Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/2/2013
05:21 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New SaaS Security Service Combines Vulnerability Scanning With Manual Pen Testing

ImmuniWeb assessment can be used to establish whether a full in-depth penetration test or source code review is required

ImmuniWeb, first cloud-based web application security assessment SaaS for SMBs to combine automated vulnerability scanning and manual penetration testing in parallel

Geneva, 1 August, 2013, High-Tech Bridge, a leading Swiss information security company, recently announced the public beta launch[1] of its innovative cloud-based web vulnerability scanning and penetration testing service called ImmuniWeb;. A unique combination of automated security assessment with manual penetration testing, ImmuniWeb brings expert ethical hacking within the reach of any SMB and even private persons. ImmuniWeb's hybrid approach significantly reduces the rate of false-negatives and totally eliminates false-positives in assessment reports.

High-Tech Bridge's Security Advisories demonstrate that SMBs' websites are clearly a prime target for hackers, with, for example, SQL and XSS threats increasing in open-source web platforms commonly used by SMBs. Ilia Kolochenko, CEO of High-Tech Bridge and lecturer on Cyber Crime at HES-SO University, Switzerland comments: "Today many SMBs are unfairly prevented from securing their websites due to low budgets, lack of in-house technical skills or administrative restrictions. ImmuniWeb will enable SMBs to secure their websites in a simple, efficient and cost-effective manner."

By combining the work of High-Tech Bridge's expert security auditors and a proprietary web security scanner, High-Tech Bridge is making its penetration testing skills, experience, knowledge-base and research in the web application security domain accessible to smaller companies.

ImmuniWeb reports are actionable by SMBs who do not employ in-house security experts. Ilia Kolochenko explains: "Website developers and owners want to know that they can rely on an assessment report to cover what the issues are and how to go about addressing them – they should not have to read complicated technical reports, full of security jargon. Details on how any detected vulnerability can be exploited and recommended fixes are provided by our security auditors in an easy-to-understand format, which is especially useful for individuals unfamiliar with web security. At the same time we strictly follow industry best-practises and standards, such as CVE and CWE Compatibility certifications, which we have recently obtained for ImmuniWeb."

High-Tech Bridge has invested over five million dollars (approx. £3.3 million) in developing the technology behind the ImmuniWeb back- and front-ends.

Recently Alexander Michael, Director of ICT Consulting at Frost & Sullivan, reported that ImmuniWeb "represents a highly efficient, new generation solution for SMBs, offering speed, simplicity, cost-effectiveness and additional quality, afforded by the parallel manual penetration testing."

The speed and low cost of the service also makes ImmuniWeb an efficient risk assessment and decision-making tool for larger websites and multi-national organisations. An ImmuniWeb assessment can be used to establish whether a full in-depth penetration test or source code review is required, saving both time and money for the organisation.

ImmuniWeb consists of three interconnected components:

ImmuniWeb Portal

A secure and user-friendly web interface used to manage the security assessment process from configuration and secure online payment to report delivery.

ImmuniWeb Security Scanner

A proprietary web vulnerability scanner developed and supported by High-Tech Bridge. It is based on the unique concept of constant evolution and improvement of vulnerability detection algorithms after the performance of each security assessment.

ImmuniWeb Auditors

A team of High-Tech Bridge web security experts. In parallel with the ImmuniWeb Security Scanner assessment, the auditor assigned to the project performs manual testing of the website for vulnerabilities and thoroughly monitors the scanner progress and behaviour. The auditors collaborate closely with High-Tech Bridge Security Research Lab.

Availability

To request an invite code for the ImmuniWeb beta, please visit:

https://portal.htbridge.com/support/nonauthenticated/?invite=1

Pricing

For full details on ImmuniWeb's competitive pricing, please visit:

https://www.htbridge.com/immuniweb/assessment-report-and-pricing.html

Useful reading

The Growing Hacking Threat to Websites: https://www.htbridge.com/publications/the_growing_hacking_threat_to_websites_an_on-going_commitment_to_web_application_security.html

Security vendors are finally launching solutions that will help the SMB community from targeted and untargeted web attacks:

http://www.frost.com/sublib/display-market-insight.do?id=280373411

The Importance of Ethical Hacking:

http://www.frost.com/upld/get-data.do?id=1568233

About High-Tech Bridge

High-Tech Bridge SA is a leading provider of information security services, such as penetration testing, network security auditing, consulting and computer crime forensics. In 2012 Frost & Sullivan recognised High-Tech Bridge as one of the market leaders and best service providers in the ethical hacking industry. High-Tech Bridge devotes significant resources to information security research. High-Tech Bridge Security Research Lab has helped software vendors to improve security of their products, including such vendors as Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, OpenOffice, Corel, OpenX, Joomla, WordPress, UMI.CMS, and hundreds of others.

The company has recently introduced ImmuniWeb, a Software-as-a-Service (SaaS) ethical hacking solution for web applications.

High-Tech Bridge is on the Online Trust Alliance (OTA) 2013 Online Trust Honor Roll for demonstrating exceptional data protection, privacy and security in an effort to better protect their customers and brand. For High-Tech Bridge this is a second consecutive nomination for this prestigious global award that the company has already received in 2012.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12960
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.
CVE-2019-12961
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
CVE-2019-12962
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
CVE-2019-12963
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
CVE-2019-12964
PUBLISHED: 2019-06-25
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.