ImmuniWeb® Discovery Packages
Continuous Threat Exposure Management
| ImmuniWeb® Discovery | Ultimate package | Corporate Pro package | ASM package | Dark Web package |
|---|---|---|---|---|
| Dashboard & API Access User-friendly dashboard with possibility to export any data in PDF and Microsoft Excel, as well as a JSON API to seamlessly integrate the findings with your on-prem or cloud systems, such as SIEM of GRC. |  | | | |
| Unlimited Users All user accounts may have granular access permissions to get access only to specific assets or groups of assets based on their roles and permissions in the company. | | | | |
| Attack Surface Monitoring (ASM) Comprehensive discovery of all your domain names and subdomains, web applications and APIs, mobile apps and their endpoints, network services and devices, cloud instances and services, and IoT devices visible from the Internet. | | | | |
| Cloud Security Posture Management Non-intrusive detection of exposed, misconfigured or vulnerable cloud instances across over 250 public cloud services providers on top of AWS, GCP and Microsoft Azure. | | | | |
| Continuous Security Monitoring Non-intrusive detection of outdated or vulnerable web and networks software with actionable vulnerability analytics, misconfigured network services and cloud resources, exposed databases and repositories, DNS configuration errors, SSL/TLS encryption weaknesses and privacy issues. | | | | |
| Repositories Monitoring Monitoring of most popular source code repositories, as well as cloud-specific and vendors-specific repositories, for accidentally or purposely leaked source code and other data. | | | ||
| Cyber Threat Intelligence Comprehensive collection of illicit activities targeting your organization, its employees, clients or partners in both Dark Web and Surface Web including special or niche social networks, Telegram, IRC and almost a hundred of other places where cyber threat actors usually gather, as well ongoing monitoring of several hundreds of Indicator of Compromise (IoC) feeds for presence of your corporate domains, IP addresses and other assets. | | | | |
| Dark Web Monitoring In-depth monitoring of the traditional Dark Web resources and other underground places for stolen information and credit cards, compromised systems, user accounts and credentials of your executives, VIPs and employees. | | | | |
| Phishing & Squatting Detection Rapid detection of phishing and other malicious websites mimicking your corporate identity or brand, as well as typo-squatted and cyber-squatted domains, fake accounts on social networks and on Web3. | | | | |
| Phishing Websites Takedown Takedown of malicious phishing websites by administrative and legal measures usually taking from 24 to 72 hours to deactivate the illicit resource. | | |||
| Advanced Incident Monitoring Monitoring of VIPs exposure, detection of leaked credit cards and other sensitive financial information, customized search for leaks and incidents on both the Dark Web and Surface Web. | | |||
| Incident Investigation Assistance Rapid help from our security analysts with investigations on the Dark Web when collection of further evidence, intelligence or insights is needed for incident response and investigation. | | |||
| Copyright Infringement Monitoring Detection of various resources on the Internet that may illegally reproduce your texts, images, videos, voices or other creative content, as well as usurping your trademarks or brands. | | |||
| Updates Frequency All data is available on the user-friendly dashboard with an export to PDF and Microsoft Excel, while being fully manageable via a JSON API. | 24/7 | Daily | Daily | Daily |
| Price per Company Up to 10,000 IT assets per company without limitations, flexible pricing for any assets on top of it. Standard subscription duration is one year. | 4,495 EUR / month | 2,495 EUR / month | 1,495 EUR / month | 1,495 EUR / month |
| Dashboard Ready Your dashboard will be available on this date (if you purchase today). | — | — | — | — |
ImmuniWeb® Neuron
Premium Web Application Security Scanning
- Full Scan Customization
- Authenticated Scans (SSO/MFA)
- Patch Verification Scans
- Web Security Scanning:
- AI-Based Fuzzing
- OWASP Top 10 Vulnerabilities
- OWASP Top 10 API Vulnerabilities
- Software Composition Analysis (SCA)
- Insecure HTTP Headers
- SSL/TLS Weaknesses
- Known Web Vulnerabilities Scanning:
- WordPress & 400+ Other Popular CMSs
- 150,000+ CMS Plugins & Themes
- 12,000+ JavaScript Libraries
- 10,000+ Known CVE-IDs
- Open Source Software Security Ratings
- Zero False-Positives SLA Money back
Contractual money-back guarantee for one single false positive.
- Risk-Based Prioritization of Findings
- Simple Instructions to Reproduce Findings
- Web, PDF, JSON, XML and CSV Reports
- Friendly Remediation Guidelines
- Screenshots and Raw HTTP Data
- Consolidated View of All Scans
- CVE and CWE Mapping
- CVSSv4 Scoring
- Patch Verification Scan Mode
- Turnkey CI/CD Automation
- Seamless DevSecOps Integration
- Access to Our Security Analysts
- RBAC Scan Management Dashboard
- Unlimited Dashboard Users
- Simple Scan Scheduling
- Recurrent Scans
- Email Alerts
| Annual Scan Subscription | Monthly Scan Subscription | |
| Scans per Target | Unlimited during 1 year | Unlimited during 1 month |
| Price per Target (FQDN) | 595 EUR | 395 EUR |
| Dashboard Ready | Today | Today |
ImmuniWeb® Neuron Mobile
Premium Mobile Application Security Scanning
- Full Scan Customization
- Authenticated Scans (SSO/MFA)
- Mobile Security Scanning:
- SAST Scanning
- DAST Scanning
- Software Composition Analysis (SCA)
- OWASP Mobile Top 10 Scanning
- OWASP MASVS Level 1 Testing
- Mobile App Privacy Analysis
- SSL/TLS Encryption Testing
- Endpoints & APIs Privacy Review
- Mobile App Compliance Review
- Open Source Software Security Ratings
- Zero False-Positives SLA Money back
Contractual money-back guarantee for one single false positive.
- Risk-Based Prioritization of Findings
- Simple Instructions to Reproduce Findings
- Web, PDF, JSON, XML and CSV Reports
- Friendly Remediation Guidelines
- Screenshots of Security Findings
- Consolidated View of All Scans
- CVE and CWE Mapping
- CVSSv4 Scoring
- Turnkey CI/CD Automation
- Seamless DevSecOps Integration
- Access to Our Security Analysts
- RBAC Scan Management Dashboard
- Unlimited Dashboard Users
- Simple Scan Scheduling
- Email Alerts
| Price per Scan | 99 EUR |
|---|---|
| Dashboard Ready | Today |
ImmuniWeb® On-Demand Packages
Threat-Led Web Application Penetration Testing
| ImmuniWeb® On-Demand | Ultimate | Corporate Pro | Corporate | Express Pro |
|---|---|---|---|---|
| Threat-Led Penetration Testing Our penetration testers will carefully review the unique risk profile of your organization and industry to simulate TTPs (Tactics, Techniques and Procedures) of the most relevant and sophisticated cyber-attacks that may target your organization specifically. | | |||
| AI-Powered Security Testing Since 2019, our award-winning Machine Learning technology accelerates and intelligently automates thousands of tests and checks of your web application security, which usually require human labor and cannot be performed by automated vulnerability scanners due to complexity. | | | | |
| OWASP ASVS Testing Level ASVS Level 1 is a foundational level of testing for simple applications with little or no confidential data | Level 3 | Level 3 | Level 2 | Level 1 |
| Manual Penetration Testing Our CREST-accredited security experts conduct advanced security testing of your web application’s business logic, perform chained exploitation of sophisticated vulnerabilities, and run other security and privacy checks that require human intelligence due to high complexity. | 10 days | 5 days | 3 days | 1 day |
| Report Writing The assessment report can be viewed or downloaded during the next 100 days following the Security Assessment completion. | 2 days | 8 hours | 4 hours | 2 hours |
| Unlimited Retesting During 100 days after delivery of your penetration testing report, you can schedule patch verification assessment to ensure and validate that all findings are properly fixed. | | | | |
| Penetration Test Certificate Once the detected vulnerabilities are fixed, you receive a penetration test certificate. | | | | |
| Network Security Assessment If your web applications or APIs are hosted on your own network infrastructure, the network server(s) hosting your web infrastructure will be tested for exposed, outdated or otherwise misconfigured network services. | | | ||
| Internal Web Application Testing If your web application or API is inaccessible from the Internet, our Virtual Appliance will be required to perform testing. | | | ||
| Testing of AI and LLM Models If your web application incorporates an AI-powered chatbot or otherwise interacts with an LLM model, our security experts will conduct testing of AI-specific threats as provided by the OWASP Top 10 list of threats for LLMs. | | |||
| Price per Penetration Test One penetration test may include one or several domains, subdomains or APIs. | 14,995 EUR | 5,995 EUR | 2,995 EUR | 995 EUR |
| Report Delivery Date Scheduled delivery date of your penetration testing report (if you purchase today). | — | — | — | — |
ImmuniWeb® MobileSuite Packages
Mobile Application Penetration Testing
| ImmuniWeb® MobileSuite | Ultimate | Corporate Pro | Corporate Designed for mobile application of small size and complexity, with one or two endpoints (e.g. APIs or web services) and one user role. | Express Pro |
|---|---|---|---|---|
| Threat-Led Penetration Testing Our penetration testers will carefully review the unique risk profile of your organization and industry to simulate TTPs (Tactics, Techniques and Procedures) of the most relevant and sophisticated cyber-attacks that may target your organization specifically. | | |||
| AI-Powered Security Testing Since 2019, our award-winning Machine Learning technology accelerates and intelligently automates thousands of tests and checks of your web and mobile application security, which usually require human labor and cannot be performed by automated vulnerability scanners due to complexity. | | | | |
| OWASP MASVS Testing Level MASVS (v1) Level 1 is a foundational level of testing for simple apps with little or no confidential data | L1, L2, R | L1, L2, R | L1, L2 | L1 |
| OWASP ASVS Testing Level ASVS Level 1 is a foundational level of testing for simple applications with little or no confidential data | Level 3 | Level 3 | Level 2 | Level 1 |
| Manual Penetration Testing: Mobile Application & Backend Our CREST-accredited security experts conduct advanced security testing of your mobile application’s business logic, perform reverse engineering and exploitation of your mobile application backend (e.g. APIs or web services), and run other security and privacy checks that require human intelligence due to high complexity. | 10 days | 5 days | 5 days | 3 days |
| Report Writing The assessment report can be viewed or downloaded during the next 100 days following the Security Assessment completion. | 2 days | 8 hours | 8 hours | 4 hours |
| Unlimited Retesting During 100 days after delivery of your penetration testing report, you can schedule patch verification assessment to ensure and validate that all findings are properly fixed. | | | | |
| Penetration Test Certificate Once the detected vulnerabilities are fixed, you receive a penetration test certificate. | | | | |
| Network Security Assessment If your mobile backend APIs are hosted on your own network infrastructure, the network server(s) hosting your backend infrastructure will be tested for exposed, outdated or otherwise misconfigured network services. | | | ||
| Testing on Physical Device If your mobile app requires to be tested on a physical device, Corporate Pro or Ultimate package is required due to additional time and resources required for such testing. | | | ||
| Resilience Mechanism Bypass If your mobile app has any resilience mechanisms (e.g. root, jailbreak or emulator detection, SSL pinning, code obfuscation, etc.), Corporate Pro or Ultimate package is required due to additional time and resources required for such testing. | | | ||
| Testing of AI and LLM Models If your mobile app incorporates an AI-powered chatbot or otherwise interacts with an LLM model, our security experts will conduct testing of AI-specific threats as provided by the OWASP Top 10 list of threats for LLMs. | | |||
| Price per Penetration Test A penetration test includes your mobile app and all its backend (e.g. APIs or web services where mobile app sends data). | 14,995 EUR | 9,995 EUR | 5,995 EUR | 2,995 EUR |
| Report Delivery Date Scheduled delivery date of your penetration testing report (if you purchase today). | — | — | — | — |
ImmuniWeb® Continuous
Continuous Web Scanning and Penetration Testing
| ImmuniWeb® Continuous | Penetration Testing Targets Penetration testing targets are web applications or APIs that are continually tested by human experts in addition to 24/7 automated security testing. Human expertise allows to detect the most sophisticated security vulnerabilities and cover all applicable tests and checks by OWASP ASVS (Level 3). | Automated Scanning Targets Automated scanning targets are web applications or APIs that are continually tested by our award-winning AI technology, providing a comprehensive detection of most common security vulnerabilities and weaknesses. |
|---|---|---|
| Manual Penetration Testing Our security experts conduct advanced security testing of your web application’s business logic, perform chained exploitation of sophisticated vulnerabilities, and run other security and privacy checks that require human intelligence due to high complexity. | | |
| OWASP ASVS Testing Level ASVS Level 1 is a foundational level of testing for simple applications with little or no confidential data | Level 3 | Level 1 |
| AI-Powered Security Testing Since 2019, our award-winning Machine Learning technology accelerates and intelligently automates thousands of tests and checks of your web application security, which usually require human labor and cannot be performed by automated vulnerability scanners due to complexity. | 24/7 | 24/7 |
| Access to Security Analysts Our security experts are at your service for any questions about remediation, exploitation or analysis of the detected vulnerabilities. | 24/7 | 24/7 |
| Continuous Automated Red Teaming Our AI-enabled technology automatically detects and prioritizes testing of your web infrastructure against the most recent hacking techniques and real-life payloads. | | |
| Continuous Breach & Attack Simulation Our security experts will carefully exploit detected vulnerabilities trying to bypass security controls, avoid detection mechanisms and exfiltrate data simulating a real attack. | | |
| Penetration Test Certificate Once the detected vulnerabilities are fixed, you receive a penetration test certificate. | | |
| Price per Target (FQDN) Each FQDN is a separate target that can be added as Penetration Testing Target or Automated Scanning Target. Standard subscription duration is one year. | 1,995 EUR / month | 199 EUR / month |
| Dashboard Ready Your dashboard will be available on this date (if you purchase today). | — | — |
ImmuniWeb is an efficient and very easy-to-use solution that combines automatic and human tests. The results are complete, straightforward and easy to understand. It’s an essential tool for the development of the new digital activities
Didier Ramella
CISO
ImmuniWeb is the best and simplest way to secure your business online. It's really fantastic experience to get report with zero false positive with detailed actions how to resolve problems and remove vulnerabilities. I think ImmuniWeb is definitely the best alternative to pen testers. As well as a way to save on staff and other costs. I am glad that I can get it all without any hidden costs and without complicated licensing schemes
Nika Vachridze
Senior Information Security Officer
ImmuniWeb provides accurate assessment on the security posture of our cloud-based applications. The report provided is concise and easy to read with sound advisories on the necessary steps to fix the issues. What impressed me most was that no false positive was listed and the vulnerabilities are real. ImmuniWeb certainly gives us the right level of assurance that our cloud-based applications are safe and "good-to-go" before we deploy them out to production
Lee Chye Seng
Director, Learning Systems and Applications
We believe ImmuniWeb platform would definitely address the common weaknesses seen in manual assessments. The AI-assisted platform not only automates the assessments, but also, executes them in a continuous, consistent and reliable fashion. Admittedly, the platform would definitely add quick wins and great ROI to its customers on their investment.
Abuhaneefa Fayaz
Information Security Officer
ImmuniWeb is a great innovative service that brings unbeatable ROI. It is undoubtedly the best way to quickly and easily guarantee your customers that their data is safe with you - and yours too by the way! Efficient and effective!
Jean-Michel Beylard-Ozeroff
Head of IT
ImmuniWeb is an invaluable tool for iPresent with both automated and manual penetration testing. The fantastic manual testing has found even the most hidden and complicated bugs in our security and ImmuniWeb has delivered first class knowledge. The self-service interface also gives us great control to schedule and monitor tests when we need them
Neil Bostrom
Chief Technical Officer
