We have helped our customers to fix 24 536 vulnerabilities

On-Demand Manual
Web Application Penetration Test

ImmuniWeb® on-demand web penetration testing technology
Manual web application penetration testing by experienced web security auditors, performed in parallel with 360º automated assessment by our proprietary self-learning web vulnerability scanner is what differentiates ImmuniWeb® SaaS from all other solutions that rely on automated testing only.
The speed and the capacity to improve scanning algorithms after each security assessment of ImmuniWeb security scanner, combined with human expertise and experience accurately detect the most complex web security flaws missed by vulnerability scanners and other automated solutions. Manual report writing guarantees zero false-positives and personalized solution for each security vulnerability.
ImmuniWeb is certified as CVE, CWE and CVSSv2 compatible solution, that can be easily integrated with your current Vulnerability Management solutions.
OWASP Top Ten Vulnerabilities Detection
ImmuniWeb® accurately detects OWASP Top Ten vulnerabilities, such as XSS, SQL injections, and CSRF:
OWASP: Open Web Application Security Project
  • Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Authentication & Session Management
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Unvalidated Redirects and Forwards
  • Using Components with Known Vulnerabilities
Complex web 2.0 vulnerabilities detection & Application Logic testing
ImmuniWeb® hybrid technology successfully identifies the most complex Web 2.0, HTML5 and application logic vulnerabilities:
Path Traversal
CWE-22
OS Command Injection
CWE-78
Stored XSS
CWE-79
Reflected XSS
CWE-79
DOM-Based XSS
CWE-79
SQL Injection
CWE-89
Blind SQL Injection
CWE-89
LDAP Injection
CWE-90
XML Injection
CWE-91
XPath Injection
CWE-91
XXE Injection
CWE-91
Code Injection
CWE-94
AJAX Injection
CWE-94
JSON Injection
CWE-94
Local PHP File Inclusion
CWE-98
Remote PHP File Inclusion
CWE-98
HTTP Response Splitting
CWE-113
Information Disclosure
CWE-200
Authentication Bypass
CWE-287
Cross-Site Request Forgery
CWE-352
Session Fixation
CWE-384
Arbitrary File Upload
CWE-434
Open Redirect
CWE-601
Insufficient Session Expiration
CWE-613
Server misconfigurations and web weaknesses enumeration
CVE, CWE and CVSS Compatibility
ImmuniWeb® is CVE compatible ImmuniWeb® is CWE compatible ImmuniWeb® Security Assessment is CVSS Compatible

ImmuniWeb® Portal

ImmuniWeb Portal is a secure web interface designed to manage ImmuniWeb projects in simple and user-friendly manner from any device connected to Internet. To launch a penetration test you just need to enter the URL of a website, and make secure online payment by a credit card or via PayPal.

Advanced users can configure all the necessary technical details, share their projects with other users, or specify any testing requirements:

ImmuniWeb® Portal

Schedule Assessment Date

Pick up the assessment date that suits you the best

Personalize Assessment Details

Select attack methodologies you want to add or to exclude

Perform Secure Online Payment

With any type of Credit Card, PayPal or Bank Transfer

Monitor Assessment Progress

Survey your ImmuniWeb assessment progress in real-time

Talk to Professional Support

Have any questions? We are at your service!

ImmuniWeb® Scanner

ImmuniWeb® scanner is a proprietary web vulnerability scanner entirely developed and supported by High-Tech Bridge. It is based on unique self-learning concept, when each security assessment improves current vulnerability detection algorithms. If the scanner makes a false-positive and false-negative mistake during a security assessment, security auditor in charge of the assessment will immediately report the problem to our developers who will then find a solution how to improve vulnerability detection mechanism.

The vanguard concept of 360º Scanning on which the ImmuniWeb® scanner is based, represents a set of five different modules that cover all aspects of web application security.

Self-learning core engine

This is the core module performing the most significant portion of the assessment. It detects multiple types of the most popular web vulnerabilities. It was successfully tested on the most common web technologies and platforms, including PHP, ASP, ASP.NET, JSP, Ruby on Rails, Python, Perl and ColdFusion.

Server Software Monitor

ImmuniWeb® Server Software Monitor carefully scan the web server on which your web application is hosted in order to detect outdated or vulnerable software, configuration errors, default passwords or other insecure settings.

VDB Monitor

This module will search numerous Vulnerability Databases (VDB) for known security vulnerabilities and issues if your website runs on a commercial or open source Content Management System (CMS) or Framework. Each VDB entry is manually verified by the auditor, to eliminate false positives in the report.

SSL Monitor

The SSL Monitor module carefully analyses your SSL certificate, as well as all the server-side vulnerabilities and weaknesses of the SSL/TLS implementation, such as Heartbleed, BEAST, FREAK, POODLE, and many other that endanger your web application and its users.

Hacking Resources Monitor

Based on unique High-Tech Bridge technology, the Hacking Resources Monitor module crawls hacking websites, forums, and mail archives to detect malicious activities targeting your website, publicly exposed vulnerabilities, hacking attempts, phishing campaigns, and previous website security breaches.

Phishing Monitor

This module leverages innovative High-Tech Bridge technology to search for registered domains that could potentially be used to spoof a domain identity for phishing and scams.

ImmuniWeb® Auditors

ImmuniWeb® auditors is a team of High-Tech Bridge's full-time web security experts and penetration testers. In parallel with automated assessment by ImmuniWeb® scanner they perform manual penetration testing of the web application, verify application logic, test authentication mechanisms, and perform other security tests that automated software cannot do.

ImmuniWeb auditors also carefully monitor and manage the progress of automated assessment. If ImmuniWeb scanner detects a false-positive or makes a false-negative omission, the auditors will transfer vulnerability details to the scanner developers who will thoroughly investigate the issue and improve vulnerability detection algorithms shortly.

At the end of security assessment the auditors manually write assessment report, providing ImmuniWeb customers with personalized action-based recommendations for each detected vulnerability.

Manual Penetration Testing
Automated Assessment Management
Customized Report Writing
ImmuniWeb® Awards
Info Security
Products Guide 2015
Online Trust
Honor Roll 2014
View Packages and Pricing
Have questions or need more information?
Call us now at +41 22 560 68 41 or drop us an email !