Web Security in a Swiss Army Knife

Simple. Powerful. Scalable.

ImmuniWeb® Discovery reduces complexity and costs of web security and compliance management with continuous
asset discovery equipped with actionable risk scoring. Its seamless integration into DevSecOps,
data leaks and Dark Web monitoring enables proactive threat mitigation.

ImmuniWeb® Discovery

Asset Discovery & Inventory
Inventory & Security Ratings

Continuous asset discovery, risk-based
inventory and DevSecOps-tailored
security ratings

Risk & Security Ratings
Web Security & Compliance

Continuous monitoring of web security,
GDPR & PCI DSS compliance,
WAF and email security

Security & Compliance
Leaks & Dark Web Monitoring

Continuous monitoring for leaked
data, exposed PII and mentions
in the Dark Web

How It Works

  1. Enter your
    company name
  2. See what
    hackers see
  3. Prioritize, monitor
    and respond

Holistic Asset Discovery and Inventory 24/7

  • Web Applications
  • Mobile Applications
  • Web Services & APIs
  • Domains & Certificates
  • Cloud Storage
  • Code Repositories
  • Internet of Things
  • Mail Servers

Lack of visibility is the most frequent cause of data breaches, as you can’t protect what you don’t see.

ImmuniWeb Discovery enables a helicopter view of your external digital assets in a simple and actionable manner.

Its DevSecOps-enabled dashboard illuminates a risk-based panorama of your evolving attack surface.

Actionable Security Ratings 24/7

Leveraging our proven AI technology, each discovered application and
API gets an actionable security rating for a risk-adjusted remediation:

Hackability Score
Hackability score shows how easy a web application can be hacked from a
technical point of view.
Attractiveness Score
Attractiveness score shows how attractive a web application is for an average cybercrime group.

Web Security and Compliance Monitoring 24/7

    Top 10 Scanning
  • PCI DSS &
    GDPR Compliance
  • SSL/TLS Encryption
    & Hardening
  • Software Composition
  • Expiring Domains &
  • Web Malware &
  • WAF & CSP
  • SPF, DMARC &
    DKIM Presence

Constantly changing applications and web assets is the Achilles’ Heel of corporate cyber defense.

ImmuniWeb Discovery runs a 24/7 production-safe web vulnerability and compliance scanning with flexible alerts.

Moreover, your team will get an advance email notice of new assets, expiring domain names or SSL certificates.

Dark Web and Data Leaks Monitoring 24/7

  • Dark Web
  • Exposed PII &
  • Leaked
    Source Code
  • Presence in
    Black Lists
  • Phishing Websites
    and Pages
  • Fake Social
    Networks Accounts
  • Trademark
  • Squatted
    Domain Names

Cybercriminals are proactively searching for new opportunities to steal your data, money or goodwill.

ImmuniWeb Discovery monitors Dark Web, Pastebin and many other resources for your data being leaked or stolen.

Likewise, we look out for expiring domains and certificates, phishing or squatted domains, and inclusion into Black Lists.

Application Security Made Simple

Threat Visibility

Outpace attackers with up2date
and actionable knowledge

Reduced Costs

Avoid unnecessary spending
and minimize incidents

Risk-Adjust Defense

Build a data-driven cyber
resilience strategy

Testimonials and Customer References

Crédit Agricole next bank (Suisse) SA
eBay Classifieds Group
Haymarket Media, Inc.
Swissquote Bank SA
University Hospitals of Geneva (HUG)
SIX Group Services AG
International Telecommunication Union (ITU)
Banca dello Stato del Cantone Ticino
SIM University
Arab Bank (Switzerland) Ltd.
Legal Vision

ImmuniWeb® Discovery Pricing

Turbocharged performance
at unbeatable price

$99 per month
Up to 20 Websites
Other Assets Unlimited
$299 per month
Up to 100 Websites
Other Assets Unlimited
Corporate Pro
$999 per month
Up to 1000 Websites
Other Assets Unlimited
Continuous discovery of your external web and mobile apps, REST/SOAP APIs, domain names, SSL certificates, mail servers, cloud storage (e.g. AWS S3 buckets), code repositories and IoT devices. New Assets Discovery Yes Yes Yes
Secure dashboard provides a reduced-complexity overview of your external attack surface with customizable email notifications on various events or score changes. Multiuser 2FA Dashboard Yes Yes Yes
Continuous and non-intrusive scanning for OWASP Top 10 and known CVE issues impacting your external websites and web applications. Website Security Scanning Yes Yes Yes
Continuous scanning for PCI DSS, GDPR, and HIPAA requirements applicable to your external websites, web applications and SSL/TLS configurations. Website Compliance Scanning Yes Yes Yes
Continuous fingerprinting and monitoring of Open Source and proprietary software for known security and privacy issues. Software Composition Analysis Yes Yes Yes
Continuous in-depth testing of your Content Security Policy (CSP) and 15+ other security and privacy-related HTTP headers. Security Headers Scanning Yes Yes Yes
Continuous monitoring of your external websites, web applications and APIs for being protected by a WAF. WAF Presence Monitoring Yes Yes Yes
Continuous monitoring for known malware, ransomware or crypto-jacking impacting your external websites and web applications. Website Malware Monitoring Yes Yes Yes
Continuous monitoring of domain names and SSL certificates expiration. Domains & Certificates Monitoring Yes Yes Yes
Continuous monitoring of your external mail servers for properly implemented SPF, DMARC and DKIM. Mail Servers Monitoring Yes Yes Yes
Continuous monitoring of your websites and IP addresses in various Black Lists including DNSBL. Blacklists Monitoring Yes Yes Yes
AI-Enabled hackability and attractiveness scores for each newly discovered, or manually added, external website, web application or API. Asset Security Ratings Yes Yes
Continuous monitoring for typosquatted or cybersquatted domain names, fake accounts in social networks and phishing websites targeting your brand. Phishing & Squatting Monitoring Yes Yes
Continuous monitoring of public code repositories (e.g. GitHub) for exposed or leaked sources codes, hardcoded passwords or API keys. Code Repositories Monitoring Yes
Continuous monitoring of the Onion network, Pastebin, IRC channels, stolen password collections, web forums and other publicly accessible sources for mentions of your company, its PII, credentials or other sensitive data. Dark Web & Leaks Monitoring Yes
Get a discount for ImmuniWeb On-Demand, MobileSuite and Continuous for any application from the list. Discount for Penetration Testing 3% 5%
Buying from many vendors
and overpaying?

Sales start in

Frequently Asked Questions

It’s very simple: create a free account, enter your company name and make a secure online payment. In approximately two business days you will get your dashboard ready with your external assets scored and categorized. Later you will be able to add new applications, configure continuous monitoring and email alerts.

You can purchase a subscription for 3, 6 or 12 months with a secure online payment. Payment by a bank wire is possible with a yearly subscription.

Each domain name is counted as separate a website. For example, admin.example.com and test.example.com will be counted as two websites. Web applications on non-standard ports, let’s say crm.example.com:8931, will be likewise counted as a supplementary website.

Yes, at any time you can add supplementary websites within the range of your package. You can also import a list of web applications, we will automatically remove duplicates adding the new ones.

No, ImmuniWeb Discovery is designed for your corporate websites. Your direct subsidiaries (e.g. Volvo and Volvo Truck) can be grouped under one project, however, Audi, BMW and Porsche will require three district projects.

Please contact sales we will gladly provide you with a custom quote.

Yes, if there is any mention of them in the Internet. For example, if your developers accidentally leak a URL of your internal application via a public code repository, it will likely be detected.

We have an automated, OSINT-based technology to monitor all (semi)publicly accessible IRC channels, Pastebin, web chats and forums, social networks, and .onion websites that are known for trading or offering stolen corporate data.

No, ImmuniWeb Discovery is our baseline product to ensure holistic visibility of your external IT assets, IT hygiene, foundational security and compliance. Business critical applications shall be profoundly tested with ImmuniWeb penetration testing offering.

The underlying technology is production-safe and non-intrusive. It is based on the enhanced version of our free online tests you can try here: www.immuniweb.com/free

No, the testing process is non-intrusive, while the discovery is based on OSINT model leveraging the data publicly accessible in the Internet.

You will get an unlimited access to our 24/7 ticketing system for any technical or business questions you may have.

Yes, you can download the data from the dashboard via our API.

Any other questions? Contact Sales

Gartner Peer Insights Recommends

Gartner Peer Insights
Quick Start
Get a Demo