ImmuniWeb® Discovery Pricing
Continuous Threat Exposure Management (CTEM)
| ImmuniWeb® Discovery | Ultimate package | Corporate Pro package | ASM package | Dark Web package |
|---|---|---|---|---|
| 24/7 Expert Assistance Whenever you or your team have a technical question, our security analysts and experts are available 24/7 through our dedicated support system. |  | | | |
| Dashboard & API Access User-friendly dashboard with possibility to export any data in PDF and XLS formats, as well as in JSON via REST API, to seamlessly integrate the findings with your on-prem or cloud systems, such as SIEM or GRC. | | | | |
| Unlimited Role-Specific Users All user accounts may have granular access permissions to get access only to specific assets or groups of assets based on their roles and permissions in the company. | | | | |
| Attack Surface Monitoring (ASM) Comprehensive discovery of all your domain names and subdomains, web applications and APIs, mobile apps and their endpoints, network services and devices, cloud instances and services, and IoT devices visible from the Internet. | | | | |
| Cloud Security Posture Management Non-intrusive detection of exposed, misconfigured or vulnerable cloud instances across over 250 public cloud service providers on top of AWS, GCP and Microsoft Azure. | | | | |
| Continuous Security Monitoring Non-intrusive detection of outdated or vulnerable web and network software with actionable vulnerability analytics, misconfigured network services and cloud resources, exposed databases and repositories, DNS configuration errors, SSL/TLS encryption weaknesses and privacy issues. | | | | |
| Repositories Monitoring Monitoring of most popular source code repositories, as well as cloud-specific and vendor-specific repositories, for accidentally or purposely leaked source code and other data. | | | ||
| Dark Web Monitoring Comprehensive monitoring of illicit activities targeting your organization, its employees, clients or partners in both Dark Web and Surface Web including special or niche social networks, Telegram, IRC and almost a hundred other places where cyber threat actors usually gather, as well as ongoing monitoring of several hundreds of Indicator of Compromise (IoC) feeds for presence of your corporate domains, IP addresses and other assets. | | | | |
| Phishing & Squatting Detection Rapid detection of phishing and other malicious websites mimicking your corporate identity or brand, as well as typo-squatted and cyber-squatted domains, fake accounts on social networks and on Web3. | | | | |
| Phishing Websites Takedown Takedown of malicious phishing websites by administrative and legal measures usually taking from 24 to 72 hours to deactivate the illicit resource. | | |||
| Advanced Incident Monitoring Monitoring of VIPs exposure, detection of leaked credit cards and other sensitive financial information, customized search for leaks and incidents on both the Dark Web and Surface Web. | | |||
| Incident Investigation Assistance Rapid help from our security analysts with investigations on the Dark Web when collection of further evidence, intelligence or insights is needed for incident response and investigation. | | |||
| Copyright Infringement Monitoring Detection of websites and other Internet resources that may utilize your creative content, such as texts or images, without proper permission or authorization. | | |||
| Trademark Infringement Monitoring Detection of websites and other Internet resources that may misuse or abuse your trademarks. | | |||
| Cyber Threat Intelligence Dedicated dashboard with unlimited access to the most important cyber threat intelligence (CTI) from governmental and private sources on the most recent TTPs, key cyber-threat actors, ongoing hacking and fraud activities, ransomware and phishing campaigns, legal and regulatory actions, sanctions and incidents. Search by industry, country, language and many other metrics. | | |||
| Update Frequency All data is available on the user-friendly dashboard with an option to export it in PDF or XLS formats, as well as JSON via REST API. | Hourly | Daily | Daily | Daily |
| Price per Company (All Included) Up to 10,000 assets and/or incidents per company without limitations, flexible pricing for any assets on top of it. Standard subscription duration is one year. | 4,495 EUR / month | 2,495 EUR / month | 1,495 EUR / month | 1,495 EUR / month |
| Discount for Penetration Testing Enjoy a discount for any ImmuniWeb penetration testing products (On-Demand and MobileSuite) during the entire duration of your subscription. | 15% | 10% | 5% | 5% |
| Dashboard Ready Your dashboard will be available on this date (if you purchase today). | — | — | — | — |
ImmuniWeb® Neuron Pricing
Premium Web Application Security Scanning
- Full Scan Customization
- AI-Powered Vulnerability Detection
- Authenticated Scans (SSO/MFA)
- Patch Verification Scans
- Web Security Scanning:
- AI-Based Fuzzing
- OWASP Top 10 Vulnerabilities
- OWASP Top 10 API Vulnerabilities
- Software Composition Analysis (SCA)
- Insecure HTTP Headers
- SSL/TLS Weaknesses
- API Security Scanning
- API Schema Support (Postman, Swagger, etc.)
- Known Web Vulnerabilities Scanning:
- WordPress & 400+ Other Popular CMSs
- 150,000+ CMS Plugins & Themes
- 12,000+ JavaScript Libraries
- 10,000+ Known CVE-IDs
- Open Source Software Security Ratings
- Detection of AI-Related Vulnerabilities
- Detection of Vibe-Coding Flaws
- Zero False-Positives SLA Money-Back Guarantee
Contractual money-back guarantee for one single false positive.
- Risk-Based Prioritization of Findings
- Simple Instructions to Reproduce Findings
- Web, PDF, JSON, XML and CSV Reports
- Friendly Remediation Guidelines
- Screenshots and Raw HTTP Data
- Consolidated View of All Scans
- CVE and CWE Mapping
- CVSSv4 Scoring
- 24/7 Expert Assistance 30 Languages
- Patch Verification Scan Mode
- RBAC Scan Management Dashboard
- Seamless DevSecOps Integration
- Unlimited Dashboard Users
- Turnkey CI/CD Automation
- Simple Scan Scheduling
- Recurrent Scans
- Email Alerts
| Annual Scan Subscription | Monthly Scan Subscription | |
| Price per Target (FQDN) If your web application remains the same but changes its Fully Qualified Domain Name (FQDN), you will not need to use another target keeping your costs under control. | 595 EUR | 395 EUR |
| Number of Scans per Target You can easily run your scans in a scheduled or manual mode, as well as automatically launch scanning via your CI/CD pipeline. | Unlimited | Unlimited |
| Discount for Penetration Testing Enjoy a discount for any ImmuniWeb penetration testing products (On-Demand and MobileSuite) during the entire duration of your subscription. | 15% | 5% |
| Dashboard Ready Your dashboard will be available on this date (if you purchase today). | Today | Today |
ImmuniWeb® Neuron Mobile Pricing
Premium Mobile Application Security Scanning
- Full Scan Customization
- AI-Powered Vulnerability Detection
- Authenticated Scans (SSO/MFA)
- Mobile Security Scanning:
- SAST Scanning
- DAST Scanning
- Software Composition Analysis (SCA)
- OWASP Mobile Top 10 Scanning
- OWASP MASVS Level 1 Testing
- Mobile App Privacy Analysis
- SSL/TLS Encryption Testing
- Endpoints & APIs Privacy Review
- Mobile App Compliance Review
- Open Source Software Security Ratings
- Detection of AI-Related Vulnerabilities
- Detection of Vibe-Coding Flaws
- Zero False-Positives SLA Money-Back Guarantee
Contractual money-back guarantee for one single false positive.
- Risk-Based Prioritization of Findings
- Simple Instructions to Reproduce Findings
- Web, PDF, JSON, XML and CSV Reports
- Friendly Remediation Guidelines
- Screenshots of Security Findings
- Consolidated View of All Scans
- CVE and CWE Mapping
- CVSSv4 Scoring
- 24/7 Expert Assistance 30 Languages
- RBAC Scan Management Dashboard
- Seamless DevSecOps Integration
- Unlimited Dashboard Users
- Turnkey CI/CD Automation
- Simple Scan Scheduling
- Email Alerts
| Annual Scan Subscription | Monthly Scan Subscription | |
| Price per App Unlimited scans of any builds or versions of the same mobile app (Android or iOS) | 595 EUR | 395 EUR |
| Number of Scans per App You can easily run your scans in a scheduled or manual mode, as well as automatically launch scanning via your CI/CD pipeline. | Unlimited | Unlimited |
| Discount for Penetration Testing Enjoy a discount for any ImmuniWeb penetration testing products (On-Demand and MobileSuite) during the entire duration of your subscription. | 15% | 5% |
| Dashboard Ready Your dashboard will be available on this date (if you purchase today). | Today | Today |
ImmuniWeb® On-Demand Pricing
Compliance-Ready Web Application Penetration Testing
| ImmuniWeb® On-Demand | Ultimate | Corporate Pro | Corporate | Express Pro |
|---|---|---|---|---|
| 24/7 Expert Assistance Whenever you or your team have a technical question, our security analysts and experts are available 24/7 through our dedicated support system. | | | | |
| AI-Powered Security Testing Since 2019, our award-winning Machine Learning technology accelerates and intelligently automates thousands of tests and checks of your web application security, which usually require human labor and cannot be performed by automated vulnerability scanners due to complexity. | | | | |
| Manual Penetration Testing Our CREST-accredited security experts conduct advanced security testing of your web application’s business logic, perform chained exploitation of sophisticated vulnerabilities, and run other security and privacy checks that require human intelligence due to high complexity. | 10 days | 5 days | 3 days | 1 day |
| OWASP ASVS Testing Level ASVS Level 1 is a foundational level of testing for simple applications with little or no confidential data | Level 3 | Level 3 | Level 2 | Level 1 |
| Report Writing The assessment report can be viewed or downloaded during the next 100 days following the Security Assessment completion. | 2 days | 8 hours | 4 hours | 2 hours |
| Unlimited Retesting During 100 days after delivery of your penetration testing report, you can schedule patch verification assessment to ensure and validate that all findings are properly fixed. | | | | |
| Penetration Test Certificate Receive a signed penetration test certificate with brief description of the performed test and its results. | | | | |
| Network Security Assessment If your web applications or APIs are hosted on your own network infrastructure, the network server(s) hosting your web infrastructure will be tested for exposed, outdated or otherwise misconfigured network services. | | | ||
| Internal Web Application Testing If your web application or API is not accessible via Internet, we can provide our Virtual Application technology that creates a secure VPN tunnel to our infrastructure, which can be used as a proxy during penetration testing of the internal application. | | | ||
| Testing of Agentic Apps and LLMs If your web application incorporates an AI-powered chatbot or otherwise interacts with AI-agents, our security experts will conduct testing of AI-specific threats as provided by the OWASP Top 10 lists of threats for LLMs and Agentic Applications. | | |||
| Threat-Led Penetration Testing Our penetration testers will carefully review the unique risk profile of your organization and industry to simulate TTPs (Tactics, Techniques and Procedures) of the most relevant and sophisticated cyber-attacks that may target your organization specifically. | | |||
| Price per Penetration Test One penetration test may include one or several domains, subdomains or APIs. | 14,995 EUR | 5,995 EUR | 2,995 EUR | 995 EUR |
| Quarterly Pentest Discount Enjoy the best pricing if your buy 4 pentests for the same application per year. Best fit to meet the regulatory requirements and to ensure the security of your applications with regular testing. | 20% | 15% | 10% | 5% |
| Report Delivery Date Scheduled delivery date of your penetration testing report (if you purchase today). | — | — | — | — |
