World Library  
Flag as Inappropriate
Email this Article

High-Tech Bridge

Article Id: WHEBN0040434301
Reproduction Date:

Title: High-Tech Bridge  
Author: World Heritage Encyclopedia
Language: English
Subject: Common Weakness Enumeration, Bug bounty program
Collection:
Publisher: World Heritage Encyclopedia
Publication
Date:
 

High-Tech Bridge

High-Tech Bridge
Private
Founded 2007 (2007)
Headquarters Geneva, Switzerland
Key people
Ilia Kolochenko (CEO)[1]
Marsel Nizamutdinov (Chief Research Officer)[2]
Frederic Bourla (Chief Security Specialist)[3]
Stéphane Koch (Vice President)[3]
Services Computer security, Penetration Testing, Computer crime investigation, Web application security
Number of employees
25
Website .com.htbridgewww

High-Tech Bridge SA is a Geneva, Switzerland-based private information security company.[4] Founded in 2007, the company was named by Frost & Sullivan as an industry leader and best service provider among web application security and penetration testing providers in Europe.[5][6] The company is known for its long-standing security research program, with issues identified in products from vendors such as Sony,[7] McAfee[8] Novell[9] in addition to hundreds of vulnerabilities reported on the OSVDB.[10] High-Tech Bridge also introduced the concept of hybrid web security assessment, which combines manual penetration testing and automated scanning, through its ImmuniWeb web security testing SaaS.[11]

The company is among 81 organizations, as at August 2013, that include CVE identifiers in their security advisories.[12]

History

High-Tech Bridge SA, which has offices in and Geneva and San Fransicso, CA, was founded at its current headquarters at World Trade Center, Geneva, Switzerland in 2007 by Ilia Kolochenko, who also lectures on cyber crime at the University of Applied Sciences and Arts in Western Switzerland, serves as its CEO.[13]

In August 2012, High-Tech Bridge's Security Research Lab was registered as CVE and CWE compatible by MITRE.[14] This registration was followed in June 2013 with ImmuniWeb achieving CVE and CWE compatible status,[15][16] making High-Tech Bridge one of only 24 organizations, globally, and the first in Switzerland, that have been able to achieve CWE compatible status.

Services

High-Tech Bridge's core business is in white hat computer penetration testing,[17] information security auditing, computer security consulting, source code review, computer forensics, among other services.[5][18] In 2012 the company was assessed by Frost & Sullivan as one of the leading European companies in the ethical hacking market.[19]

ImmuniWeb

High-Tech Bridge introduced the concept of hybrid web application security testing with the launch of ImmuniWeb[20] in August 2013.[21] ImmuniWeb's hybrid solution conducts automated vulnerability scanning and manual web application penetration testing in parallel. By including a manual element in the security scan, the hybrid approach seeks to eliminate false positives[16][18] ImmuniWeb uses a real penetration tester in conjunction with the automated vulnerability scanning.[22]

High-Tech Bridge and PricewaterhouseCoopers announced a strategic partnership in 2015[23] based around ImmuniWeb's web penetration testing capabilities.

ImmuniWeb, is both CVE and CWE comptible. ImmuniWeb has been adopted [24] as part of the UN International Telecommunication Union's (ITU) toolset for ensuring that the websites of ITU Member States are secure.

SSL/TLS Server Configuration Checker

High-Tech Bridge launched an SSL/TLS configuration testing tool in October 2015.[25] The tool validates server configuration against NIST guidelines and checks PCI DSS compliance, it was cited in articles covering the TalkTalk data breach.[26][27]

Security Research

In September 2013 High-Tech Bridge reported a weakness, that could allow hackers to perform phishing attacks via access to users' browsing history on Nasdaq.com.[28][29]

The discovery of vulnerabilities in Yahoo! sites by High-Tech Bridge was widely reported,[30][31] leading to the t-shirt gate affair and changes in Yahoo's bug bounty program. High-Tech Bridge identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25.[32][33][34][35] The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called t-shirt-gate,[36] a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. High-Tech Bridge's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria.[31][37]

In December 2013, High-Tech Bridge research[38] on privacy in popular social networks and email services was cited[39][40] in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network. High-Tech Bridge also discovered vulnerabilities on the World Economic Forum that leaked the email addresses of attendees[41] as well as remote code execution vulnerabilities in PHP.[42] In December 2014, High-Tech Bridge identified the RansomWeb attack,[43] a development of RansomWare attacks, where hackers have started taking over webs servers, encrypting the data on them and demanding payment to unlock the files. The discovery[44] of a Drive-by download attack on an OsCommerce based site revealed how drive-by download attacks were being used to target specific site visitors.

Awards and recognition

High-Tech Bridge made the Online Trust Alliance (OTA) Members - Honor Roll three years in a row: 2012-2104.[45] The OTA Honor Roll, first awarded in 2010, analyses sites based on their domain, brand and consumer protection; site, server and infrastructure security; and data protection and privacy; and acknowledges those organizations with the best security and privacy policies.[46] Its web application, ImmuniWeb, was employed in determining the nominees for OTA's 2014 list.[19]

In 2015, High-Tech Bridge's ImmuniWeb was a finalist in the Info Security Products Guide Global Excellence Awards alongside Nessus, Tripwire's IP360 and BeyondTrust's Retina CS Enterprise Vulnerability Management. ImmuniWeb was nominated for Best Security Service (New or Updated version).[47]

ImmuniWeb was recognised in Frost & Sullivan's 2015 Market Insight as being 'the most complete hybrid offering available'.[48]

In April 2015, High-Tech Bridge was recognised in the CyberSecurity 500 at position 65[49] for ImmuniWeb.

ImmuniWeb was listed alongside Qualys VM, Trustwave Vulnerability Management and BeyondSaaS as being among the top cloud-based vulnerability management products available.[50]

Organizational memberships

High-Tech Bridge is a member of a number of security-related organisations, including:

References

  1. ^
  2. ^
  3. ^ a b
  4. ^
  5. ^ a b
  6. ^
  7. ^
  8. ^
  9. ^
  10. ^
  11. ^
  12. ^
  13. ^
  14. ^
  15. ^
  16. ^ a b
  17. ^
  18. ^ a b
  19. ^ a b
  20. ^
  21. ^
  22. ^
  23. ^
  24. ^
  25. ^
  26. ^
  27. ^
  28. ^
  29. ^
  30. ^
  31. ^ a b
  32. ^
  33. ^
  34. ^
  35. ^
  36. ^
  37. ^
  38. ^
  39. ^
  40. ^
  41. ^
  42. ^
  43. ^
  44. ^
  45. ^
  46. ^
  47. ^
  48. ^ (subscription required)
  49. ^
  50. ^
  51. ^
  52. ^

External links

  • High-Tech Bridge Official website
  • ImmuniWeb Portal

See also

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.