Three must have website and web server security testing tools
A trio of web security services from Red Herring winner High-Tech Bridge promises to make the web a safer place. Let’s take a look.
We all know that web security is a very hot topic today. Last week, a technical investigation by Forbes suggested that 3.2 terabytes of data from Panama’s law firm Mossack Fonseca local network were stolen via vulnerable and outdated websites of the company, causing one of the largest data breaches in history.
Many people still remember the Ashley Madison breach, when data of millions of clients of the largest dating website were exposed and sold online, pushing some of them towards suicides. And yes, the breach also occurred because of insecure website. Statistics is also scary: Verizon Data Breach Report states that above 27% of all banking data breaches in 2015 occurred via compromised web applications.
Meanwhile, website owners don’t really have an ultimate solution to test their website security. Tripwire research says that “traditional security methodologies, such as Manual Testing and Web Application Firewalls (WAF), have been rendered irrelevant due to evolving hacking techniques”. Indeed, any Web Application Firewall will either block some legitimate users (so-called “false-positives”) or overlook some advanced attacks (e.g. application logic manipulation) against the web application (so-called “false-negatives”). While pure Manual Penetration Testing is prohibitively expensive for the majority of website owners, leaving them alone with cybercriminals.
Several weeks ago, we mentioned High-Tech Bridge, an emerging Swiss startup that are disrupting the web security industry with their hybrid web security testing platform called ImmuniWeb. High-Tech Bridge attracted our attention again last week when they were selected as a winner for the Red Herring Europe 2016 startup contest, which has been organized since 1996 by ex-board member of Qualys and VC investor Alex Vieux. High-Tech Bridge’s team, led by their founder Ilia Kolochenko, pitched some innovative services that are making security easier for the masses:
Free online SSL testing service
High-Tech Bridge’s free online SSL testing service allows anyone to test quality of data channel encryption of any server. Unlike competitors, the service is not limited by HTTPS testing and can check email (SMTS, POP3S, IMAPS) or any other SSL or TLS based services. When everyone is using insecure public Wi-Fi networks to check their emails and buy goods or services online, the service is a must-have element in your bookmarks. Over 350,000 tests have been performed during the last six months.
Free web server security test
The second free service, allows anyone to test web server security and compliance with OWASP secure HTTP headers guide. Taking into consideration that proper configuration of a web server can significantly reduce the scope and the vectors of web attacks against website visitors, it also makes a lot of sense to check how secure your web server is. Both services provide free APIs, so anybody can leverage the services for their internal or recurrent security needs.
Web security testing platform
Last but not least, their ImmuniWeb web security testing platform allows you to hire professional penetration testers online in few clicks to test security of your website or web application. If could sounds utopic, but they do have packages oriented for small SMBs that allows you to test your WordPress or Joomla website for a price less than SSL EV certificate would normally cost you. Their amazing hybrid technology reduces their own expenses and they make you benefiting from it.
Let’s continue monitoring High-Tech Bridge’s further growth and development to see what else they can bring to make the web a safer place. If we were Gartner, we would call them Cool Vendor.