News
ImmuniWeb Discovery to Intelligently Automate Penetration Testing Scoping and Scheduling
October 2020 by Marc Jacob
Mandatory application penetration testing is now imposed on a regular basis by the increasing number of data protection regulations, including the state laws of New York, the UK and Singapore, NIST guidelines, PCI DSS and GDPR. Conducted as a matter of regulatory compliance, or to prevent costly data breaches and targeted ransomware attacks after silent infiltration into internal networks, penetration testing is not without its drawbacks that keep CISOs awake at nights.
The most widespread pentesting pitfall is prioritization of the testing scope and schedule. One single forgotten API, or abandoned web server, accessible from the Internet may swiftly ruin your cybersecurity strategy. Delayed testing, subsequent to deployment of vulnerable code to production, jeopardizes confidentiality of your customers’ data and exposes trade secrets. Inversely, excessive or redundant testing of low-risk or irrelevant targets - merely wastes your cybersecurity budget and brings no value to your team.
To tackle the issue, ImmuniWeb and the rapidly growing number of its partners around the globe, offer ImmuniWeb® Discovery. Just by entering your company name, you get a helicopter view of your external attack surface, source code leaks and exposure on the Dark Web. From now, our customers and partners will also get two distinct scores on their Discovery dashboards for each of their web or mobile applications:
Estimated Number of Vulnerabilities
The projected number of exploitable security vulnerabilities that are likely present in a web or mobile application. Helps properly prioritize the penetration testing targets in a risk-based manner.
Estimated Targeted Attacks per Week
The projected number of targeted attacks (i.e. aiming your organization specifically) per month against a web application. Helps properly schedule the penetration testing in a threat-aware manner.
Both scores leverage ImmuniWeb’s award-winning Machine Learning and OSINT technology to make reliable, data-driven and actionable projections. The latter are regularly monitored and improved by ImmuniWeb data scientists and security analysts for anomalies and other statistical deviances on an individual basis.
For instance, when calculating the number of attacks, among multiple other inputs, we consider all data discoverable on the Dark Web and correlate it with information about previous incidents crawlable in the Surface Web. While the number of vulnerabilities is calculated from over 750 criteria of the application that can be obtained by production-safe and non-intrusive means, including web server and underlying network or cloud configuration, web software and its components, encryption hardening, and source code of the application - if accessible on public code repositories such as GitHub.
Immediate Benefits for Customers
Prioritize application penetration testing for the most vulnerable and attackable assets
Prevent data breaches and intrusions stemming from incomplete scope of testing
Save budget by excluding irrelevant or low-risk targets from the scope
Become our customer today by requesting a free demo or special quote in a few clicks.
Immediate Benefits for Partners
Boost your sales of application penetration testing with actionable planning and scoping
Upsell your consulting and integration services after holistic and timely penetration testing
Outperform traditional vendors with excessive or insufficient penetration testing
Become our partner today by filling in the form and start growing your business with us.
