Product showcase: ImmuniWeb Neuron, DAST with a zero false positives SLA
Tuesday, July 12, 2022
Few organizations can afford regular penetration testing of their numerous web applications, APIs and microservices. Instead, they usually leverage a fully automated web vulnerability scanning, namely various Dynamic Application Security Testing (DAST) solutions. The cost-efficient substitute, however, has two major pitfalls: false positives and false negatives.
ImmuniWeb, a global application security company with over 1,000 customers from more than 50 countries, unveils ImmuniWeb Neuron that is specifically designed to address both problems in a simple, efficient and effective manner. Its award-winning machine learning technology eliminates false positives and reduces the number of false negatives.
Zero false positives SLA and money-back guarantee
With ImmuniWeb Neuron, you don’t need to worry about false positives anymore: for each false positive you spot in your scan report (if any), you get your money back for the entire week of your subscription regardless of how large your scope is.
Yes, this is not a sales puffery but a legally enforceable contractual clause for all ImmuniWeb customers. The SLA does not cover low-risk security warnings, such as HTTP security headers misconfigurations, but comprehensively addresses all security vulnerabilities with a CVSS score.
AI-driven detection of OWASP Top 10 and OWASP API Security Top 10
Neuron’s vulnerability fuzzing engine is enhanced with a set of interconnected machine learning models, trained on real penetration testing data. It intelligently automates complicated tasks, spanning from business logic testing to WAF bypass. ImmuniWeb Neuron can run in-depth testing of APIs and microservices, hosted on premises or in a cloud environment.
As all other automated web vulnerability scanning solutions, Neuron cannot and does not replace a skilled penetration tester, but is specially crafted to produce more findings compared to traditional scanning tools.
Expert support for vulnerability analysis and remediation
Contrasted to other DAST solutions, Neuron comes with unlimited technical support by ImmuniWeb web security analysts. Whenever your software developers or DevOps engineers need some further guidance on vulnerability exploitation or remediation, they will get qualified help by email or via online ticketing options.
Flexible scan settings, scheduling and configuration
For every Neuron scan you can fully customize your scope, adjust scanning speed and aggressivity, and configure multirole authenticated scanning with SSO and some variants of MFA.
Scans can be run manually or on schedule with a custom periodicity. Your targets and scans can be classified into easily manageable groups with tags that add further granularity to continuous scan management.
CI/CD and DevSecOps native
A diversified ecosystem of technical integrations makes ImmuniWeb Neuron a perfect fit for your existing CI/CD pipeline or DevSecOps processes.
Unbeatable pricing model
For large organizations, ImmuniWeb Neuron offers subscriptions with unlimited number of targets for a fixed annual price. This can be particularly helpful when your scanning scope is not yet known or may suddenly increase because of corporate M&A activities.
For a fixed number of targets, if your target merely changes its (sub)domain, you are not required to buy an extra target – such changes are free. Before you start your first scan, you can also change or delete your targets at no additional cost.
ASM for risk-based and threat-aware testing
Most organizations struggle to prioritize their application security testing and subsequent vulnerability remediation strategy. Omnipresent shadow IT, third-party managed microservices and multicloud environments exacerbate the situation. To overcome those obstacles, you can combine Neuron with Discovery – the Attacks Surface Management (ASM) offering by ImmuniWeb.
Just enter your company name – as simple as that – to get a user-friendly dashboard depicting all your external IT assets including domains, websites and APIs, mobile apps, cloud storage and endpoints, network services and publicly exposed IoT devices. The assets are classified by risk score and compliance status, whilst the detected misconfigurations and vulnerabilities are accompanied with remediation instructions. Importantly, each asset is also mapped to its threat landscape including stolen credentials, posts on hacking forums selling access to your data or infrastructure, ongoing phishing campaigns or fake accounts in social networks impersonating your business.
By synergizing ImmuniWeb Neuron DAST with Discovery ASM, you take your application security testing program to the next level by making it holistic, risk-based and threat-aware.
ImmuniWeb AI Platform – 5 products, 20 use cases
While the DAST market is booming, most data protection regulations and laws expressly impose mandatory penetration testing by human experts that cannot be replaced by any kind of automated DAST scanning. The award-winning ImmuniWeb AI Platform offers you all kinds of synchronized products in a single place to address a broad spectrum of security, privacy and compliance needs:
All products can be accessed via an intuitive dashboard with RBAC user management. A well-documented API can automate the process and seamlessly integrate ImmuniWeb with your existing SIEM system, CI/CD pipeline or DevSecOps tools.
You can request a free demo and a personalized quote prior to buying – don’t miss the opportunity. Read Full Article
The Hacker News: The End of False Positives for Web and API Security Scanning?
ComputerWeekly: Cyber insurance: What does a CISO need to know?