Harman Patil (Editor)

High Tech Bridge

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Type
  
Private

Founder
  
Ilia Kolochenko

Founded
  
2007

Industry
  
Web Security

Headquarters
  
Geneva, Switzerland

High-Tech Bridge httpswwwhtbridgecomimgnewhightechbridge

Area served
  
Europe North America Asia

Key people
  
Ilia Kolochenko (CEO) Marsel Nizamutdinov (Chief Technology Officer) Frederic Bourla (Chief Security Specialist) Stéphane Koch (Vice President)

High-Tech Bridge SA is a web security company based in Geneva, Switzerland with a branch office in San Francisco (CA). Founded in December 2007, as a network security and penetration testing company, High-Tech Bridge was named by Frost & Sullivan's research as an industry leader and best service provider among ethical hacking and penetration testing companies in Europe.

Contents

At InfoSecurity Europe 2014, High-Tech Bridge officially launched its online ImmuniWeb web security testing platform, based on the concept of hybrid web security assessment, which combines manual penetration testing and managed vulnerability scanning in real-time. Prior to the official launch, ImmuniWeb Demo platform was tested by Graham Cluley and other security experts.

High-Tech Bridge Security Research Team has released over 500 security advisories affecting various software, with issues identified in products from many well-known vendors, such as Sony, McAfee Novell, in addition to many web vulnerabilities affecting popular open source and commercial web applications, such as osCommerce, Zen Cart, Microsoft SharePoint, SugarCRM and others.

The company is listed among 81 organizations, as at August 2013, that include CVE identifiers in their security advisories.

History

High-Tech Bridge was founded by Ilia Kolochenko, Swiss web application security expert, Forbes Technology Council member, contributing editor to SC Magazine UK, Dark Reading and CSO Online. Ilia also lectures on cyber crime at the University of Applied Sciences and Arts in Western Switzerland.

In August 2012, High-Tech Bridge's Security Research Lab was registered as CVE and CWE compatible by MITRE. This registration was followed in June 2013 with ImmuniWeb achieving CVE and CWE compatible status, making High-Tech Bridge one of only 24 organizations, globally, and the first in Switzerland, that have been able to achieve CWE certification.

In November 2013, International Telecommunication Union and High-Tech Bridge agreed to use ImmuniWeb as a part of ITU's toolset for ensuring that the websites of ITU Member States are secure.

In July 2015 High-Tech Bridge and PricewaterhouseCoopers Switzerland announced a strategic partnership based around ImmuniWeb's web penetration testing, continuous monitoring and vulnerability assessment capabilities. The partnership was afterward expanded to other PwC global offices, including PwC Singapore.

Network Security Services

High-Tech Bridge's also offers vendor-independent penetration testing, information security auditing, computer security consulting, source code review, and incident response.

ImmuniWeb® Web Security Platform

High-Tech Bridge introduced the concept of real-time hybrid web application security testing with the announcement of ImmuniWeb web security platform in August 2013.

ImmuniWeb's hybrid approach combines managed vulnerability assessment in parallel with manual web application penetration test. By including a manual element into security assessment process, the hybrid approach seeks to eliminate false-positives, increase testing accuracy, and detect complicated web vulnerabilities that are missed by automated vulnerability scanning vendors.

Each ImmuniWeb assessment uses real penetration testers in conjunction with the managed vulnerability scanning.

Free SSL/TLS Server Configuration Checker

High-Tech Bridge launched an SSL/TLS configuration testing tool in October 2015. The tool can validates email, web or any other TLS or SSL server configuration against NIST guidelines and checks PCI DSS compliance, it was cited in articles covering the TalkTalk data breach.

Security Research

In September 2013, High-Tech Bridge reported an XSS vulnerability on www.nasdaq.com, which remained unpatched during two weeks, despite several notifications and alerts sent to Nasdaq administrators.

The discovery of vulnerabilities in Yahoo! sites by High-Tech Bridge was widely reported, leading to the t-shirt gate affair and changes in Yahoo's bug bounty program. High-Tech Bridge identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25. The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called t-shirt-gate, a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. High-Tech Bridge's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria.

In December 2013, High-Tech Bridge research on privacy in popular social networks and email services was cited in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network.

In October 2014 High-Tech Bridge discovered a Remote Code Execution vulnerabilities in PHP.

In December 2014, High-Tech Bridge identified the RansomWeb attack, a development of Ransomware attacks, where hackers have started taking over webs servers, encrypting the data on them and demanding payment to unlock the files.

In April 2014, the discovery of a sophisticated Drive-by download attacks, revealed how drive-by download attacks are used to target specific website visitors after their authentication on a compromised web resource.

In December 2015, High-Tech Bridge tested the most popular free email service providers, for SSL/TLS email encryption. Hushmail, previously considered as one of the most secure email providers, received a failing "F" grade. Just after, the company updated its SSL configuration and received a score of "B+".

Awards and Recognition

High-Tech Bridge made the Online Trust Alliance (OTA) Members - Honor Roll four years in a row: 2012-2016.

In March 2015, ImmuniWeb was recognized in Frost & Sullivan's 2015 Market Insight as being 'the most complete hybrid offering available'.

In November 2015, High-Tech Bridge was recognized in the CyberSecurity 500 at position 37 for ImmuniWeb.

In November 2015, ImmuniWeb was also listed alongside Qualys VM, Trustwave Vulnerability Management and BeyondSaaS as being among the top cloud-based vulnerability management products available.

In December 2015, High-Tech Bridge was included into the visiongain's "Top 100 Cybersecurity Companies to Watch in 2016” report.

In April 2016, High-Tech Bridge was selected as a Red Herring Europe 2016 Winner.

SC Media Reboot 2016 named ImmuniWeb an Industry Innovator in the Analysis and Testing category.

Organizational Memberships

High-Tech Bridge is a member of a number of security-related organizations, including:

  • Online Trust Alliance
  • IMPACT Alliance.
  • The FIRST group's CVSS adopters Special Interest Group
  • ITU-D Global Cybersecurity Partnership. ITU-D is part of the International Telecommunication Union

    • References

    High-Tech Bridge Wikipedia
    (Text) CC BY-SA