A cloud-based web application security assessment service has been launched by High-Tech Bridge.

Combining automated vulnerability scanning and manual penetration testing, it said that the beta of ImmuniWeb brings ethical hacking within the reach of any small to medium business and users, while the hybrid approach significantly reduces the rate of false-negatives and eliminates false-positives in assessment reports.

It also claimed that its assessment results can be used to establish whether a full in-depth penetration test or source code review is required. It consists of three interconnected components: the ImmuniWeb Portal which is used to manage the security assessment process from configuration and secure online payment to report delivery; the Security Scanner which evolves with each security assessment; and a team of High-Tech Bridge web security experts who thoroughly monitor the scanner progress and behaviour.

Ilia Kolochenko, CEO of High-Tech Bridge, said: “Today many SMBs are unfairly prevented from securing their websites due to low budgets, lack of in-house technical skills or administrative restrictions. ImmuniWeb will enable SMBs to secure their websites in a simple, efficient and cost-effective manner.

“Website developers and owners want to know that they can rely on an assessment report to cover what the issues are and how to go about addressing them – they should not have to read complicated technical reports, full of security jargon. Details on how any detected vulnerability can be exploited and recommended fixes are provided by our security auditors in an easy-to-understand format, which is especially useful for individuals unfamiliar with web security.

“At the same time we strictly follow industry best-practises and standards, such as CVE and CWE Compatibility certifications, which we have recently obtained for ImmuniWeb.”