News
ImmuniWeb® is launched by High-Tech Bridge
August 2013 by Marc Jacob
High-Tech Bridge extending the recently announced public beta launch[1] of its innovative
cloud-based web vulnerability scanning and penetration testing service called
ImmuniWeb®. A unique combination of automated security assessment with manual
penetration testing, ImmuniWeb brings expert ethical hacking within the reach of any
SMB and even private persons. ImmuniWeb’s hybrid approach significantly
reduces the rate of false-negatives and totally eliminates false-positives in
assessment reports.
High-Tech Bridge’s Security Advisories demonstrate that SMBs’ websites
are clearly a prime target for hackers, with, for example, SQL and XSS threats
increasing in open-source web platforms commonly used by SMBs. Ilia Kolochenko, CEO
of High-Tech Bridge and lecturer on Cyber Crime at HES-SO University, Switzerland
comments: “Today many SMBs are unfairly prevented from securing their websites
due to low budgets, lack of in-house technical skills or administrative
restrictions. ImmuniWeb will enable SMBs to secure their websites in a simple,
efficient and cost-effective manner.”
By combining the work of High-Tech Bridge’s expert security auditors and a
proprietary web security scanner, High-Tech Bridge is making its penetration testing
skills, experience, knowledge-base and research in the web application security
domain accessible to smaller companies.
ImmuniWeb reports are actionable by SMBs who do not employ in-house security
experts. Ilia Kolochenko explains: “Website developers and owners want to know
that they can rely on an assessment report to cover what the issues are and how to
go about addressing them – they should not have to read complicated technical
reports, full of security jargon. Details on how any detected vulnerability can be
exploited and recommended fixes are provided by our security auditors in an
easy-to-understand format, which is especially useful for individuals unfamiliar
with web security. At the same time we strictly follow industry best-practises and
standards, such as CVE and CWE Compatibility certifications, which we have recently
obtained for ImmuniWeb.”
High-Tech Bridge has invested over five million dollars (approx. £3.3 million)
in developing the technology behind the ImmuniWeb back- and front-ends.
Recently Alexander Michael, Director of ICT Consulting at Frost & Sullivan,
reported that ImmuniWeb “represents a highly efficient, new generation
solution for SMBs, offering speed, simplicity, cost-effectiveness and additional
quality, afforded by the parallel manual penetration testing.”
The speed and low cost of the service also makes ImmuniWeb an efficient risk
assessment and decision-making tool for larger websites and multi-national
organisations. An ImmuniWeb assessment can be used to establish whether a full
in-depth penetration test or source code review is required, saving both time and
money for the organisation.
ImmuniWeb consists of three interconnected components:
ImmuniWeb Portal
A secure and user-friendly web interface used to manage the security assessment
process from configuration and secure online payment to report delivery.
ImmuniWeb Security Scanner
A proprietary web vulnerability scanner developed and supported by High-Tech Bridge.
It is based on the unique concept of constant evolution and improvement of
vulnerability detection algorithms after the performance of each security
assessment.
ImmuniWeb Auditors
A team of High-Tech Bridge web security experts. In parallel with the ImmuniWeb
Security Scanner assessment, the auditor assigned to the project performs manual
testing of the website for vulnerabilities and thoroughly monitors the scanner
progress and behaviour. The auditors collaborate closely with High-Tech Bridge
Security Research Lab.
