Attack Surface Management, Dark Web Monitoring, and Application Penetration Testing
by Dr. Ilia Kolochenko, CEO and Chief Architect, ImmuniWeb
ImmuniWeb SA is a global application security company headquartered in Geneva, Switzerland. The company is profitable, cashflow positive and rapidly growing since its incorporation in 2019. The award-winning ImmuniWeb® AI Platform helps over 1,000 customers from more than 50 countries to discover, test and protect their web and mobile applications, APIs and micro services, cloud and network infrastructure, and third-party systems processing corporate data.
Providing one of the most comprehensive offering in the industry, the Platform covers 20 use cases related to cybersecurity, compliance and privacy:
- API Penetration Testing
- API Security Scanning
- Attack Surface Management
- Cloud Penetration Testing
- Cloud Security Posture Management
- Continuous Penetration Testing
- Cyber Threat Intelligence
- Dark Web Monitoring
- Digital Brand Protection
- GDPR Penetration Testing
- Mobile Penetration Testing
- Mobile Security Scanning
- Network Security Assessment
- PCI DSS Penetration Testing
- Phishing Websites Takedown
- Red Teaming Exercise
- Software Composition Analysis
- Third-Party Risk Management
- Web Penetration Testing
- Web Security Scanning
ImmuniWeb’s proprietary technology is a recipient of numerous awards and industry recognitions for practical usage of AI, including Gartner Cool Vendor, IDC Innovator and SC Awards Europe. Our Machine Learning technology stack considerably reduces application security costs of our customers by intelligent automation of laborious and time-consuming tasks, significantly accelerating those tasks in parallel.
ImmuniWeb AI platform consists of five web and mobile application security products:
ImmuniWeb® Discovery
ImmuniWeb® Discovery leverages OSINT and our award-winning AI technology to illuminate attack surface and Dark Web exposure of a company. The non-intrusive and production-safe discovery is a perfect fit both for continuous self-assessment and vendor risk scoring to prevent supply chain attacks.
Advantages:
- Prevent Data Breaches. Get instant alerts on vulnerable or misconfigured IT assets
- Simplify Compliance. Meet visibility, inventory & security monitoring requirements
- Outpace Cybercriminals. Respond without delay to security incidents, data leaks or phishing
- Cut Operational Costs. Get a helicopter view of your assets for risk-based pentesting and patching
- Minimize Human Risk. Receive instant alerts on shadow IT, abandoned or forgotten assets
- Prevent Supply Chain Attacks. Perform in-depth security scoring of your vendors and suppliers
Features:
- Attack Surface Management. Detect, map and classify your on-prem and cloud IT assets
- Continuous Security Monitoring. Detect misconfigured or vulnerable IT assets
- Vendor Risk Scoring. Discover insecure third parties that process your data
- Dark Web Monitoring. Detect stolen data and credentials, and compromised systems
- Brand Protection. Detect online misuse of your brand and take down phishing websites
ImmuniWeb® Neuron
ImmuniWeb® Neuron unleashes the power of Machine Learning and AI to take automated web vulnerability scanning to the next level. While detecting more vulnerabilities compared to traditional web scanners, every web vulnerability scan by Neuron is equipped with a contractual zero false-positives SLA.
Advantages:
- Zero False-Positives SLA. Money-Back Guarantee for a single false positive
- AI-Driven Testing. Deep Learning engine detects sophisticated vulnerabilities
- 24/7 Expert Assistance. Our security analysts will help your software developers
- Unlimited Scalability. Simultaneous web scanning of hundreds or thousands apps
- DevSecOps Native. Full automation of testing and CI/CD pipeline integrations
Features:
- APIs & Web Services. Find security flaws in your microservices and APIs
- Single Page Apps. Detect vulnerabilities in SPA and Ajax apps
- Cloud-Native Apps. Test your full web stack at AWS, Azure or GCP
- Authenticated Scans. Manual authentication scripts, SSO & MFA scanning
- Open-Source Security. Discover security risks in open source you use
- SDLC Automation. Integrate fully automated scanning into your CI/CD pipeline
ImmuniWeb® On-Demand
ImmuniWeb® On-Demand leverages our award-winning Machine Learning technology to accelerate and enhance web penetration testing. Every pentest is easily customizable and provided with a zero false-positives SLA. Unlimited patch verifications and 24/7 access to our security analysts are included into every project.
Advantages:
- In-Depth Testing. Business logic testing, SANS Top 25, PCI DSS & OWASP coverage
- Zero False-Positives SLA. Money-Back Guarantee for a single false positive
- Actionable Reporting. Tailored remediation guidelines and 24/7 access to analysts
- Rapid Delivery SLA. Guaranteed execution schedule and report delivery
- DevSecOps Native. SDLC and CI/CD tools integration, WAF for mobile backend flaws
Features:
- Internal & External Web Apps. Virtual Appliance technology for internal applications testing
- Cloud Security Testing. Check if attackers can pivot to other systems in your cloud
- APIs & Web Services. API (REST/SOAP/GraphQL) security & privacy testing
- Black & White Box. Authenticated (including MFA/SSO) or Black Box testing
- Open Source Security. Software Composition Analysis (SCA) tests for 20,000+ known CVE-IDs
- Red Teaming. Breach and attack simulation per MITRE ATT&CK® Enterprise
ImmuniWeb® MobileSuite
ImmuniWeb® MobileSuite leverages our award-winning Machine Learning technology to accelerate and enhance mobile penetration testing. Every pentest is easily customizable and provided with a zero false-positives SLA. Unlimited patch verifications and 24/7 access to our security analysts are included into every project.
Advantages:
- In-Depth Testing. Business logic testing, SANS Top 25, PCI DSS & OWASP coverage
- Zero False-Positives SLA. Money-Back Guarantee for a single false positive
- Actionable Reporting. Tailored remediation guidelines and 24/7 access to analysts
- Rapid Delivery SLA. Guaranteed execution schedule and report delivery
- DevSecOps Native. SDLC and CI/CD tools integration, WAF for mobile backend flaws
Features:
- Mobile App Security. Static, dynamic and interactive security testing with SCA
- Mobile Backend Security. Comprehensive testing of mobile app’s endpoints
- Privacy and Encryption. Detailed analysis of privacy and encryption problems
- Black & White Box. Authenticated (including MFA/SSO) or Black Box testing
- Open Source Security. Software Composition Analysis (SCA) tests for 20,000+ known CVE-IDs
- Red Teaming. Breach and attack simulation per MITRE ATT&CK® Mobile
ImmuniWeb® Continuous
ImmuniWeb® Continuous monitors your web applications and APIs for new code or modifications. Every change is rapidly tested, verified and dispatched to your team with a zero false-positives SLA. Unlimited 24/7 access to our security analysts for customizable and threat-aware pentesting is included into every project.
Advantages:
- In-Depth Testing. Business logic testing, SANS Top 25, PCI DSS & OWASP coverage
- Zero False-Positives SLA. Money-Back Guarantee for a single false positive
- Actionable Reporting. Tailored remediation guidelines and 24/7 access to analysts
- Rapid Delivery SLA. Guaranteed execution schedule and report delivery
- DevSecOps Native. SDLC and CI/CD tools integration, WAF for mobile backend flaws
Features:
- Internal & External Web Apps. Virtual Appliance technology for internal applications testing
- Cloud Security Testing. Check if attackers can pivot to other systems in your cloud
- APIs & Web Services. API (REST/SOAP/GraphQL) security & privacy testing
- Black & White Box. Authenticated (including MFA/SSO) or Black Box testing
- Open Source Security. Software Composition Analysis (SCA) tests for 20,000+ known CVE-IDs
- Red Teaming. Breach and attack simulation per MITRE ATT&CK® Enterprise
ImmuniWeb Community Edition
Our free Community Edition helps SMEs, universities and municipal governments to test their cybersecurity, privacy and compliance at no cost, currently running over 100,000 daily tests.
Cloud Security Test
Free Cloud Security Test detects unprotected or misconfigured cloud storage in AWS, Azure, GCP and other cloud storages.
- Detect Unprotected Cloud Storage
- Discover Shadow Cloud Accounts
- Detect IAM Misconfigurations
- Prevent Data Leaks and Breaches
Website Security Test
Free Website Security Test checks your website for GDPR and PCI DSS compliance, security, and privacy.
- GDPR & PCI DSS Test
- Website CMS Security Test
- CSP & HTTP Headers Check
- WordPress & Drupal Scanning
Mobile App Security Test
Free Mobile App Security Test audits your iOS or Android apps for OWASP Mobile Top 10 and other vulnerabilities.
- iOS/Android Security Test
- OWASP Mobile Top 10 Test
- Mobile App Privacy Check
- Static & Dynamic Mobile Scan
Dark Web Exposure Test
Free Dark Web Exposure Test monitors and detects your Dark Web exposure, phishing, and possible domain squatting.
- Dark Web Exposure Monitoring
- Phishing Detection and Monitoring
- Domain Squatting Monitoring
- Trademark Infringement Monitoring
SSL Security Test
Free SSL Security Test checks your servers for security and compliance with PCI DSS, HIPAA & NIST.
- Web Server SSL Test
- Email Server SSL Test
- SSL Certificate Test
- PCI DSS, HIPAA & NIST Test
ImmuniWeb also contributes to sustainable development of the cybersecurity industry via its strategic partnerships with such organizations as the UN ITU, CyberPeace Institute, national CERTs and law enforcement agencies.
About the Author
Dr. Ilia Kolochenko is a Swiss application security expert and entrepreneur with over 15 years of experience in information security auditing and digital forensics. Holds a Bachelor of Computer Science and Mathematics degree from Webster University, a Master of Legal Studies degree from Washington University in St. Louis School of Law, a Master of Science in Criminal Justice degree from Boston University, an LLM in Information Technology from University of Edinburgh Law School, and a PhD in Computer Science from Capitol Technology University.
Member of Europol Data Protection Experts Network (EDEN), Member of GIAC Advisory Board and SANS CISO Network, Committee Member at Boston University MET CIC Center, Appeals Board Member and CIPP exam item writer at the International Association of Privacy Professionals (IAPP).
Author of over 50 articles on application security and cybercrime investigations for leading cybersecurity magazines, including CSO Online, Dark Reading and SC Media, Forbes.
Certified Information Privacy Professional (CIPP/US, CIPP/Europe, CIPP/Asia, CIPP/Canada). Holder of multiple GIAC cybersecurity certifications (GDAT, GCPN, GPCS, GCSA, GCTI, GMOB and GLEG).
More about Dr. Ilia Kolochenko