ImmuniWeb OverviewUNIXBusinessApplication

ImmuniWeb is the #21 ranked solution in AST tools. PeerSpot users give ImmuniWeb an average rating of 7.4 out of 10. ImmuniWeb is most commonly compared to Qualys Web Application Scanning: ImmuniWeb vs Qualys Web Application Scanning. ImmuniWeb is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 23% of all views.
Buyer's Guide

Download the Application Security Testing (AST) Buyer's Guide including reviews and more. Updated: May 2023

What is ImmuniWeb?

ImmuniWeb® is a global application security company operating in over 50 countries, headquartered in Geneva, Switzerland. Most of ImmuniWeb's customers come from regulated industries, such as banking, healthcare, and e-commerce.

ImmuniWeb® AI Platform leverages award-winning AI and Machine Learning technology for acceleration and intelligent

automation of Attack Surface Management and Dark Web Monitoring. The data is later leveraged for threat-aware and risk-based Application Penetration Testing for web, mobile, and API security testing. ImmuniWeb is the only company that offers a contractual zero false-positives SLA with a money-back guarantee. ImmuniWeb’s AI technology is a recipient of numerous awards and recognitions, including Gartner Cool Vendor, IDC Innovator, and the winner of “SC Award Europe” in the “Best Usage of Machine Learning and AI” category.

ImmuniWeb® Community Edition runs over 100,000 daily tests, being one of the largest application security communities. ImmuniWeb SA is an ISO 27001 certified and CREST-accredited company.

https://www.immuniweb.com.

ImmuniWeb Customers

Ebay, United Nations, Next Bank Credit Agricole, Geneva Swiss Bank, Banca Stato, Celgene, SIM University, Heymarket, Swissquote, more...

ImmuniWeb Video

ImmuniWeb Pricing Advice

What users are saying about ImmuniWeb pricing:
  • "ImmuniWeb is relatively cheap. It's a competitive price compared to other products in the marketplace. It's worth the money we are paying for it."
  • "It is pretty expensive."
  • "It is pretty expensive."
  • ImmuniWeb Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Chief Information Security Officer at a financial services firm with 201-500 employees
    Real User
    Top 20
    An OSINT and AI-powered security tool with a useful automated discovery feature
    Pros and Cons
    • "I like the fully automated continuous discovery run by ImmuniWeb in the background. We do not need to rerun the same tests or the same scanning against our resources. We need to supply our IP addresses, domain names, and significant resources with special domain names and URLs, and we need to do it only once. Then we always have an up-to-date picture. I also like the integration with our single sign-on system. We do not need to maintain a separate set of usernames or user accounts. We can plug this ImmuniWeb service into our authentication technology, enabling two-factor authentication. We have secure authentication right out of the box. The other important feature I like is the executive view. You can easily switch from a technical view to an executive view and have a helicopter view of the compliance status. We can see how much effort is required and our current status."
    • "It would be better if they had an automated tagging feature. The tagging functionality currently requires manual tagging, and that's probably the most needed feature from my standpoint. We also do not have enough tools, enough features, or options to display different resources in the way we need. There are basic grouping and some filtering features, but we still cannot fully separate some flavors of our resources. However, we may not be aware of the latest features."

    What is our primary use case?

    We use ImmuniWeb as an instrument to discover our externally visible perimeter. This includes the web services accessible from the internet domain names or IP address ranges, everything we register, and maybe some surprising services that are silently running out of our site. 

    We also leverage the functionality to search through the public repositories or dark web and look for any entries related to our business or business name. Some may be stolen accounts, source codes, or similar items, but not many vendors around the world offer such a service within one single subscription, which is also important. We try to use every single feature that ImmuniWeb Discovery provides us.

    What is most valuable?

    I like the fully automated continuous discovery run by ImmuniWeb in the background. We do not need to rerun the same tests or the same scanning against our resources. We need to supply our IP addresses, domain names, and significant resources with special domain names and URLs, and we need to do it only once. Then we always have an up-to-date picture. 

    I also like the integration with our single sign-on system. We do not need to maintain a separate set of usernames or user accounts. We can plug this ImmuniWeb service into our authentication technology, enabling two-factor authentication. We have secure authentication right out of the box. 

    The other important feature I like is the executive view. You can easily switch from a technical view to an executive view and have a helicopter view of the compliance status. We can see how much effort is required and our current status.

    What needs improvement?

    It would be better if they had an automated tagging feature. The tagging functionality currently requires manual tagging, and that's probably the most needed feature from my standpoint.

    We also do not have enough tools, enough features, or options to display different resources in the way we need. There are basic grouping and some filtering features, but we still cannot fully separate some flavors of our resources. However, we may not be aware of the latest features.

    For how long have I used the solution?

    I have been using ImmuniWeb since September 2021, about a year and a half.

    Buyer's Guide
    Application Security Testing (AST)
    May 2023
    Find out what your peers are saying about ImmuniWeb, Invicti, Qualys and others in Application Security Testing (AST). Updated: May 2023.
    708,243 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    ImmuniWeb is a cloud-based stable solution.

    What do I think about the scalability of the solution?

    ImmuniWeb is cloud-based, so it's easily scalable. It can be scaled up at the vendor's discretion. We need to throttle some of the scan intensity for some resources, but it's only on our side, and we can control that. We do not care about the scalability on the vendor side in terms of the product's speed and performance. It's not our issue, and we do not notice any problems.

    How are customer service and support?

    Technical support is nicely designed and embedded right into the product or into the web portal. Often when you have Discovery and from different situations when you probably need to ask for support, you are just a couple of clicks away from creating the ticket and asking the support, and they are very responsive.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is straightforward. Even if we had a hundred or thousand more resources, they could all be imported quite easily. It also seamlessly connects to our Azure Active Directory. All imported resources can be tagged in advance, grouped, and sorted in whichever way is feasible for the users. It's straightforward to get into and start getting that value right away.

    What's my experience with pricing, setup cost, and licensing?

    ImmuniWeb is relatively cheap. It's a competitive price compared to other products in the marketplace. It's worth the money we are paying for it.

    What other advice do I have?

    I would tell potential users that they should use it. However, they should probably start using the pre-community tools to ensure it's mature enough to provide useful functionality, even for free. 

    It will be worth the money if you pay for more advanced functionality. I have been using ImmuniWeb's free edition since it was known by a different name, HT Bridge.

    On a scale from one to ten, I would give Immuniweb an eight.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Paul Young Okkamy - PeerSpot reviewer
    IT Department Manager at Okkamy
    Real User
    Top 20
    AI-driven, easily customizable, and has a zero false-positive SLA
    Pros and Cons
    • "After the assessment, you clearly know which assets require penetration testing."
    • "A great idea would be to make a mobile application for the ImmuniWeb portal so that all information would be available on the go and from a mobile phone as well. It would be much more convenient."

    What is our primary use case?

    I should say that we've already used ImminiWeb services before. But it was a traditional penetration test of a website. We were absolutely satisfied with their work and selected ImmuniWeb to test our new project for bugs and vulnerabilities.

    ImmuniWeb has grown dramatically in these last 4 years. Now, it's a large platform that handles the discovery of your IT assets and launches an AI automated penetration test to fix bugs found.

    The first discovery revealed some critical bugs in our assets. ImmuniWeb's team responded very quickly and soon provided a detailed report and guidelines for remediation.

    How has it helped my organization?

    The ImmuniWeb Platform is the best and easiest way to secure a business online. It's a really great experience. We got reports with zero false-positives and detailed instructions regarding how to solve problems and remove any vulnerabilities found with ImmuniWeb Discovery. We didn't have to purchase any complicated software. Everything is online in the cloud.

    We are sure that ImmuniWeb is definitely the best alternative to traditional penetration testing. They really reduced our security costs and made our business compliant with GDPR and other European and international laws and regulations.

    What is most valuable?

    I like that ImmuniWeb finds all your assets literally anywhere, including on your website, clouds, repositories, network infrastructure, et cetera. Moreover, it scans the Dark Web for assets. Dark Web Monitoring is the most valuable tool. It quickly scans the dark web and you see it all in the dashboard. In our case, we found a password leak.

    After the assessment, you clearly know which assets require penetration testing.

    The penetration test itself is AI-driven, easily customizable, and provided with a zero false-positive SLA.

    What needs improvement?

    You may find the dashboard a bit complicated. That's because of a large number of features. If ImmuniWeb will make a kind of presentation on how to work with a platform when you log in for the first time, that would be ideal.

    On the other hand, ImmuniWeb holds monthly webinars where they explain how to use the platform. I took part in one of them and found out a lot of new options I didn't know about before.

    A great idea would be to make a mobile application for the ImmuniWeb portal so that all information would be available on the go and from a mobile phone as well. It would be much more convenient.

    For how long have I used the solution?

    We have been using ImmuniWeb for 6 months already.

    How are customer service and technical support?

    The product offers fast 24/7 support. 

    Which solution did I use previously and why did I switch?

    I used the vulnerability scanner from Acunetix and some Qualys products. The scanner is nice but very expensive. It also didn't give the full view of the problems within the website.

    What's my experience with pricing, setup cost, and licensing?

    I would advise users to start with a small package. Other packages may look costly for an SMB. That said, the price/value ratio is perfect.

    Which other solutions did I evaluate?

    We did look at Qualys.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Application Security Testing (AST)
    May 2023
    Find out what your peers are saying about ImmuniWeb, Invicti, Qualys and others in Application Security Testing (AST). Updated: May 2023.
    708,243 professionals have used our research since 2012.
    Trung Le Thanh - PeerSpot reviewer
    Regional Manager - Cybersecurity at Alexa Security Consulting LLC
    Real User
    Top 10
    Easy initial setup process, but reporting feature for web scanning tools need improvement
    Pros and Cons
    • "The solution's most valuable feature is reporting."
    • "Its technical support could be better."

    What is our primary use case?

    Our customers use the solution for web scanning, application testing, and attack surface management.

    What is most valuable?

    The solution's most valuable feature is reporting.

    What needs improvement?

    They should improve the solution's reporting for web scanning tools. Presently, there are many restrictions to accessing the reports. I have to pass some security tests. Despite this, sometimes I couldn't see any information.

    They should add more automated tools to demonstrate the possibility of hacks. Also, the tools should help us check the possibility of deploying the databases found before. Along with this, they should add more CRM-related features for better administration. In addition, there needs to be a tool for firewalls and vulnerability management. They should provide security assessments for applications and systems like firewalls, IPS, and web gateway.

    How are customer service and support?

    The solution's technical support team must provide customers with a clear, easy-to-understand product description.

    How was the initial setup?

    The solution's initial setup is straightforward. The customers have to log in, enter their company's domain and proceed to scan.

    What's my experience with pricing, setup cost, and licensing?

    The solution is quite expensive. The license costs around $10,000 per test. Also, the customers have to pay extra for every update.

    What other advice do I have?

    I advise others to thoroughly understand the technical requirements of their business when it comes to security testing. They should evaluate other solutions, such as Tenable and Qualys. Further, they should make a buying decision after an in-depth analysis using different tools.

    I rate the solution as a five.

    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Application Security Testing (AST) Report and find out what your peers are saying about ImmuniWeb, Invicti, Qualys, and more!
    Updated: May 2023
    Buyer's Guide
    Download our free Application Security Testing (AST) Report and find out what your peers are saying about ImmuniWeb, Invicti, Qualys, and more!