ImmuniWeb is a global application security company headquartered in

Geneva, Switzerland Geneva ( , ; ) ; ; . is the second-most populous city in Switzerland and the most populous in French-speaking Romandy. Situated in the southwest of the country, where the Rhône exits Lake Geneva, it is the capital of the Republic and Ca ...

. ImmuniWeb develops

machine learning Machine learning (ML) is a field of study in artificial intelligence concerned with the development and study of Computational statistics, statistical algorithms that can learn from data and generalise to unseen data, and thus perform Task ( ...

and AI technologies for

SaaS Software as a service (SaaS ) is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. SaaS is usually accessed via a web application. Unlike oth ...

-based application security solutions provided via its proprietary ImmuniWeb AI Platform.

Early Security Research

Security Advisories

The ImmuniWeb Security Research Team (formerly known as High-Tech Bridge) has released over 500 security advisories affecting various software, with issues identified in products from many well-known vendors, such as

Sony is a Japanese multinational conglomerate (company), conglomerate headquartered at Sony City in Minato, Tokyo, Japan. The Sony Group encompasses various businesses, including Sony Corporation (electronics), Sony Semiconductor Solutions (i ...

McAfee McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American proprietary software company focused on online ...

Novell Novell, Inc. () was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi-platform network operating system known as NetWare. Novell technolog ...

, in addition to many web vulnerabilities affecting popular open source and commercial web applications, such as osCommerce,

Zen Cart Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components. Support is provided for numerous languages and currencies, and it is freely available under the GNU General Public License. History Zen C ...

Microsoft SharePoint SharePoint is a collection of enterprise content management and knowledge management tools developed by Microsoft. Launched in 2001, it was initially bundled with Windows Server as Windows SharePoint Server, then renamed to Microsoft Office S ...

, SugarCRM and others. The Security Research Lab was registered as CVE and CWE compatible by

MITRE The mitre (Commonwealth English) or miter (American English; American and British English spelling differences#-re, -er, see spelling differences; both pronounced ; ) is a type of headgear now known as the traditional, ceremonial headdress of ...

. It is one of only 24 organizations, globally, and the first in Switzerland, that has been able to achieve CWE certification. The company is listed among 81 organizations, as of August 2013, that include CVE identifiers in their security advisories.

Free Online Services and Related Research

ImmuniWeb launched an SSL/TLS configuration testing tool in October 2015. The tool can validate email, web or any other TLS or SSL server configuration against

NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...

guidelines and checks PCI DSS compliance, it was cited in articles covering the TalkTalk data breach.

Security and Privacy Research

The discovery of vulnerabilities in

Yahoo! Yahoo (, styled yahoo''!'' in its logo) is an American web portal that provides the search engine Yahoo Search and related services including My Yahoo, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Sports, y!entertainment, yahoo!life, and its a ...

sites by the company was widely reported, leading to the ''t-shirt gate'' affair and changes in Yahoo's bug bounty program. The firm identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25. The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called ''t-shirt-gate'', a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. The company's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria. In December 2013, the firm's research on privacy in popular social networks and email services was cited in a

class action A class action is a form of lawsuit. Class Action may also refer to: * ''Class Action'' (film), 1991, starring Gene Hackman and Mary Elizabeth Mastrantonio * Class Action (band), a garage house band * "Class Action" (''Teenage Robot''), a 2002 e ...

lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network. In October 2014, the company discovered a Remote Code Execution vulnerability in

PHP PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by the PHP Group. ...

. In December 2014, they identified the RansomWeb attack, a development of

Ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...

attacks, where hackers have started taking over web servers, encrypting the data on them and demanding payment to unlock the files. In April 2014, the discovery of sophisticated

Drive-by download In computer security, a drive-by download is the unintended download of software, typically Malware, malicious software. The term "drive-by download" usually refers to a download which was authorized by a user without understanding what is being ...

attacks, revealed how drive-by download attacks are used to target specific website visitors after their authentication on a compromised web resource. In December 2015, the company tested the most popular free email service providers, for SSL/TLS email encryption. Hushmail, previously considered as one of the most secure email providers, received a failing "F" grade. Just after, the company updated its SSL configuration and received a score of "B+".

References

{{Reflist

External links