Continuous Penetration Testing Made Simple
Zero False Positive SLA
Money-Back Guarantee for
a single false-positive
In-Depth Testing
Business logic testing, SANS Top 25,
PCI DSS & OWASP coverage
Actionable Reporting
Tailored remediation guidelines
and 24/7 access to analysts
24/7 Just-in-time Testing
Once your code is changed, our
experts will promptly test it
DevSecOps Tailored
One-click WAF virtual patching,
SDLC & CI/CD integration
How it works
- Customize testing and
scope monitoring - Get instant alerts on
new vulnerabilities - Re-test patched findings
in one click
Actionable Reporting. Simple Remediation.
DevSecOps Native
WAF Integrations
Continuous Penetration Testing for Any Need
Internal & External Web Apps
Virtual Appliance technology for
internal applications testing
Cloud Native Apps
Check if attackers can pivot to
other systems in your cloud
APIs & Web Services
Comprehensive coverage of API &
Web Services (REST/SOAP)
Black & White Box
Authenticated (including MFA/SSO)
or Black Box testing
Open Source Security
Software Composition Analysis (SCA)
tests for 20,000+ known CVE-IDs
Red Teaming
Breach and attack simulation per
MITRE ATT&CK® Enterprise
Proven Methodology and Global Standards
- OWASP Web Security Testing Guide (WSTG)
- NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
- PCI DSS Information Supplement: Penetration Testing Guidance
- MITRE ATT&CK® Matrix for Enterprise
- FedRAMP Penetration Test Guidance
- ISACA’s How to Audit GDPR
- OWASP Application Security Verification Standard (ASVS v4.0.2) Mapping
- Common Vulnerabilities and Exposures (CVE) Compatible
- Common Weakness Enumeration (CWE) Compatible
- Common Vulnerability Scoring System (CVSS v3.1)
Most Comprehensive Continuous Penetration Testing
In every ImmuniWeb Continuous package
- Detection of Changes and New Code
- Continuous Penetration Testing
- SANS Top 25 Full Coverage
- OWASP Top 10 Full Coverage
- PCI DSS 6.5.1-6.5.10 Full Coverage
- AI Augments Human Testing and Analysis
- Machine Learning Accelerates Testing
- Authenticated Testing (MFA / SSO)
- REST/SOAP API Testing
- Business Logic Testing
- Privacy Review
- Full Customization of Testing
- Instant SMS Alerts
- Instant Email Alerts
- Threat-Aware Risk Scoring
- Step-by-Step Instructions to Reproduce
- Web, PDF, JSON, XML and CSV Formats
- PCI DSS and GDPR Compliances
- CVE, CWE and CVSS Scores
- OWASP ASVS Mapping
- Zero False Positive SLA Money back
Contractual money-back guarantee for one single false positive.
- Unlimited Patch Verifications
- Tailored Remediation Guidelines
- One-Click Virtual Patching via WAF
- 24/7 Access to Our Security Analysts
- DevSecOps & CI/CD Tools Integration
- Multirole RBAC Dashboard with 2FA
ImmuniWeb® Continuous Packages
Continuous Penetration Testing
1 Configure Your Test
Enter the URL(s) of your application,
indicate any special testing, scoping
or reporting requirements
2 Select the Best Package
Pick up a package or get a free
consultation from our security
analysts to select one
3 Schedule and Start
Select subscription starting date,
add users, customize alerts
and you are done!
| The packages are tailored for the application’s size and complexity Package Selector | Corporate Pro Designed for one web application of large size and complexity, located on multiple subdomains or having several user roles. | Corporate Designed for one web application of medium size and complexity, located on several subdomains or having a couple of user roles. | Express Pro Designed for one web application of small size and complexity, located on one or two subdomains and having one user role. | Express Designed for one web application of very small size and complexity, located on one domain and having one simple user role. |
|---|---|---|---|---|
| AI-Automated Penetration Testing Our award-winning Deep Learning AI technology accelerates and intelligently automates over 10,000 checks of your web application security, which usually require human labor and cannot be performed by traditional vulnerability scanners due to complexity. | 24/7 | 24/7 | 24/7 | 24/7 |
| Manual Testing of Business Logic Our CREST-accredited security experts conduct advanced security testing of your web application’s business logic, perform chained exploitation of sophisticated vulnerabilities, and run other security and privacy checks that require human intelligence due to high complexity. | 3+ experts | 2+ experts | 1+ experts | 1 expert |
| Zero False Positive SLA Our Terms of Services provide contractual money-back guarantee for a single false positive in your penetration testing report. |  | | | |
| Rapid Delivery SLA Our Terms of Services provide contractual money-back guarantee for delayed delivery of your penetration testing report. | | | | |
| WAF Virtual Patching Our technology alliances with the leading WAF vendors provide ready-to-use WAF rulesets with your penetration testing report to automatically mitigate the detected vulnerabilities. | | | | |
| DevSecOps & CI/CD Integrations Our technology alliances with the leading SIEM and DevOps vendors provide one-click vulnerability data export into your vulnerability management systems, bug trackers, as well as integration of penetration testing into your CI/CD pipeline. | | | | |
| 24/7 Access to our Security Analysts Our security analysts are at your disposal during and after the penetration test may you need any advice or additional information on remediation or implementation of security best practices. | | | | |
| Unlimited Patch Verification Scans Unlimited patch verification scans are available to verify in one click that all of the detected vulnerabilities have been properly fixed by your software developers. | | | | |
| Privacy Assessment Our security experts examine widespread privacy issues and compliance failures in your web application. | | | | |
| Dark Web Reconnaissance Our security experts investigate your organization’s exposure on Dark Web, such as stolen credentials, and leverage this data during the penetration test. | | | ||
| Red Teaming Exercise On request, our security experts may perform Red Teaming exercise tailored to your threat landscape, emulating tactics, techniques and procedures (TTP) of a specific cyber threat actor. | | |||
| Package Price | $5495 per month | $3495 per month | $1495 per month | $995 per month |
Frequently Asked Questions
- QHow can I scope and customize my testing requirements?AAt the first step of project creation, you can scope and configure special requirements for continuous penetration testing. For example, you can select authenticated (White Box) testing with 2FA/SSO for some (sub)domains, exclude testing for some specific vulnerabilities (e.g. self-XSS) or areas of the web application, or refrain from testing during weekends. Later, while your subscription is valid, you can update your testing requirements.
- QHow many URLs and domains can I include into one package?AThere is no hard limit on the number of URLs or domains per package. All targets should, however, belong to the same business application. For example, an e-commerce platform may be located across several (sub)domains, APIs or third-party managed web services. They can normally all be included into one package. If you also wish to test your e-banking system, you will need a second package.
- QHow do I select the right pentest package for my scope?AGenerally, the bigger your scope is, the bigger package you need. If you have any doubts, please use our free package selector to submit basic details about your scope. Our security analysts will carefully analyze your scope and needs and then promptly get back to you with the most suitable package. May you have a large or otherwise complicated scope, please get in touch and we will assign you a personal account manager.
