ImmuniWeb's AI Platform Illuminates Attack Surface and Delivers Risk-Based App & Website Penetration Testing

TL; DR: ImmuniWeb SA offers a full stack of application security solutions, including web and mobile application security penetration testing, Attack Surface Management (ASM), and Dark Web monitoring. Since its founding in 2019, the company has grown exponentially. For instance, its Community Edition had 10,000 daily security tests last year, and now averages more than 100,000 tests a day. ImmuniWeb’s AI-driven solutions are mostly tailored for medium and large customers from highly regulated industries, while its free Community Edition benefits SMEs, small local governments, academic researchers and universities, and individual software developers. The company continues to streamline its processes by adding more machine-learning and AI capabilities to intelligently automate laborious tasks while bringing in human experts for more challenging and novel issues.

Technology is advancing at such a tremendous pace that many companies pick up software solutions without testing or considering their safety — products also known as shadow IT. Some large enterprises use as many as 1,200 applications, with up to 98% of those falling into the shadow IT category. And Gartner anticipates that one-third of all cyberattacks will occur through those channels.

ImmuniWeb SA is a global application security company that offers one-time and subscription-based solutions to help bring those enterprise problems out of the shadows. It has a wide range of services and offers for highly regulated industries such as banking or healthcare, while foundational products labeled as “Community Edition” are all offered online for free.

ImmuniWeb believes that everyone should have access to the most reliable security information, so they can navigate the digital world with confidence and peace of mind.

“We offer a full stack of application security solutions including testing, protection, and compliance for web and mobile applications, API and IoT apps,” said Ilia Kolochenko, Chief Architect and Founder of ImmuniWeb, who has just started his doctoral degree in cybersecurity. “The advantage is that you have all of these products interconnected on the single platform available 24/7, mutually supporting and enhancing each other. And you can easily respond to security issues without having to expend the time and paperwork that goes into traditional solutions.”

That versatility is now necessary, as cyberattacks have risen by an estimated 400% in the last eight months, according to the FBI. The traditional approach was for a business to build an advanced IT presence and then add more security experts. But many companies say they can stay on budget by outsourcing the security expertise so they can focus on their value proposition.

ImmuniWeb is a trusted partner for many businesses and developers, which is why it has expanded rapidly over the last year. The digital world has changed during the COVID-19 pandemic, and many companies need to reassess security with a workforce that no longer meets in the office.

Significant changes have left openings for security breaches, but with ImmuniWeb’s solutions that can all be easily configured, securely paid, and easily consumed online, more businesses can stay ahead of even the smartest cybercriminals.

ImmuniWeb offers its solutions for a range of customer needs. Students, SMEs, and researchers can use its Community Edition to test web and mobile apps, check encryption, or explore the Dark Web. Its premium services, offering in-depth testing, actionable reporting, and 24/7 access to security analysts, have helped enterprise clients like eBay and PwC.

“Last year, we had about 10,000 daily tests with our Community Edition. At the beginning of this year, we had about 50,000 daily tests. And today, we’re running closer to 100,000 tests per day,” Ilia said. “We see people who are just starting in software development; we see small government entities and SMEs, and enterprises from developing countries. We’re trying to contribute to the cybersecurity community, bring awareness, and create a sustainable industry.”

One of ImmuniWeb’s key offerings is its AI-enabled Attack Surface Management solution called ImmuniWeb Discovery. The solution offers comprehensive visibility of all externally visible IT, digital, and cloud assets of a company, enhanced with a holistic snapshot of Dark Web exposure and security incidents such as phishing or brand infringement. Now, companies can have full transparency about what information is out there that shouldn’t be, as well as what cybercriminals or unscrupulous competitors are doing.

“Just by entering your company name, you can see all of your external assets: websites, APIs, cloud storage, VPNs, and IoT devices — everything that is visible from the internet,” Ilia said. “This is extremely important today to understand what hackers see, and we provide this in a very inclusive and easily-consumable manner. We then offer risk scoring and classifications of your assets, so you can implement a risk-based and threat-aware remediation.”

ImmuniWeb not only provides clients with relevant information, but also offers recommendations with detailed action steps to remove vulnerabilities, which can also be effortlessly patched by leveraging ImmuniWeb’s technology alliances with the leading Web Application Firewall (WAF) companies. And it does all this while maintaining a zero false-positive contractual guarantee, so customers never see a red flag unless something is wrong.

Many companies are racing to develop new cloud-hosted AI and machine-learning platforms, but ImmuniWeb believes that human ingenuity should continue to play a significant role in data security. ImmuniWeb’s products push recent advances in AI and machine learning, but they don’t attempt to entirely replace the human element.

The company believes that nothing beats the experience of someone who has worked in the field and understands how a real hacker thinks.

“We successfully use machine learning that has been highlighted by Gartner, Forrester, and IDC for its pioneering approach to deliver measurable benefits and value to our customers,” Ilia said. “We do not believe that in cybersecurity AI can fully replace people within the next decade; however, we do believe that many redundant and time-consuming tasks can, and should be, automated. We created and trained specific machine-learning models to intelligently automate numerous laborious tasks. But we’re not trying to eliminate people, we are trying to make human intelligence scalable and cost-efficient.”

By streamlining the process, and using AI where it is most efficient, ImmuniWeb has helped reduce the cost of tests while still offering the highest quality. AI accomplishes specific tasks, and people can focus on the problems that only people can solve. It’s better for employees and more cost-effective for clients.

“This is much of the reason why we can offer the best quality at the best price with a shorter time of delivery,” Ilia said. “When our customers benchmark us against competitors, we have never been outperformed.”

ImmuniWeb makes a point of not just being another startup. That’s why it doesn’t exchange products or marketing materials for your PII. If businesses need advanced, personalized reports or experts to work on their projects, they can sign up for a premium tier. But if they need foundational tests, the most important ones are free.

“We’re also proud of our Community Edition, which is a set of free security tests. It is important because we don’t see ourselves as a traditional startup that’s in it only for the money,” Ilia said. “We offer foundational web and mobile security and privacy tests to everyone for free. You don’t even need to create an account to test your mobile application or website in a few clicks unless you want a detailed, ImmuniWeb-branded report or in-depth testing.”

ImmuniWeb’s Community Edition offers four online tests: website, mobile app, SSL, and Dark Web exposure. And by default, businesses need not provide an email address or a credit card number. That means anyone can leave the platform with confidence and peace of mind, knowing their websites and apps are safe.

Enterprise businesses and freelance web developers deserve to feel safe online, and everyone should have access to a wealth of security knowledge. That is why ImmuniWeb offers these Community Edition tests for free — because the web would be a better place if data security belonged to everyone.