San Francisco: +1 (415) 635 3784  |  Geneva: +41 (22) 723 2424   |  
ImmuniWeb®: Login | Register
ImmuniWeb® by High-Tech Bridge

Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

High-Tech Bridge Security Research

High-Tech Bridge devotes significant internal resources to continuous security research. Some of the security studies we perform are regularly published in our blog. Vulnerabilities that our security researchers discover almost every week, help software vendors to improve security and reliability of their products. Above 300 large vendors fixed security vulnerabilities thanks to High-Tech Bridge Security Research Lab, including Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, PHP, OpenOffice, Corel, WordPress, Joomla, OpenX, SugarCRM, MantisBT, e107, MODX, Bitrix and many others.


High-Tech Bridge Security Research Lab
552 Security Advisories
Released
351 Vendors
Released Patches
1057 Vulnerabilities
Fixed

Patch Available Upon Disclosure

2014 Q3 100%
2014 Q2 92%
2014 Q1 94%
2013 Q4 89%
2013 Q3 92%
2013 Q2 100%

Vendor Average Time to Patch

2014 Q3 21 days
2014 Q2 18 days
2014 Q1 12 days
2013 Q4 8 days
2013 Q3 13 days
2013 Q2 30 days
High-Tech Bridge Security Advisories are CVE Compatible High-Tech Bridge Security Advisories CWE Compatibility High-Tech Bridge Security Advisories CVSS Adopters

Security Blog

Google increase awareness of email TLS encryption February 10, 2016
Gmail users will now be able to see if a remote SMTP server has TLS encryption enabled.

Patching Complex Web Vulnerabilities Using ModSecurity WAF February 9, 2016
In this blog post we will demonstrate complicated examples of common web application vulnerabilities, and see how they can be mitigated with ModSecurity WAF.

Bypassing Bitrix WAF via tiny regexp error February 3, 2016
Bitrix24 is one of the first and most secure cross-platform corporate software with integrated WAF and RASP. Let's see how we can bypass them.

Facebook scandal or can bug bounties replace traditional web security? January 11, 2016
Can crowd-sourcing approach to web security testing work for your corporate applications?

A Brief History of Spear Phishing January 6, 2016
Learn the best practices for developing a security awareness training program that is engaging. Engaging awareness programs have been shown to change more users’ behavior and are seen as an asset for your organization instead of annoyance.