A hybrid approach to web app security assessment

High-Tech Bridge is introducing its hybrid web application security assessment SaaS, ImmuniWeb for the first time ever to visitors at Infosecurity Europe 2014.

The service, which was developed in-house by High-Tech Bridge, is now in open Beta. The ImmuniWeb security assessment is the first hybrid service that combines automated vulnerability scanning and manual penetration testing to allow companies to conduct a quick and efficient website security review and ensure that a website or web apps are secure.

Priced at $639 (or 461 Euros / £380), the service comprises 12 hours of manual penetration testing by High-Tech Bridge security auditors, combined with an automated scan by the company’s proprietary vulnerability scanner.

ImmuniWeb consists of three interconnected components:

1. ImmuniWeb Security Scanner – a proprietary web vulnerabilities and weaknesses scanner developed and supported by High-Tech Bridge. Vanguard concept of 360Security on which ImmuniWeb Security Scanner is based, represents a set of five different modules that cover all aspects of web application security:

2. ImmuniWeb auditors – the permanent involvement of a security auditor during the entire process of ImmuniWeb security assessment ensures the highest quality and accuracy of both the security assessment and subsequent report; a level of quality which cannot be achieved by any automated tools or single-source solutions alone. Today, in the era of AJAX and JSON web technologies, application logic errors and DOM-Based XSS vulnerabilities, many web security scanners are unable to detect complex web 2.0 vulnerabilities. The presence of an auditor ensures that such vulnerabilities won’t be missed and will be included in the assessment report.

3. ImmuniWeb Security Assessment Report – the report is delivered within eight working hours after the completion of the security assessment. The report lists vulnerabilities and weaknesses detected during the assessment by ImmuniWeb security scanner and those manually revealed by the security auditor. Every report is reviewed by the company’s Quality Assurance team before delivery.

ImmuniWeb was launched in closed Beta in May 2013 to a limited audience then passed as CWE and CVE compatibility certification by MITRE in summer 2013. In November 2013, The International Telecommunication Union (ITU) announced the use of ImmuniWeb as part of its toolset for ensuring that the governmental websites of ITU’s Member States are secure.

“After four years of development, we are almost ready to launch ImmuniWeb in fully operational mode. Open Beta is the last step before the service will become fully public so we are looking forward to introducing guests to this year’s Infosecurity Europe event to our service and hearing their opinions on it,” says Ilia Kolochenko, CEO of High-Tech Bridge.

Don't miss