New SaaS Security Service Combines Vulnerability Scanning With Manual Pen Testing

ImmuniWeb assessment can be used to establish whether a full in-depth penetration test or source code review is required

August 3, 2013

4 Min Read

PRESS RELEASE

ImmuniWeb, first cloud-based web application security assessment SaaS for SMBs to combine automated vulnerability scanning and manual penetration testing in parallel

Geneva, 1 August, 2013, High-Tech Bridge, a leading Swiss information security company, recently announced the public beta launch[1] of its innovative cloud-based web vulnerability scanning and penetration testing service called ImmuniWeb;. A unique combination of automated security assessment with manual penetration testing, ImmuniWeb brings expert ethical hacking within the reach of any SMB and even private persons. ImmuniWeb's hybrid approach significantly reduces the rate of false-negatives and totally eliminates false-positives in assessment reports.

High-Tech Bridge's Security Advisories demonstrate that SMBs' websites are clearly a prime target for hackers, with, for example, SQL and XSS threats increasing in open-source web platforms commonly used by SMBs. Ilia Kolochenko, CEO of High-Tech Bridge and lecturer on Cyber Crime at HES-SO University, Switzerland comments: "Today many SMBs are unfairly prevented from securing their websites due to low budgets, lack of in-house technical skills or administrative restrictions. ImmuniWeb will enable SMBs to secure their websites in a simple, efficient and cost-effective manner."

By combining the work of High-Tech Bridge's expert security auditors and a proprietary web security scanner, High-Tech Bridge is making its penetration testing skills, experience, knowledge-base and research in the web application security domain accessible to smaller companies.

ImmuniWeb reports are actionable by SMBs who do not employ in-house security experts. Ilia Kolochenko explains: "Website developers and owners want to know that they can rely on an assessment report to cover what the issues are and how to go about addressing them – they should not have to read complicated technical reports, full of security jargon. Details on how any detected vulnerability can be exploited and recommended fixes are provided by our security auditors in an easy-to-understand format, which is especially useful for individuals unfamiliar with web security. At the same time we strictly follow industry best-practises and standards, such as CVE and CWE Compatibility certifications, which we have recently obtained for ImmuniWeb."

High-Tech Bridge has invested over five million dollars (approx. £3.3 million) in developing the technology behind the ImmuniWeb back- and front-ends.

Recently Alexander Michael, Director of ICT Consulting at Frost & Sullivan, reported that ImmuniWeb "represents a highly efficient, new generation solution for SMBs, offering speed, simplicity, cost-effectiveness and additional quality, afforded by the parallel manual penetration testing."

The speed and low cost of the service also makes ImmuniWeb an efficient risk assessment and decision-making tool for larger websites and multi-national organisations. An ImmuniWeb assessment can be used to establish whether a full in-depth penetration test or source code review is required, saving both time and money for the organisation.

ImmuniWeb consists of three interconnected components:

ImmuniWeb Portal

A secure and user-friendly web interface used to manage the security assessment process from configuration and secure online payment to report delivery.

ImmuniWeb Security Scanner

A proprietary web vulnerability scanner developed and supported by High-Tech Bridge. It is based on the unique concept of constant evolution and improvement of vulnerability detection algorithms after the performance of each security assessment.

ImmuniWeb Auditors

A team of High-Tech Bridge web security experts. In parallel with the ImmuniWeb Security Scanner assessment, the auditor assigned to the project performs manual testing of the website for vulnerabilities and thoroughly monitors the scanner progress and behaviour. The auditors collaborate closely with High-Tech Bridge Security Research Lab.

Availability

To request an invite code for the ImmuniWeb beta, please visit:

https://portal.htbridge.com/support/nonauthenticated/?invite=1

Pricing

For full details on ImmuniWeb's competitive pricing, please visit:

https://www.htbridge.com/immuniweb/assessment-report-and-pricing.html

Useful reading

The Growing Hacking Threat to Websites: https://www.htbridge.com/publications/the_growing_hacking_threat_to_websites_an_on-going_commitment_to_web_application_security.html

Security vendors are finally launching solutions that will help the SMB community from targeted and untargeted web attacks:

http://www.frost.com/sublib/display-market-insight.do?id=280373411

The Importance of Ethical Hacking:

http://www.frost.com/upld/get-data.do?id=1568233

About High-Tech Bridge

High-Tech Bridge SA is a leading provider of information security services, such as penetration testing, network security auditing, consulting and computer crime forensics. In 2012 Frost & Sullivan recognised High-Tech Bridge as one of the market leaders and best service providers in the ethical hacking industry. High-Tech Bridge devotes significant resources to information security research. High-Tech Bridge Security Research Lab has helped software vendors to improve security of their products, including such vendors as Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, OpenOffice, Corel, OpenX, Joomla, WordPress, UMI.CMS, and hundreds of others.

The company has recently introduced ImmuniWeb, a Software-as-a-Service (SaaS) ethical hacking solution for web applications.

High-Tech Bridge is on the Online Trust Alliance (OTA) 2013 Online Trust Honor Roll for demonstrating exceptional data protection, privacy and security in an effort to better protect their customers and brand. For High-Tech Bridge this is a second consecutive nomination for this prestigious global award that the company has already received in 2012.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights