ImmuniWeb

The ImmuniWeb Security Research Team (formerly known as High-Tech Bridge) has released over 500 security advisories{{cite web|title=Packet Storm - Files from High-Tech Bridge SA |url=https://packetstormsecurity.com/files/author/8035/ |publisher=PacketStorm.org |accessdate=20 February 2016}} affecting various software, with issues identified in products from many well-known vendors, such as Sony,{{cite web|title=Security Update Program for VAIO® Personal Computers|url=http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946|website=esupport.sony.com|publisher=Sony|accessdate=20 January 2015}} McAfee{{cite web|title=McAfee Security Bulletin - McAfee MVT & ePO-MVT update fixes an "Escalation of Privileges" vulnerability|url=https://kc.mcafee.com/corporate/index?page=content&id=SB10040|website=kc.mcafee.com|publisher=McAfee|accessdate=20 January 2015}} Novell,{{cite web|title=Security Vulnerability: GroupWise Client for Windows Remote Untrusted Pointer Dereference Vulnerability|url=https://www.novell.com/support/kb/doc.php?id=7011687|website=www.novell.com|publisher=Novell|accessdate=20 January 2015}} in addition to many web vulnerabilities affecting popular open source and commercial web applications, such as osCommerce,{{Cite web |url=http://www.securityweek.com/rce-sqli-flaws-found-popular-web-apps |title=Researchers at Swiss-based security firm High-Tech Bridge have identified serious vulnerabilities in several popular web applications |publisher=SecurityWeek |accessdate=20 February 2016}} Zen Cart,{{Cite web |url=http://betanews.com/2015/11/25/critical-zen-cart-vulnerability-could-spell-black-friday-disaster-for-online-shoppers/ |title=Critical Zen Cart vulnerability could spell Black Friday disaster for online shoppers |publisher=BetaNews |accessdate=20 February 2016}} Microsoft SharePoint, SugarCRM and others.

The Security Research Lab was registered as CVE and CWE compatible by MITRE.{{cite web|title=Product from High-Tech Bridge Now Registered as Officially "CWE-Compatible"|url=http://cwe.mitre.org/news/archives/news2012.html#20120827a|publisher=MITRE|accessdate=7 August 2014}} It is one of only 24 organizations, globally, and the first in Switzerland, that has been able to achieve CWE certification.

The company is listed among 81 organizations, as of August 2013, that include CVE identifiers in their security advisories.{{Cite web |url=http://www.cve.mitre.org/compatible/alerts_announcements.html |title=Organizations with CVE Identifiers in Advisories |date=26 June 2013 |accessdate=1 September 2013 |archive-date=7 August 2013 |archive-url=https://web.archive.org/web/20130807180322/http://cve.mitre.org/compatible/alerts_announcements.html |url-status=dead }}

ImmuniWeb launched an SSL/TLS configuration testing tool in October 2015.{{cite web|title=Free PCI and NIST compliant SSL test|url=http://www.net-security.org/secworld.php?id=19009|website=Help Net Security|accessdate=23 October 2015}} The tool can validate email, web or any other TLS or SSL server configuration against NIST guidelines and checks PCI DSS compliance, it was cited in articles covering the TalkTalk data breach.{{cite web|title=TalkTalk boss receives ransom demand as massive customer data breach deepens|url=http://www.theinquirer.net/inquirer/news/2431728/talktalk-ddos-hack-leaves-four-million-customers-at-risk|archive-url=https://web.archive.org/web/20151024163202/http://www.theinquirer.net/inquirer/news/2431728/talktalk-ddos-hack-leaves-four-million-customers-at-risk|url-status=unfit|archive-date=October 24, 2015|website=The Inquirer|accessdate=23 October 2015}}{{cite web|title=TalkTalk CEO admits security fail, says hacker emailed ransom demand|url=https://www.theregister.co.uk/2015/10/23/talktalk_ceo_apologises/|website=The Register|accessdate=23 October 2015}}

{{anchor|yahoo t-shirt gate}}The discovery of vulnerabilities in Yahoo! sites by the company was widely reported,{{Cite web |url=http://www.v3.co.uk/v3-uk/news/2298445/yahoo-to-pay-up-to-usd15-000-for-bug-finds-after-t-shirt-gate-scandal |title=Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal |date=3 October 2013}}{{Cite web |url=http://www.pcworld.com/article/2051880/yahoo-abandons-tshirt-rewards-for-vulnerability-information.html |title=Yahoo security bounty program ditches T-shirts for cash |first=Jeremy |last=Kirk |date=3 October 2013 |accessdate=19 October 2013}} leading to the t-shirt gate affair and changes in Yahoo's bug bounty program. The firm identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25.{{Cite news |url=http://securitywatch.pcmag.com/hacking/316421-yahoo-offers-sad-bug-bounty-12-50-in-company-swag |title=Yahoo Offers Sad Bug Bounty: $12.50 in Company Swag |date=1 October 2013 |first=Neil J. |last=Rubenking |accessdate=19 October 2013 |work=PC Magazine}}{{Cite web |url=https://venturebeat.com/2013/10/01/i-reported-a-major-yahoo-security-vulnerability-and-all-i-got-was-this-lousy-t-shirt/ |title=I reported a major Yahoo security vulnerability and all I got was this lousy T-shirt |date=1 October 2013 |first=Ricardo |last=Bilton |accessdate=19 October 2013}}{{Cite web |url=http://www.geekwire.com/2013/researchers-find-critical-vulnerabilities-yahoos-site-offered-1250-bug/ |title=Researchers find critical vulnerabilities in Yahoo's site, offered $12.50 per bug |date=1 October 2013 |first=Blair Hanley |last=Frank |accessdate=19 October 2013}}{{Cite web |url=http://wallstreetpr.com/yahoo-inc-nasdaqyhoo-removes-bugs-identified-by-high-tech-bridge-9663 |title=Yahoo! Inc. (NASDAQ:YHOO) Removes Bugs Identified By High Tech Bridge |date=7 October 2013 |first=Steve |last=Hackney |accessdate=19 October 2013}} The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called t-shirt-gate,{{Cite web |url=https://www.zdnet.com/article/yahoo-changes-bug-bounty-policy-following-t-shirt-gate/ |title=Yahoo changes bug bounty policy following 't-shirt gate' |first= Charlie |last=Osborne |website=ZDNet |date=3 October 2013 |access-date=19 October 2013}} a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. The company's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria.{{Cite web |url=http://yahoodevelopers.tumblr.com/post/62953984019/so-im-the-guy-who-sent-the-t-shirt-out-as-a-thank-you |title=So I'm the guy who sent the t-shirt out as a thank you |first=Ramses |last=Martinez |date=2 October 2013 |accessdate=19 October 2013}}

In December 2013, the firm's research{{Cite web |url=https://www.htbridge.com/news/social_networks_can_robots_violate_user_privacy.html |archive-url=https://archive.today/20130903073506/https://www.htbridge.com/news/social_networks_can_robots_violate_user_privacy.html |url-status=dead |archive-date=2013-09-03 |title=Social networks: can robots violate user privacy? |access-date=2014-01-13 }} on privacy in popular social networks and email services was cited{{Cite web|url=http://news.cnet.com/8301-1023_3-57616496-93/facebook-sued-for-allegedly-intercepting-private-messages/ |title= Facebook sued for allegedly intercepting private messages}}{{Cite web|url=http://video.cnbc.com/gallery/?video=3000236311 |title=Is Facebook spying on you? |publisher=CNBC}} in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network.

In October 2014, the company discovered a Remote Code Execution vulnerability in PHP.{{cite web|last1=Brook|first1=Chris|title=PHP patches buffer overflow vulnerabilities|url=https://threatpost.com/php-patches-vulnerabilities-including-remote-code-execution-flaw/108960|website=threatpost|accessdate=27 October 2014}} In December 2014, they identified the RansomWeb attack,{{cite web|title= RansomWeb: Crooks Start Encrypting Websites And Demanding Thousands Of Dollars From Businesses |last1=Fox-Brewster|first1=Thomas|url=https://www.forbes.com/sites/thomasbrewster/2015/01/28/ransomweb-50000-dollar-extortion/|website=Forbes.com|accessdate=1 February 2015}} a development of Ransomware attacks, where hackers have started taking over web servers, encrypting the data on them and demanding payment to unlock the files.

In April 2014, the discovery{{cite news|last1=Gallagher|first1=Sean|title=Universal backdoor for e-commerce platform lets hackers shop for victims|url=https://arstechnica.com/security/2015/04/universal-backdoor-for-e-commerce-platform-lets-hackers-shop-for-victims/|accessdate=14 April 2015|publisher=arstechnica|date=13 April 2015}} of sophisticated Drive-by download attacks, revealed how drive-by download attacks are used to target specific website visitors after their authentication on a compromised web resource.

In December 2015, the company tested the most popular free email service providers, for SSL/TLS email encryption.{{cite web |title=Testing Your SSL Encryption Can Provide Important Security Insights |url=https://securityintelligence.com/testing-your-ssl-encryption-can-provide-important-security-insights/ |accessdate= 15 December 2015|publisher=IBM Security Intelligence |date=15 December 2015}} Hushmail, previously considered as one of the most secure email providers, received a failing "F" grade. Just after, the company updated its SSL configuration and received a score of "B+".{{cite web |title=High-Tech Bridge Grades Email Services on Security, Gives Fastmail Top Score |url=http://talkincloud.com/cloud-computing-security/high-tech-bridge-grades-email-services-security-gives-fastmail-top-score |accessdate=3 December 2015 |publisher=Talkin Cloud |date=3 December 2015 |archive-date=6 December 2015 |archive-url=https://web.archive.org/web/20151206054854/http://talkincloud.com/cloud-computing-security/high-tech-bridge-grades-email-services-security-gives-fastmail-top-score |url-status=dead }}

{{Reflist}}

• [https://www.immuniweb.com/ Official website]

• Penetration test

Category:Computer security companies

Category:Computer security software companies

Category:Companies based in Geneva

Category:Swiss brands

Category:Software companies established in 2019

Category:Swiss companies established in 2019