scope, methodology, user roles). ImmuniWeb Portal multi-user project management feature enables you to authorize your QSA, ISA or Acquiring Bank to download the report from the Portal.
Advanced users can also configure and customize assessment technical details, specify any particular testing requirements, and manage multi-user access to the assessment project if they have several people in charge of the assessment.
Portal Enables you to
Schedule Assessment Date

Pick up the assessment date that suits you the best

Personalize Assessment Details

Select attack methodologies you want to add or to exclude

Perform Secure Online Payment

With any type of Credit Card, PayPal or Bank Transfer

Monitor Assessment Progress

Survey your ImmuniWeb assessment progress in real-time

Talk to Professional Support

Have any questions? We are at your service!

ImmuniWeb® Portal

ImmuniWeb® Vulnerability Scanner

ImmuniWeb scanner is a proprietary web vulnerability scanner entirely developed and supported by High-Tech Bridge. It is based on unique self-learning concept, when each security assessment improves current vulnerability detection algorithms.

If the scanner reports a false-positive or misses an existing vulnerability (false-negative) during security assessment, security auditor in charge of the assessment will immediately report the problem to our developers who will then find a solution how to improve vulnerability detection mechanism.

ImmuniWeb® Scanner Components
Self-learning core engine

This is the core module performing the most significant portion of the assessment. It detects multiple types of the most popular web vulnerabilities. It was successfully tested on the most common web platforms, including PHP, ASP, .NET, JSP, Ruby on Rails, Python, Perl and ColdFusion.

Server Security Monitor

Server Security Monitor carefully scan the web server on which your web application is hosted in order to detect outdated or vulnerable software, configuration errors, default passwords or other insecure settings.

VDB Monitor

This module will search numerous Vulnerability Databases (VDB) for known security vulnerabilities and issues if your website runs on a commercial or open source Content Management System (CMS) or Framework. Each VDB entry is manually verified by the auditor, to eliminate false positives in the report.

SSL/TLS Monitor

The SSL Monitor module carefully analyses your SSL certificate, as well as all the server-side vulnerabilities and weaknesses of the SSL/TLS implementation, such as Heartbleed, BEAST, FREAK, POODLE, and many other that endanger your web application and its users.

Hacking Resources Monitor

Based on unique High-Tech Bridge technology, the Hacking Resources Monitor module crawls hacking websites, forums, and mail archives to detect malicious activities targeting your website, publicly exposed vulnerabilities, hacking attempts, and previous website security breaches.

Phishing Monitor

The Phishing Monitor leverages innovative High-Tech Bridge technology to search for registered or squatted domains with typos that could potentially be used to spoof your domain identity, perform phishing attacks and other scams.

ImmuniWeb® Security Auditors

ImmuniWeb auditors is a team of High-Tech Bridge's full-time web security experts and penetration testers. In parallel with automated assessment by ImmuniWeb vulnerability scanner they perform manual penetration testing of the web application, verify application logic, test authentication mechanisms, and perform other security tests that automated software cannot do.

ImmuniWeb auditors also carefully monitor and manage the progress of vulnerability scanning. On-fly activation of additional algorithms or scan mode change turns classic vulnerability scan into managed vulnerability scanning that is managed by human in real time.

At the end of security assessment the auditors manually write assessment report, providing ImmuniWeb customers with personalized action-based recommendations for each detected vulnerability.

Our Auditors are in charge of
Manual Penetration Testing
Automated Assessment Management
Customized Report Writing
Public security research by our auditors
500+
Security Advisories
Released
300+
Vendors Released
Patches
1000+
Vulnerabilities Fixed
ImmuniWeb® Awards
Top 100 in
Cybersecurity500 2015
Info Security
Products Guide 2015

Online Trust
Honor Roll 2015
ITProPortal
Editor Review 2015


The Most Complete Solution
Web Security Market Insight 2015
View Packages and Pricing
Have questions or need more information?
Call us now at +41 22 560 68 88 or drop us an email !