Headquarters at World Trade Center Geneva | |
Private | |
Industry | Application Security |
Founded | 2007 |
Founder | Ilia Kolochenko |
Headquarters | Geneva , |
Area served | Europe North America APAC |
Key people | Ilia Kolochenko (CEO) [1] William Weber (CFO) Stéphane Koch (Vice President) Marsel Nizamutdinov (CTO) |
Products | ImmuniWeb AI Platform |
Services | Application Security Testing, Attack Surface Management, Dark Web Monitoring |
Number of employees | 50+ |
Website | www |
ImmuniWeb is a consolidated global brand of High-Tech Bridge SA, a web security company based in Geneva, Switzerland that develops Machine Learning and Artificial Intelligence technologies for Application Security Testing and Attack Surface Management. Started in December 2007 as a vendor-neutral penetration testing boutique, High-Tech Bridge was named an Industry Leader and Best Service Provider among ethical hacking and penetration testing companies by Frost & Sullivan's market research in 2012. [2] Today all the services are provided under the consolidated ImmuniWeb brand.
Frost & Sullivan is a business consulting firm involved in market research and analysis, growth strategy consulting, and corporate training across multiple industries. It is headquartered in Mountain View, California, and has 40 offices on six continents.
High-Tech Bridge was founded by Ilia Kolochenko, Swiss application security expert, SC Media "Thought Leader", [3] Forbes Technology Council member, [4] contributing editor to SC Magazine UK, Dark Reading and IDG's CSO Online. [5]
In November 2013, International Telecommunication Union and High-Tech Bridge agreed to use ImmuniWeb as a part of ITU's toolset for ensuring that the websites of ITU Member States are secure. [6]
The International Telecommunication Union, originally the International Telegraph Union, is a specialized agency of the United Nations that is responsible for issues that concern information and communication technologies. It is the oldest global international organization.
In July 2015 High-Tech Bridge and PricewaterhouseCoopers Switzerland announced a strategic partnership [7] based around ImmuniWeb's web penetration testing, continuous monitoring and vulnerability assessment capabilities. The partnership was afterward expanded to other PwC global offices, including PwC Singapore. [8]
PricewaterhouseCoopers is a multinational professional services network with headquarters in London, United Kingdom. PwC ranks as the second largest professional services firm in the world and is one of the Big Four auditors, along with Deloitte, EY and KPMG.
High-Tech Bridge Security Research Team has released over 500 security advisories [9] affecting various software, with issues identified in products from many well-known vendors, such as Sony, [10] McAfee [11] Novell, [12] in addition to many web vulnerabilities affecting popular open source and commercial web applications, such as osCommerce, [13] Zen Cart, [14] Microsoft SharePoint, SugarCRM and others.
High-Tech Bridge's Security Research Lab was registered as CVE and CWE compatible by MITRE. [15] High-Tech Bridge is one of only 24 organizations, globally, and the first in Switzerland, that have been able to achieve CWE certification.
The Mitre Corporation is an American not-for-profit organization based in Bedford, Massachusetts, and McLean, Virginia. It manages federally funded research and development centers (FFRDCs) supporting several U.S. government agencies.
The company is listed among 81 organizations, as at August 2013, that include CVE identifiers in their security advisories. [16]
High-Tech Bridge launched an SSL/TLS configuration testing tool in October 2015. [17] The tool can validates email, web or any other TLS or SSL server configuration against NIST guidelines and checks PCI DSS compliance, it was cited in articles covering the TalkTalk data breach. [18] [19]
The discovery of vulnerabilities in Yahoo! sites by High-Tech Bridge was widely reported, [20] [21] leading to the t-shirt gate affair and changes in Yahoo's bug bounty program. High-Tech Bridge identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25. [22] [23] [24] [25] The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called t-shirt-gate, [26] a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. High-Tech Bridge's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria. [21] [27]
In December 2013, High-Tech Bridge research [28] on privacy in popular social networks and email services was cited [29] [30] in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network.
In October 2014 High-Tech Bridge discovered a Remote Code Execution vulnerabilities in PHP. [31]
In December 2014, High-Tech Bridge identified the RansomWeb attack, [32] a development of Ransomware attacks, where hackers have started taking over webs servers, encrypting the data on them and demanding payment to unlock the files.
In April 2014, the discovery [33] of a sophisticated Drive-by download attacks, revealed how drive-by download attacks are used to target specific website visitors after their authentication on a compromised web resource.
In December 2015, High-Tech Bridge tested the most popular free email service providers, for SSL/TLS email encryption. [34] Hushmail, previously considered as one of the most secure email providers, received a failing "F" grade. Just after, the company updated its SSL configuration and received a score of "B+". [35]
In March 2015, ImmuniWeb was recognized in Frost & Sullivan's 2015 Market Insight as being 'the most complete hybrid offering available'. [36]
In April 2016, High-Tech Bridge was selected as a Red Herring Europe 2016 Winner. [37]
SC Media Reboot 2016 named ImmuniWeb an Industry Innovator in the Analysis and Testing category. [38]
In April 2017, Frost & Sullivan's research on machine learning in Application Security Testing (AST) recognized High-Tech Bridge as the most innovative player on AST marketplace, outperforming HPE and IBM Security. [39]
In May 2017, Gartner named High-Tech Bridge a Garter Cool Vendor in "Cool Vendors in Security for Midsize Enterprises, 2017" by Adam Hils. [40]
In June 2017, High-Tech Bridge was selected as the SC Awards Europe 2017 winner in "Best Emerging Technology" category. [41]
In June 2018, ImmuniWeb was named the Winner in “Best Usage of Machine Learning / AI” category at SC Awards Europe 2018 outperforming six other finalists including IBM Watson for cybersecurity. [42]
In December 2018, IDC included High-Tech Bridge into "IDC Innovators: Mobile App Security Testing, 2018" for ImmuniWeb. [43]
ImmuniWeb is a member of a number of security-related organizations, including:
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage files in Portable Document Format (PDF).
OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.
Internet security is a branch of computer security specifically related to not only Internet, often involving browser security and the World Wide Web, but also network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information, which leads to a high risk of intrusion or fraud, such as phishing, online viruses, trojans, worms and more.
Comodo is a cybersecurity company headquartered in Clifton, New Jersey in the United States.
The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
In computing, Network Security Services (NSS) comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. Previously tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License, NSS upgraded to GPL-compatible MPL 2.0 with release 3.14.
Qualys, Inc. provides cloud security, compliance and related services and is based in Foster City, California. Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a "software as a service" (SaaS) model, and as of 2013 Gartner Group for the fifth time gave Qualys a "Strong Positive" rating for these services. It has added cloud-based compliance and web application security offerings.
UC Browser is a web browser developed by the Singapore/China-based mobile Internet company UCWeb, which is in turn owned by the Alibaba Group.
Operation Aurora was a series of cyber attacks conducted by advanced persistent threats such as the Elderwood Group based in Beijing, China, with ties to the People's Liberation Army. First publicly disclosed by Google on January 12, 2010, in a blog post, the attacks began in mid-2009 and continued through December 2009.
Trustwave Holdings is an information security company. The company's international headquarters is located in downtown Chicago, and regional offices are located in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manila, Minneapolis, Singapore, Sydney, Tokyo, Warsaw, and Waterloo, Ontario. Trustwave is currently the only company that is an authorized PCI Forensic Investigator in all geographic regions. Trustwave is a standalone business unit and cyber security brand of Singaporean telecommunications company Singtel Group Enterprise.
Lumension Security, Inc. is a part of IT software company, Ivanti. Lumension products include endpoint management and security software providing endpoint protection, vulnerability management, data protection, application whitelisting, encryption, USB security and risk management. Lumension is largely focused on providing IT security to organizations and businesses.
Cyberoam Technologies, a Sophos Company, is a global Network Security appliances provider, with presence in more than 125 countries. The company offers User Identity-based network security in its Firewalls/ Unified Threat Management appliances, allowing visibility and granular control into users' activities in business networks. For SOHO, SMB and large enterprise networks, this ensures security built around the network user for protection against APTs, insider threats, malware, hacker, and other sophisticated network attacks.
A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. Bug bounty programs have been implemented by a large number of organizations, including Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft. Companies outside the technology industry, including traditionally conservative organizations like the United States Department of Defense, have started using bug bounty programs. The Pentagon’s use of bug bounty programs is part of a posture shift that has seen several US Government Agencies reverse course from threatening white hat hackers with legal recourse to inviting them to participate as part of a comprehensive vulnerability disclosure framework or policy.
Heartbleed is a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed may be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It results from improper input validation in the implementation of the TLS heartbeat extension. Thus, the bug's name derives from heartbeat. The vulnerability is classified as a buffer over-read, a situation where more data can be read than should be allowed.
The Core Infrastructure Initiative (CII) is a project of the Linux Foundation to fund and support free and open-source software projects that are critical to the functioning of the Internet and other major information systems. The project was announced on 24 April 2014 in the wake of Heartbleed, a critical security bug in OpenSSL that is used on millions of websites.
The POODLE attack is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014. On December 8, 2014 a variation of the POODLE vulnerability that affected TLS was announced.
The following outline is provided as an overview of and topical guide to computer security:
Cloudbric is a cloud-based web security provider based in Seoul, South Korea. It offers a WAF, DDoS protection, and SSL solution and protects websites from SQL injection, cross-site scripting, identity theft, website defacement, and application layer DDoS attacks.