Menu
Home Explore People Places Arts History Plants & Animals Science Life & Culture Technology
On this page
ImmuniWeb
Swiss application security company

ImmuniWeb is a global application security company headquartered in Geneva, Switzerland. ImmuniWeb develops machine learning and AI technologies for SaaS-based application security solutions provided via its proprietary ImmuniWeb AI Platform.

Related Image Collections Add Image
Profiles
1 Image
We don't have any YouTube videos related to ImmuniWeb yet.
We don't have any PDF documents related to ImmuniWeb yet.
We don't have any Books related to ImmuniWeb yet.
We don't have any archived web articles related to ImmuniWeb yet.

Early Security Research

Security Advisories

The ImmuniWeb Security Research Team (formerly known as High-Tech Bridge) has released over 500 security advisories1 affecting various software, with issues identified in products from many well-known vendors, such as Sony,2 McAfee3 Novell,4 in addition to many web vulnerabilities affecting popular open source and commercial web applications, such as osCommerce,5 Zen Cart,6 Microsoft SharePoint, SugarCRM and others.

The Security Research Lab was registered as CVE and CWE compatible by MITRE.7 It is one of only 24 organizations, globally, and the first in Switzerland, that has been able to achieve CWE certification.

The company is listed among 81 organizations, as of August 2013, that include CVE identifiers in their security advisories.8

Free Online Services and Related Research

ImmuniWeb launched an SSL/TLS configuration testing tool in October 2015.9 The tool can validate email, web or any other TLS or SSL server configuration against NIST guidelines and checks PCI DSS compliance, it was cited in articles covering the TalkTalk data breach.1011

Security and Privacy Research

The discovery of vulnerabilities in Yahoo! sites by the company was widely reported,1213 leading to the t-shirt gate affair and changes in Yahoo's bug bounty program. The firm identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25.14151617 The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called t-shirt-gate,18 a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. The company's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria.1920

In December 2013, the firm's research21 on privacy in popular social networks and email services was cited2223 in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network.

In October 2014, the company discovered a Remote Code Execution vulnerability in PHP.24 In December 2014, they identified the RansomWeb attack,25 a development of Ransomware attacks, where hackers have started taking over web servers, encrypting the data on them and demanding payment to unlock the files.

In April 2014, the discovery26 of sophisticated Drive-by download attacks, revealed how drive-by download attacks are used to target specific website visitors after their authentication on a compromised web resource.

In December 2015, the company tested the most popular free email service providers, for SSL/TLS email encryption.27 Hushmail, previously considered as one of the most secure email providers, received a failing "F" grade. Just after, the company updated its SSL configuration and received a score of "B+".28

See also

References

  1. "Packet Storm - Files from High-Tech Bridge SA". PacketStorm.org. Retrieved 20 February 2016. https://packetstormsecurity.com/files/author/8035/

  2. "Security Update Program for VAIO® Personal Computers". esupport.sony.com. Sony. Retrieved 20 January 2015. http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946

  3. "McAfee Security Bulletin - McAfee MVT & ePO-MVT update fixes an "Escalation of Privileges" vulnerability". kc.mcafee.com. McAfee. Retrieved 20 January 2015. https://kc.mcafee.com/corporate/index?page=content&id=SB10040

  4. "Security Vulnerability: GroupWise Client for Windows Remote Untrusted Pointer Dereference Vulnerability". www.novell.com. Novell. Retrieved 20 January 2015. https://www.novell.com/support/kb/doc.php?id=7011687

  5. "Researchers at Swiss-based security firm High-Tech Bridge have identified serious vulnerabilities in several popular web applications". SecurityWeek. Retrieved 20 February 2016. http://www.securityweek.com/rce-sqli-flaws-found-popular-web-apps

  6. "Critical Zen Cart vulnerability could spell Black Friday disaster for online shoppers". BetaNews. Retrieved 20 February 2016. http://betanews.com/2015/11/25/critical-zen-cart-vulnerability-could-spell-black-friday-disaster-for-online-shoppers/

  7. "Product from High-Tech Bridge Now Registered as Officially "CWE-Compatible"". MITRE. Retrieved 7 August 2014. http://cwe.mitre.org/news/archives/news2012.html#20120827a

  8. "Organizations with CVE Identifiers in Advisories". 26 June 2013. Archived from the original on 7 August 2013. Retrieved 1 September 2013. https://web.archive.org/web/20130807180322/http://cve.mitre.org/compatible/alerts_announcements.html

  9. "Free PCI and NIST compliant SSL test". Help Net Security. Retrieved 23 October 2015. http://www.net-security.org/secworld.php?id=19009

  10. "TalkTalk boss receives ransom demand as massive customer data breach deepens". The Inquirer. Archived from the original on October 24, 2015. Retrieved 23 October 2015. https://web.archive.org/web/20151024163202/http://www.theinquirer.net/inquirer/news/2431728/talktalk-ddos-hack-leaves-four-million-customers-at-risk

  11. "TalkTalk CEO admits security fail, says hacker emailed ransom demand". The Register. Retrieved 23 October 2015. https://www.theregister.co.uk/2015/10/23/talktalk_ceo_apologises/

  12. "Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal". 3 October 2013. http://www.v3.co.uk/v3-uk/news/2298445/yahoo-to-pay-up-to-usd15-000-for-bug-finds-after-t-shirt-gate-scandal

  13. Kirk, Jeremy (3 October 2013). "Yahoo security bounty program ditches T-shirts for cash". Retrieved 19 October 2013. http://www.pcworld.com/article/2051880/yahoo-abandons-tshirt-rewards-for-vulnerability-information.html

  14. Rubenking, Neil J. (1 October 2013). "Yahoo Offers Sad Bug Bounty: $12.50 in Company Swag". PC Magazine. Retrieved 19 October 2013. http://securitywatch.pcmag.com/hacking/316421-yahoo-offers-sad-bug-bounty-12-50-in-company-swag

  15. Bilton, Ricardo (1 October 2013). "I reported a major Yahoo security vulnerability and all I got was this lousy T-shirt". Retrieved 19 October 2013. https://venturebeat.com/2013/10/01/i-reported-a-major-yahoo-security-vulnerability-and-all-i-got-was-this-lousy-t-shirt/

  16. Frank, Blair Hanley (1 October 2013). "Researchers find critical vulnerabilities in Yahoo's site, offered $12.50 per bug". Retrieved 19 October 2013. http://www.geekwire.com/2013/researchers-find-critical-vulnerabilities-yahoos-site-offered-1250-bug/

  17. Hackney, Steve (7 October 2013). "Yahoo! Inc. (NASDAQ:YHOO) Removes Bugs Identified By High Tech Bridge". Retrieved 19 October 2013. http://wallstreetpr.com/yahoo-inc-nasdaqyhoo-removes-bugs-identified-by-high-tech-bridge-9663

  18. Osborne, Charlie (3 October 2013). "Yahoo changes bug bounty policy following 't-shirt gate'". ZDNet. Retrieved 19 October 2013. https://www.zdnet.com/article/yahoo-changes-bug-bounty-policy-following-t-shirt-gate/

  19. Kirk, Jeremy (3 October 2013). "Yahoo security bounty program ditches T-shirts for cash". Retrieved 19 October 2013. http://www.pcworld.com/article/2051880/yahoo-abandons-tshirt-rewards-for-vulnerability-information.html

  20. Martinez, Ramses (2 October 2013). "So I'm the guy who sent the t-shirt out as a thank you". Retrieved 19 October 2013. https://yahoodevelopers.tumblr.com/post/62953984019/so-im-the-guy-who-sent-the-t-shirt-out-as-a-thank-you

  21. "Social networks: can robots violate user privacy?". Archived from the original on 2013-09-03. Retrieved 2014-01-13. https://archive.today/20130903073506/https://www.htbridge.com/news/social_networks_can_robots_violate_user_privacy.html

  22. "Facebook sued for allegedly intercepting private messages". http://news.cnet.com/8301-1023_3-57616496-93/facebook-sued-for-allegedly-intercepting-private-messages/

  23. "Is Facebook spying on you?". CNBC. http://video.cnbc.com/gallery/?video=3000236311

  24. Brook, Chris. "PHP patches buffer overflow vulnerabilities". threatpost. Retrieved 27 October 2014. https://threatpost.com/php-patches-vulnerabilities-including-remote-code-execution-flaw/108960

  25. Fox-Brewster, Thomas. "RansomWeb: Crooks Start Encrypting Websites And Demanding Thousands Of Dollars From Businesses". Forbes.com. Retrieved 1 February 2015. https://www.forbes.com/sites/thomasbrewster/2015/01/28/ransomweb-50000-dollar-extortion/

  26. Gallagher, Sean (13 April 2015). "Universal backdoor for e-commerce platform lets hackers shop for victims". arstechnica. Retrieved 14 April 2015. https://arstechnica.com/security/2015/04/universal-backdoor-for-e-commerce-platform-lets-hackers-shop-for-victims/

  27. "Testing Your SSL Encryption Can Provide Important Security Insights". IBM Security Intelligence. 15 December 2015. Retrieved 15 December 2015. https://securityintelligence.com/testing-your-ssl-encryption-can-provide-important-security-insights/

  28. "High-Tech Bridge Grades Email Services on Security, Gives Fastmail Top Score". Talkin Cloud. 3 December 2015. Archived from the original on 6 December 2015. Retrieved 3 December 2015. https://web.archive.org/web/20151206054854/http://talkincloud.com/cloud-computing-security/high-tech-bridge-grades-email-services-security-gives-fastmail-top-score