ImmuniWeb is a global application security company headquartered in

Geneva, Switzerland , neighboring_municipalities= Carouge, Chêne-Bougeries, Cologny, Lancy, Grand-Saconnex, Pregny-Chambésy, Vernier, Veyrier , website = https://www.geneve.ch/ Geneva ( ; french: Genève ) frp, Genèva ; german: link=no, Genf ; it, Ginevra ...

. ImmuniWeb develops Machine Learning and AI technologies for SaaS-based application security solutions provided via its proprietary ImmuniWeb AI Platform.

Early Security Research

Security Advisories

The ImmuniWeb Security Research Team (formerly known as High-Tech Bridge) has released over 500 security advisories affecting various software, with issues identified in products from many well-known vendors, such as Sony, McAfee Novell, in addition to many web vulnerabilities affecting popular open source and commercial web applications, such as osCommerce, Zen Cart, Microsoft SharePoint, SugarCRM and others. The Security Research Lab was registered as CVE and CWE compatible by

MITRE The mitre (Commonwealth English) (; Greek: μίτρα, "headband" or "turban") or miter (American English; see spelling differences), is a type of headgear now known as the traditional, ceremonial headdress of bishops and certain abbots in ...

. It is one of only 24 organizations, globally, and the first in Switzerland, that has been able to achieve CWE certification. The company is listed among 81 organizations, as of August 2013, that include CVE identifiers in their security advisories.

Free Online Services and Related Research

ImmuniWeb launched an SSL/TLS configuration testing tool in October 2015. The tool can validate email, web or any other TLS or SSL server configuration against

NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sc ...

guidelines and checks

PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council and its use ...

compliance, it was cited in articles covering the TalkTalk data breach.

Security and Privacy Research

The discovery of vulnerabilities in

Yahoo! Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo! Inc. (2017–present), Yahoo Inc., which is 90% owned by investment funds ma ...

sites by the company was widely reported, leading to the ''t-shirt gate'' affair and changes in Yahoo's bug bounty program. The firm identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25. The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called ''t-shirt-gate'', a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. The company's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria. In December 2013, the firm's research on privacy in popular social networks and email services was cited in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network. In October 2014, the company discovered a Remote Code Execution vulnerability in PHP. In December 2014, they identified the RansomWeb attack, a development of

Ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...

attacks, where hackers have started taking over web servers, encrypting the data on them and demanding payment to unlock the files. In April 2014, the discovery of sophisticated

Drive-by download Drive-by download is of two types, each concerning the unintended download of computer software from the Internet: # Authorized drive-by downloads are downloads which a person has authorized but without understanding the consequences (e.g. down ...

attacks, revealed how drive-by download attacks are used to target specific website visitors after their authentication on a compromised web resource. In December 2015, the company tested the most popular free email service providers, for SSL/TLS email encryption.

Hushmail Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender (either both are Hushma ...

, previously considered as one of the most secure email providers, received a failing "F" grade. Just after, the company updated its SSL configuration and received a score of "B+".

References

{{Reflist

External links