Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/14/2014
06:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

High-Tech Bridge launches online on-demand web penetration testing service ImmuniWeb

On-demand ethical hacking service delivers new approach to website security assessment, manually-written report guarantees zero false-positives

Geneva, 15th of May 2014

After a year of intensive private Beta testing, High-Tech Bridge announces the general availability of ImmuniWeb® - its innovative web application and website security testing SaaS (Software-as-a-Service) that enables anyone, regardless of company size, geographical location or technical knowledge, to hire professional ethical hackers online for just $990.

ImmuniWeb is a unique hybrid of accurate manual web application penetration test and cutting-edge vulnerability scanning that are performed in parallel. Manual testing by professional High-Tech Bridge web penetration testers guarantees zero false-positives and significantly minimizes the number of false-negatives in the report. The automated side of the assessment is performed by ImmuniWeb Security Scanner, developed by High-Tech Bridge from scratch. Project configuration and management, secure online payment and report delivery is done online via ImmuniWeb Portal.

ImmuniWeb’s hybrid approach to web application security testing outshines the quality of the automated tools, scanners and services that currently dominate the market. Every ImmuniWeb report is manually written by a professional penetration tester who provides customised solutions for each weakness and vulnerability detected, ensuring that the customer can easily understand the issues and implement fixes.

Tested on thousands of small and several hundreds of large live websites, ImmuniWeb’s efficiency has been proven on websites that use different web frameworks, platforms and web programming languages. Vast majority of security assessments already performed by ImmuniWeb demonstrated the best vulnerability detection rate compared to traditional vulnerability scanners and automated SaaS solutions.

Graham Cluley, independent computer security analyst, said of ImmuniWeb: “What’s cool is that the ImmuniWeb service isn’t just a web vulnerability scanner, hunting for flaws on customers’ websites. At the same time as that is running, High-Tech Bridge also has a team of ethical hackers, with years of professional web security experience, manually attempting to penetrate websites, and searching for flaws and weaknesses.”

UN agency, the International Telecommunication Union (ITU), uses ImmuniWeb as part of the toolset to ensure that the governmental websites of ITU’s Member States are secure. "This partnership with High-Tech Bridge, within the framework of the ITU-IMPACT initiative, will assist Member States, in particular developing and least developed countries, to use these tools to improve the security of their websites and counter cyber threats and related vulnerabilities," said ITU Secretary-General Dr Hamadoun I. Toure.

“It certainly appears that the hybrid approach [of web application security testing], introduced to the global market by ImmuniWeb, represents a highly efficient, new generation solution, offering speed, simplicity, cost-effectiveness and additional quality, afforded by the parallel manual penetration testing” said Alexander Michael, Director of ICT Consulting at Frost & Sullivan.

Introduced by High-Tech Bridge to the market in 2013 the hybrid approach to testing web application security benefits from an on-demand SaaS delivery model, simple set up, an assessment with zero false positives, comprehensive report and competitive pricing. ImmuniWeb SaaS successfully received CWE and CVE compatibility certification from MITRE in 2013. 

Ilia Kolochenko, High-Tech Bridge’s CEO, comments: “We are very happy to offer ImmuniWeb on-demand web penetration testing to everybody today, it’s a very important milestone for our company and a very positive change for the web security market. This is the outcome of four years of development and one year of very intensive work under the Beta version of ImmuniWeb. Beta testing was very useful as we were able to talk to many different companies, organisations, governments and independent experts who all brought great ideas on how to make our service better and easier. We considered every opinion to improve and perfect ImmuniWeb, and we are grateful to all our customers, partners, testers and security analysts who helped us make it better.”

Marsel Nizamutdinov, High-Tech Bridge’s Chief Research Officer, says: “The entire ImmuniWeb technology was greatly improved thanks to user feedback while we were in Beta. Our penetration testing team was better organised and interlinked with our internal research team and their knowledge base. The ImmuniWeb Security Scanner was enhanced with many small but effective features and improvements that ameliorated vulnerability detection algorithms. Revision of some core scanning algorithms permitted us to significantly increase the scanner’s crawler speed and scope of analysis. As for ImmuniWeb Portal – it was adopted to make project management even more simple, fast and comprehensive.

 

Useful reading

Compare ImmuniWeb® with others website vulnerability solutions:

https://www.htbridge.com/immuniweb/compare-web-security-assessments.html

 

View ImmuniWeb® assessment report example:

https://www.htbridge.com/immuniweb/assessment-report.html

 

View ImmuniWeb® assessment technical details:

https://www.htbridge.com/immuniweb/immuniweb-assessment.html

 

Availability

To start your first ImmuniWeb on-demand web pentest please go to ImmuniWeb Portal:

https://portal.htbridge.com/

 

ImmuniWeb Reviews

Financial Times:

http://howtospendit.ft.com/phones/40073-high-tech-bridge-immuniweb-security-assessment

PC Mag:

http://www.pcmag.com/article2/0,2817,2453813,00.asp

The Ethical Hacking Network:

https://www.ethicalhacker.net/features/root/exclusive-first-look-immuniweb-by-high-tech-bridge

Tom’s IT PRO:

http://www.tomsitpro.com/articles/vulnerability-scanning-tools,2-720-2.html

 

Pricing

The assessment, which includes 12 hours of manual testing, 12 hours or automated testing and 6 hours of results analysis and reporting, will cost $990. 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18216
PUBLISHED: 2019-10-20
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access ...
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.