Company:High-Tech Bridge

From HandWiki
High-Tech Bridge
TypePrivate
IndustryApplication Security
Founded2007 (2007)
FounderIlia Kolochenko
Headquarters
Geneva
,
Area served
Europe
North America
APAC
Key people
Ilia Kolochenko (CEO)[1]
William Weber (CFO)
Stéphane Koch (Vice President)
Marsel Nizamutdinov (CTO)
ProductsImmuniWeb AI
ServicesWeb Application Security, Mobile Application Testing
Number of employees
50+
Websitewww.htbridge.com

High-Tech Bridge SA is a web security company based in Geneva, Switzerland that develops Machine Learning and Artificial Intelligence technologies for application security via its AST platform ImmuniWeb AI. Started in December 2007 as a vendor-neutral penetration testing boutique, High-Tech Bridge was named an Industry Leader and Best Service Provider among ethical hacking and penetration testing companies by Frost & Sullivan's market research in 2012.[2]

History

High-Tech Bridge was founded by Ilia Kolochenko, Swiss application security expert, SC Media "Thought Leader",[3] Forbes Technology Council member,[4] contributing editor to SC Magazine UK, Dark Reading and IDG's CSO Online[5].

In November 2013, International Telecommunication Union and High-Tech Bridge agreed to use ImmuniWeb as a part of ITU's toolset for ensuring that the websites of ITU Member States are secure.[6]

In July 2015 High-Tech Bridge and PricewaterhouseCoopers Switzerland announced a strategic partnership [7] based around ImmuniWeb's web penetration testing, continuous monitoring and vulnerability assessment capabilities. The partnership was afterward expanded to other PwC global offices, including PwC Singapore.[8]

Security Research

Security Advisories

High-Tech Bridge Security Research Team has released over 500 security advisories[9] affecting various software, with issues identified in products from many well-known vendors, such as Sony,[10] McAfee[11] Novell,[12] in addition to many web vulnerabilities affecting popular open source and commercial web applications, such as osCommerce,[13] Zen Cart,[14] Microsoft SharePoint, SugarCRM and others.

High-Tech Bridge's Security Research Lab was registered as CVE and CWE compatible by MITRE.[15]. High-Tech Bridge is one of only 24 organizations, globally, and the first in Switzerland, that have been able to achieve CWE certification.

The company is listed among 81 organizations, as at August 2013, that include CVE identifiers in their security advisories.[16]

Free Services and Related Research

High-Tech Bridge launched an SSL/TLS configuration testing tool in October 2015.[17] The tool can validates email, web or any other TLS or SSL server configuration against NIST guidelines and checks PCI DSS compliance, it was cited in articles covering the TalkTalk data breach.[18][19]

Web Vulnerability and Privacy Research

The discovery of vulnerabilities in Yahoo! sites by High-Tech Bridge was widely reported,[20][21] leading to the t-shirt gate affair and changes in Yahoo's bug bounty program. High-Tech Bridge identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25.[22][23][24][25] The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called t-shirt-gate,[26] a campaign against Yahoo! sending out T-shirts as thanks for discovering vulnerabilities. High-Tech Bridge's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria.[21][27]

In December 2013, High-Tech Bridge research[28] on privacy in popular social networks and email services was cited[29][30] in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network.

In October 2014 High-Tech Bridge discovered a Remote Code Execution vulnerabilities in PHP.[31]

In December 2014, High-Tech Bridge identified the RansomWeb attack,[32] a development of Ransomware attacks, where hackers have started taking over webs servers, encrypting the data on them and demanding payment to unlock the files.

In April 2014, the discovery[33] of a sophisticated Drive-by download attacks, revealed how drive-by download attacks are used to target specific website visitors after their authentication on a compromised web resource.

In December 2015, High-Tech Bridge tested the most popular free email service providers, for SSL/TLS email encryption.[34] Hushmail, previously considered as one of the most secure email providers, received a failing "F" grade. Just after, the company updated its SSL configuration and received a score of "B+".[35]

Awards and Recognition

In March 2015, ImmuniWeb was recognized in Frost & Sullivan's 2015 Market Insight as being 'the most complete hybrid offering available'.[36]

In April 2016, High-Tech Bridge was selected as a Red Herring Europe 2016 Winner.[37]

SC Media Reboot 2016 named ImmuniWeb an Industry Innovator in the Analysis and Testing category.[38]

In April 2017, Frost & Sullivan's research on machine learning in Application Security Testing (AST) recognized High-Tech Bridge as the most innovative player on AST marketplace, outperforming HPE and IBM Security.[39]

In May 2017, Gartner named High-Tech Bridge a Garter Cool Vendor in "Cool Vendors in Security for Midsize Enterprises, 2017" by Adam Hils.[40]

In June 2017, High-Tech Bridge was selected as the SC Awards Europe 2017 winner in "Best Emerging Technology" category.[41]

In June 2018, ImmuniWeb was named the Winner in “Best Usage of Machine Learning / AI” category at SC Awards Europe 2018 outperforming six other finalists including IBM Watson for cybersecurity. [42]

Organizational Memberships

High-Tech Bridge is a member of a number of security-related organizations, including:

References

  1. "Articles by Ilia Kolochenko". http://www.csoonline.com/author/Ilia-Kolochenko/. Retrieved 22 July 2015. 
  2. "The Importance of Ethical Hacking: Emerging Threats Emphasise the Need for Holistic Assessments". Frost & Sullivan. http://www.frost.com/prod/servlet/press-release.pag?docid=258396442. Retrieved 19 April 2012. 
  3. "Thought Leaders – Ilia Kolochenko". 23 August 2017. https://www.scmagazine.com/home/news/reboot-awards-2017/thought-leaders-ilia-kolochenko/. 
  4. "Forbes Technology Council Member Spotlight: Ilia Kolochenko". 11 July 2016. https://forbestechcouncil.com/blog/2016/07/11/forbes-technology-council-member-spotlight-ilia-kolochenko-ceo-and-founder-of-high-tech-bridge/. 
  5. "Ilia Kolochenko". 11 July 2015. https://www.csoonline.com/author/Ilia-Kolochenko/. 
  6. "ITU Telecom World 2013 sets agenda for far-reaching changes in ICT sector". Itu.int. http://www.itu.int/net/pressoffice/press_releases/2013/66.aspx. 
  7. "PwC and High-Tech Bridge launch innovative web security solution". PricewaterhouseCoopers. http://news.pwc.ch/wp-content/uploads/2016/05/MM_PwCHighTechBridge_EN.pdf. Retrieved 15 July 2015. 
  8. "High-Tech Bridge and PwC Singapore announce a strategic partnership in cybersecurity". PricewaterhouseCoopers. http://www.pwc.com/sg/en/pressroom.html#/pressreleases/high-tech-bridge-and-pwc-singapore-announce-a-strategic-partnership-in-cybersecurity-1743058. Retrieved 16 January 2016. 
  9. "Packet Storm - Files from High-Tech Bridge SA". PacketStorm.org. https://packetstormsecurity.com/files/author/8035/. Retrieved 20 February 2016. 
  10. "Security Update Program for VAIO® Personal Computers". Sony. http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946. Retrieved 20 January 2015. 
  11. "McAfee Security Bulletin - McAfee MVT & ePO-MVT update fixes an "Escalation of Privileges" vulnerability". McAfee. https://kc.mcafee.com/corporate/index?page=content&id=SB10040. Retrieved 20 January 2015. 
  12. "Security Vulnerability: GroupWise Client for Windows Remote Untrusted Pointer Dereference Vulnerability". Novell. https://www.novell.com/support/kb/doc.php?id=7011687. Retrieved 20 January 2015. 
  13. "Researchers at Swiss-based security firm High-Tech Bridge have identified serious vulnerabilities in several popular web applications". SecurityWeek. http://www.securityweek.com/rce-sqli-flaws-found-popular-web-apps. Retrieved 20 February 2016. 
  14. "Critical Zen Cart vulnerability could spell Black Friday disaster for online shoppers". BetaNews. http://betanews.com/2015/11/25/critical-zen-cart-vulnerability-could-spell-black-friday-disaster-for-online-shoppers/. Retrieved 20 February 2016. 
  15. "Product from High-Tech Bridge Now Registered as Officially "CWE-Compatible"". MITRE. http://cwe.mitre.org/news/archives/news2012.html#20120827a. Retrieved 7 August 2014. 
  16. "Organizations with CVE Identifiers in Advisories". 26 June 2013. http://www.cve.mitre.org/compatible/alerts_announcements.html. Retrieved 1 September 2013. 
  17. "Free PCI and NIST compliant SSL test". http://www.net-security.org/secworld.php?id=19009. Retrieved 23 October 2015. 
  18. "TalkTalk boss receives ransom demand as massive customer data breach deepens". http://www.theinquirer.net/inquirer/news/2431728/talktalk-ddos-hack-leaves-four-million-customers-at-risk. Retrieved 23 October 2015. 
  19. "TalkTalk CEO admits security fail, says hacker emailed ransom demand". https://www.theregister.co.uk/2015/10/23/talktalk_ceo_apologises/. Retrieved 23 October 2015. 
  20. "Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal". 3 October 2013. http://www.v3.co.uk/v3-uk/news/2298445/yahoo-to-pay-up-to-usd15-000-for-bug-finds-after-t-shirt-gate-scandal. 
  21. 21.0 21.1 Kirk, Jeremy (3 October 2013). "Yahoo security bounty program ditches T-shirts for cash". http://www.pcworld.com/article/2051880/yahoo-abandons-tshirt-rewards-for-vulnerability-information.html. Retrieved 19 October 2013. 
  22. Rubenking, Neil J. (1 October 2013). "Yahoo Offers Sad Bug Bounty: $12.50 in Company Swag". PC Magazine. http://securitywatch.pcmag.com/hacking/316421-yahoo-offers-sad-bug-bounty-12-50-in-company-swag. Retrieved 19 October 2013. 
  23. Bilton, Ricardo (1 October 2013). "‘I reported a major Yahoo security vulnerability and all I got was this lousy T-shirt’". https://venturebeat.com/2013/10/01/i-reported-a-major-yahoo-security-vulnerability-and-all-i-got-was-this-lousy-t-shirt/. Retrieved 19 October 2013. 
  24. Frank, Blair Hanley (1 October 2013). "Researchers find critical vulnerabilities in Yahoo’s site, offered $12.50 per bug". http://www.geekwire.com/2013/researchers-find-critical-vulnerabilities-yahoos-site-offered-1250-bug/. Retrieved 19 October 2013. 
  25. Hackney, Steve (7 October 2013). "Yahoo! Inc. (NASDAQ:YHOO) Removes Bugs Identified By High Tech Bridge". http://wallstreetpr.com/yahoo-inc-nasdaqyhoo-removes-bugs-identified-by-high-tech-bridge-9663. Retrieved 19 October 2013. 
  26. Osborne, Charlie (3 October 2013). "Yahoo changes bug bounty policy following 't-shirt gate'". http://www.zdnet.com/yahoo-changes-bug-bounty-policy-following-t-shirt-gate-7000021508/. Retrieved 19 October 2013. 
  27. Martinez, Ramses (2 October 2013). "So I’m the guy who sent the t-shirt out as a thank you". http://yahoodevelopers.tumblr.com/post/62953984019/so-im-the-guy-who-sent-the-t-shirt-out-as-a-thank-you. Retrieved 19 October 2013. 
  28. "Social networks: can robots violate user privacy?". https://www.htbridge.com/news/social_networks_can_robots_violate_user_privacy.html. 
  29. "Facebook sued for allegedly intercepting private messages". http://news.cnet.com/8301-1023_3-57616496-93/facebook-sued-for-allegedly-intercepting-private-messages/. 
  30. "Is Facebook spying on you?". CNBC. http://video.cnbc.com/gallery/?video=3000236311. 
  31. Brook, Chris. "PHP patches buffer overflow vulnerabilities". https://threatpost.com/php-patches-vulnerabilities-including-remote-code-execution-flaw/108960. Retrieved 27 October 2014. 
  32. Fox-Brewster, Thomas. "RansomWeb: Crooks Start Encrypting Websites And Demanding Thousands Of Dollars From Businesses". https://www.forbes.com/sites/thomasbrewster/2015/01/28/ransomweb-50000-dollar-extortion/. Retrieved 1 February 2015. 
  33. Gallagher, Sean (13 April 2015). "Universal backdoor for e-commerce platform lets hackers shop for victims". arstechnica. https://arstechnica.com/security/2015/04/universal-backdoor-for-e-commerce-platform-lets-hackers-shop-for-victims/. Retrieved 14 April 2015. 
  34. "Testing Your SSL Encryption Can Provide Important Security Insights". IBM Security Intelligence. 15 December 2015. https://securityintelligence.com/testing-your-ssl-encryption-can-provide-important-security-insights/. Retrieved 15 December 2015. 
  35. "High-Tech Bridge Grades Email Services on Security, Gives Fastmail Top Score". Talkin Cloud. 3 December 2015. http://talkincloud.com/cloud-computing-security/high-tech-bridge-grades-email-services-security-gives-fastmail-top-score. Retrieved 3 December 2015. 
  36. "The Rise of Hybrid Web Application Security Testing". http://www.frost.com/sublib/display-report.do?id=9817-00-DC-00-00. Retrieved 31 March 2015. (Subscription content?)
  37. "2016 Top 100 Europe Winners". Red Herring. http://www.redherring.com/events/red-herring-europe/2016-winners/. Retrieved 14 April 2016. 
  38. "Reboot 2016". SC Magazine. https://www.scmagazine.com/analysis-and-testing/article/577562/2/. Retrieved 14 December 2016. 
  39. "How Machine Learning will Strengthen the Web Application Security Testing Market". Frost & Sullivan. https://ww2.frost.com/news/press-releases/web-application-security-testing-market-can-leverage-machine-learning-catalyse-growth-opportunities/. Retrieved 19 April 2017. 
  40. "Gartner Cool Vendors in Security for Midsize Enterprises". Gartner Inc.. https://www.gartner.com/doc/3732124. Retrieved 24 June 2017. 
  41. "SC Awards Europe 2017". SC Media. http://www.scawardseurope.com/results-2017/. Retrieved 24 June 2017. 
  42. "SC Awards Europe 2018". SC Media. http://www.scawardseurope.com/results-2018/. Retrieved 6 June 2018. 
  43. "CVSS Adopters". FIRST. http://www.first.org/cvss/eadopters. Retrieved 9 April 2014. 
  44. "Global Partnerships". International Telecommunications Union. http://www.itu.int/en/ITU-D/Cybersecurity/Pages/partnership.aspx. Retrieved 10 April 2014. 

External links

See also