We have helped our customers to fix 24 442 vulnerabilities

On-Demand Manual
Web Application Penetration Test

ImmuniWeb® on-demand web penetration testing technology
Manual penetration testing by experienced web security professionals in parallel with 360º automated assessment by our proprietary scanner is what differentiates ImmuniWeb® SaaS from other solutions that rely on automated testing only.
The speed and scale of automated testing combined with human expertise accurately detects the most complex security flaws missed by scanners and alternative automated solutions.
OWASP Top Ten Vulnerabilities Detection
ImmuniWeb® accurately detects OWASP Top Ten vulnerabilities, such as XSS, SQL injections, and CSRF:
OWASP: Open Web Application Security Project
  • Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Authentication & Session Management
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Unvalidated Redirects and Forwards
  • Using Components with Known Vulnerabilities
Detection of the most complex vulnerabilities & Application Logic Analysis
ImmuniWeb® accurately detects the most complex Web 2.0, HTML5 and application logic vulnerabilities that cannot be found by traditional automated vulnerability scanning:
Path Traversal
CWE-22
OS Command Injection
CWE-78
Stored XSS
CWE-79
Reflected XSS
CWE-79
DOM-Based XSS
CWE-79
SQL Injection
CWE-89
Blind SQL Injection
CWE-89
LDAP Injection
CWE-90
XML Injection
CWE-91
XPath Injection
CWE-91
XXE Injection
CWE-91
Code Injection
CWE-94
AJAX Injection
CWE-94
JSON Injection
CWE-94
Local PHP File Inclusion
CWE-98
Remote PHP File Inclusion
CWE-98
HTTP Response Splitting
CWE-113
Information Disclosure
CWE-200
Authentication Bypass
CWE-287
Cross-Site Request Forgery
CWE-352
Session Fixation
CWE-384
Arbitrary File Upload
CWE-434
Open Redirect
CWE-601
Insufficient Session Expiration
CWE-613
Misconfiguration and application weaknesses enumeration
ImmuniWeb® Portal

Secure web interface designed to manage ImmuniWeb® projects in simple and user-friendly manner from any device connected to Internet. To launch a penetration test you just need to enter the URL of a website, and make secure online payment by a credit card or via PayPal.

Advanced users can configure all the necessary technical details, share their projects with other users, or specify any testing requirements:

ImmuniWeb® Portal

Schedule Assessment Date

Pick up the assessment date that suits you the best

Personalize Assessment Details

Select attack methodologies you want to add or to exclude

Perform Secure Online Payment

With any type of Credit Card, PayPal or Bank Transfer

Monitor Assessment Progress

Survey your ImmuniWeb assessment progress in real-time

Talk to Professional Support

Have any questions? We are at your service!

ImmuniWeb® Scanner

ImmuniWeb® Scanner is a proprietary web vulnerability and weakness scanner entirely developed and supported by High-Tech Bridge.

The vanguard concept of 360º Scanning on which the ImmuniWeb® Security Scanner is based, represents a set of five different modules that cover all aspects of web application security:


Advanced Detection of Web Application Vulnerabilities

This is the core module performing the most significant portion of the assessment. It detects multiple types of the most popular web vulnerabilities. It was successfully tested on the most common web technologies and platforms, including PHP, ASP, ASP.NET, JSP, Ruby on Rails, Python, Perl and ColdFusion.

Vulnerability Databases Monitor

This module will search numerous Vulnerability Databases (VDB) for known security vulnerabilities and issues if your website runs on a commercial or open source Content Management System (CMS) or Framework. Each VDB entry is manually verified by the auditor, to eliminate false positives in the report.

SSL Certificate Monitor

The SSL Certificate Monitor module analyses potential misconfigurations of the SSL certificate chain and other weaknesses in the SSL/TLS implementation. As a member of the Online Trust Alliance Advisory Council, High-Tech Bridge strongly recommends using SSL certificates signed by a trusted Certificate Authority (CA) on every website.

Hacking Resources Monitor

Based on unique High-Tech Bridge technology, the Hacking Resources Monitor module crawls hacking websites, forums, and mail archives to detect malicious activities targeting your website, publicly exposed vulnerabilities, hacking attempts, phishing campaigns, and previous website security breaches.

Phishing Monitor

This module leverages innovative High-Tech Bridge technology to search for registered domains that could potentially be used to spoof a domain identity for phishing and scams.

ImmuniWeb® Auditors
Manual Penetration Testing
Automated Assessment Management
Customized Report Writing

ImmuniWeb® Auditors is a team of High-Tech Bridge's web security experts and penetration testers. In parallel with automated assessment by ImmuniWeb® Scanner they perform manual penetration testing of the web application, verify application logic and test authentication mechanisms.

The Auditors also manually write the report, providing you with personalized action-based recommendations for each vulnerability.

ImmuniWeb® Awards
Info Security
Products Guide 2015
Online Trust
Honor Roll 2014
View Packages and Pricing
Have questions or need more information?
Call us now at +41 22 560 68 41 or drop us an email !