Web Security in a Swiss Army Knife

Simple. Powerful. Scalable.

ImmuniWeb® Discovery reduces complexity and costs of web security and compliance management with continuous
asset discovery equipped with actionable risk scoring. Its seamless integration into DevSecOps,
data leaks and Dark Web monitoring enables proactive threat intelligence.

How It Works

  1. Enter your
    company name
  2. See what
    hackers see
  3. Prioritize, monitor
    and respond

Holistic Asset Discovery and Inventory 24/7

  • APIs & Web Services
  • Web Applications
  • Mobile Applications
  • Domains & Certificates
  • Cloud & NAS Storage
  • Code Repositories
  • Internet of Things
  • Mail Servers

Lack of visibility is the most frequent cause of data breaches, as you can’t protect what you don’t see.

ImmuniWeb Discovery enables a helicopter view of your external digital assets in a simple and actionable manner.

Its DevSecOps-enabled dashboard illuminates a risk-based panorama of your evolving attack surface.

Ensure accurate and up2date
visibility of your digital assets

Actionable Security Ratings 24/7

Leveraging our proven AI technology, each discovered application and
API gets an actionable security rating for a risk-adjusted remediation:

86/100
Hackability Score
Hackability score shows how easy a web application can be hacked from a
technical point of view.
18/100
Attractiveness Score
Attractiveness score shows how attractive a web application is for an average cybercrime group.
Measure your own or third-parties
digital risks and exposure

Web Security and Compliance Monitoring 24/7

  • CVE & OWASP
    Top 10 Scanning
  • PCI DSS &
    GDPR Compliance
  • SSL/TLS Encryption
    & Hardening
  • Software Composition
    Analysis
  • Expiring Domains &
    Certificates
  • Web Malware &
    Cryptojacking
  • WAF & CSP
    Presence
  • SPF, DMARC &
    DKIM Presence

Constantly changing applications and web assets is the Achilles’ Heel of corporate cyber defense.

ImmuniWeb Discovery runs a 24/7 production-safe web vulnerability and compliance scanning with flexible alerts.

Moreover, your team will get an advance email notice of new assets, expiring domain names or SSL certificates.

Get timely notice about security
risks or compliance issues

Dark Web and Data Leaks Monitoring 24/7

  • Dark Web
    Mentions
  • Exposed PII &
    Credentials
  • Leaked
    Source Code
  • Presence in
    Black Lists
  • Phishing Websites
    and Pages
  • Fake Social
    Networks Accounts
  • Trademark
    Infringements
  • Squatted
    Domain Names

Cybercriminals are proactively searching for new opportunities to steal your data, money or goodwill.

ImmuniWeb Discovery monitors Dark Web, Pastebin and many other resources for your data being leaked or stolen.

Likewise, we look out for expiring domains and certificates, phishing or squatted domains, and inclusion into Black Lists.

Outpace the attackers with
proactive threat intelligence

Everything Visible. Everything Secure.

Testimonials and Customer References

Crédit Agricole next bank (Suisse) SA
eBay Classifieds Group
BDO
Haymarket Media, Inc.
Swissquote Bank SA
University Hospitals of Geneva (HUG)
Celgene
UNIRISC GROUP
SIX Group Services AG
International Telecommunication Union (ITU)
UN
Banca dello Stato del Cantone Ticino
SIM University
Arab Bank (Switzerland) Ltd.
Legal Vision
iPresent

ImmuniWeb® Discovery Pricing

Turbocharged performance
at unbeatable price

SMB
$99 per month
Up to 20 Websites
Other Assets Unlimited
Corporate
$299 per month
Up to 100 Websites
Other Assets Unlimited
Corporate Pro
$999 per month
Unlimited Websites
Other Assets Unlimited
Continuous discovery of your external web and mobile apps, APIs (REST/SOAP), domain names, SSL certificates, mail servers, cloud storage (e.g. AWS S3 buckets) and NAS, public code repositories (e.g. GitHub) and IoT devices (e.g. CCTV cameras). New Assets Discovery Yes Yes Yes
Secure dashboard provides a reduced-complexity overview of your external attack surface with customizable email notifications on various events or score changes. Multiuser 2FA Dashboard Yes Yes Yes
Continuous and non-intrusive scanning for OWASP Top 10 and known CVE issues impacting your external websites and web applications. Website Security Scanning Yes Yes Yes
Continuous scanning for PCI DSS, GDPR, and HIPAA requirements applicable to your external websites, web applications and SSL/TLS configurations. Website Compliance Scanning Yes Yes Yes
Continuous fingerprinting and monitoring of Open Source and proprietary software for known security and privacy issues. Software Composition Analysis Yes Yes Yes
Continuous in-depth testing of your Content Security Policy (CSP) and 15+ other security and privacy-related HTTP headers. Security Headers Scanning Yes Yes Yes
Continuous monitoring of your external websites, web applications and APIs for being protected by a WAF. WAF Presence Monitoring Yes Yes Yes
Mobile apps from public stores are continuously scanned for OWASP Mobile Top 10, privacy and excessive permissions issues. Mobile Apps Scanning Yes Yes Yes
Continuous monitoring of domain names and SSL certificates expiration. Domains & Certificates Monitoring Yes Yes Yes
Continuous monitoring for website malware, Cryptojacking and presence in web and email blacklists including DNSBL. Blacklists & Malware Monitoring Yes Yes Yes
Continuous monitoring of your external mail servers for properly implemented SPF, DMARC and DKIM. Mail Servers Monitoring Yes Yes Yes
AI-Enabled hackability and attractiveness scores for each newly discovered, or manually added, external website, web application or API. Asset Security Ratings Yes Yes
Continuous monitoring for typosquatted or cybersquatted domain names, fake accounts in social networks and phishing websites targeting your brand. Phishing & Squatting Monitoring Yes Yes
Continuous monitoring of public code repositories (e.g. GitHub) for exposed or leaked sources codes, hardcoded passwords or API keys. Code Repositories Monitoring Yes
Continuous monitoring of the Onion network, Pastebin, IRC channels, stolen password collections, web forums and other publicly accessible sources for mentions of your company, its PII, credentials or other sensitive data. Dark Web & Leaks Monitoring Yes

Frequently Asked Questions

Subscription for 3, 6 and 12 months is available for rapid purchase via a secure online payment by credit card or PayPal. Payment by a bank wire is likewise available for a yearly subscription.

Yes, ImmuniWeb Discovery is non-intrusive and is based on OSINT model, leveraging the data already accessible or visible in the Internet. Therefore, you can use it for Security Ratings Services (SRS) to rapidly scorecard your suppliers, vendors and other third-parties including parties to M&A transactions.

Yes, at any time you can add supplementary websites or mobile apps belonging to the same brand. You can also import a list of such web applications, we will automatically remove duplicates adding only the new ones.

Yes, if there are any mentions of them in the Internet. For example, if your developers accidentally leak a URL of your internal application via a public code repository (e.g. GitHub), it will likely be detected and brought to your attention.

We have an automated, OSINT-based technology to monitor all publicly accessible .onion websites, web resources, IRC channels, Pastebin and other data sharing websites, Telegram chats and other social networks for sensitive data related or belonging to your company.

No, ImmuniWeb Discovery ensures a holistic visibility of your external IT assets, continuous web security and compliance monitoring, and surveillance of data leaks and mentions on Dark Web. For business-critical applications we recommend more in-depth ImmuniWeb penetration testing offering.

No, the testing process is production-safe and non-intrusive, no action is required from your side.

We provide 24/7 access to our ticketing system for technical and business questions you may have.

Each domain name is counted as separate website. For example, admin.example.com and test.example.com will be counted as two websites. Web applications on non-standard ports, let’s say crm.example.com:8931, will be likewise counted as a supplementary website.

Yes, you can download the data from the dashboard via our API.

Any other questions? Contact Sales

Gartner Peer Insights Recommends

Gartner Peer Insights
Quick Start
Solutions
Get a Demo
Newsletter