Swiss information security company High-Tech Bridge has been making headlines recently, especially as it’s the team that encouraged Yahoo to rethink its bug bounty. 
They are also behind ImmuniWeb, which they say is “a next-generation web application security assessment solution with a Software-as-a-Service delivery model.” It’s a new type of service that combines a web security scanner and manual web application penetration testing/ethical hacking.
I decided to delve a little deeper, and ImmuniWeb claims to solve the problem that many SMBs have – the need to assess website security simply, quickly and cheaply. Booking a professional pen tested website check online is an interesting idea, especially as it doesn’t cost thousands of dollars, and can be delivered in less than 24 hours. And as it’s a fraction of a large organisation’s security spend, I can see that security teams may also find it interesting as a spot check for website vulnerability, especially for new sites.
I hadn’t heard of High-Tech Bridge before, so a little bit about the company – High-Tech Bridge provides penetration testing services to companies, government agencies and international organisations. The ImmuniWeb service seems to be their way of taking their pen testing services to a wider audience.
To order an ImmuniWeb website security assessment, you just need to visit the ImmuniWeb portal, register and then fill in details on the URL that needs to be audited. This takes less than 15 minutes and they ask for this information, so that not just anyone can ask for an assessment on your website.
Their service consists of two separate parts, that’s why it’s hybrid: the ImmuniWeb security scanner, which is a proprietary web vulnerability scanner and ImmuniWeb auditors. These guys are web application security experts who perform manual testing of the website for vulnerabilities and they also monitor the scanner progress and behaviour.
After the assessment, a report is delivered to the portal and lists vulnerabilities and weaknesses detected by the scanner and the auditor. The team at High-Tech Bridge also propose fixes. The report may be securely stored on the Portal for up to 60 days or deleted immediately upon download.
The price is $639 and you can order an online ethical hack here: https://www.htbridge.com/
