Today I would like to talk about another service for application security analysis by High-Tech Bridge. It’s called ImmuniWeb Application Discovery.

This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large organization. And, what is especially pleasant, it works automatically and free of charge. 😉

ImmuniWeb Application Discovery will also show the basic security problems with SSL connection, web-server headers, potential phishing issues for all founded web services. You can read more about this part in my posts about High-Tech Bridge services and APIs for SSL/TLS server testing and for searching cybersquatting, typosquatting and phishing domains.

From the same interface you can order an advanced audit of your web applications by High-Tech Bridge as well.

If you want to try ImmuniWeb Application Discovery fill the registration form at https://portal.htbridge.com/client/register/

After a while you will receive an email message with activation link. Then go to https://portal.htbridge.com/client/login/ and you will see this:

An unique feature of ImmuniWeb Application Discovery is that it works fully automatically. Just click the big green “Start Discovery” button. Input some domain names that you already know and the name of your organization. For testing, I tried to search web applications related to avleonov.com.

This is not an interesting case because I have only one second-level domain. So it was impossible to find anything except this website with “www” and without it.

NB: I tried to use ImmuniWeb Application Discovery for a real organization as well. In that case it found lots of third and second level domains. Even the domains that were not similar to the inputted  domains or a company name! I do not know how exactly this works, but they probably analyze the white ip-ranges of organization, links in the raw web page content, lists of all registered domains and whois data. The service also detects mobile applications and resources located in Amazon cloud.

ImmuniWeb Application Discovery also conducted basic security analysis. It showed expiration date for the domains, detected that web application at avleonov.com uses jQuery and WordPress, evaluated SSL and web server settings and also showed possible problems with malicious domains (typosquatting and phishing).

You can see what information were collected and displayed:

• Application
  • Domain/IP-address
  • When domain expires
  • When SSL Certificate expires
  • Fingerprinted Software
• Responsible Party
• Business Criticality (Low, Medium, High, Critical)
• Compliance Requirements (PCI DSS, GDPR, HIPAA)
• User Data (PII – “Personally identifiable information” and PHI – “Protected Health information”)
• Status Check
  • HTTPS Security
  • Web Server Security
  • Malicious Domains
• ImmuniWeb® — whether the web application was checked by the High-Tech Bridge web application scanner

HTTPS Security score redirects to the free ImmuniWeb® SSLScan service. Nothing bad was there for my site, but the most common vulnerability is the support of weak cipher suites.

Web Server Security score redirects to the free ImmuniWeb® WebScan service. The main problems with my site were “The web server supports some insecure HTTP methods” and “Some HTTP headers related to security and privacy are missing or misconfigured”.

As for Malicious Domains, the service redirected me to the free ImmuniWeb® Trademark Monitor and showed me a potentially dangerous domain “aleonov.com”. In fact, there is nothing terrible with this domain name.

So, here are the results. They can be filtered using the same fields:

Unfortunately, it’s not possible to filter by Status Check. But you can export and download scan results in csv and parse.

If the service did not find some applications automatically, you can add them manually. So I added openvas.ru and after some time I received the results of analysis for this domain as well.

In conclusion

ImmuniWeb Application Discovery can be useful to check whether you know about all the web and mobile applications in your organization. Of course, if you control the perimeter carefully, there should not be any surprises. See my post “Vulnerability Management for Network Perimeter“. But it never hurts to check your processes using third-party utilities and services.

This service can also help you to find some basic security problems. But, IMHO, it dramatizes the found vulnerabilities a lot. I did not see practically exploitable vulnerabilities there, even when the overall score was extremely low. But from the compliance point of view, this can be useful.

Unfortunately, automatic detection and assessment in ImmuniWeb Application Discovery works only once in free mode. And if you want to use this service regularly you need to become a client of High-Tech Bridge:

Daily 24/7 discovery is currently available to ImmuniWeb® Continuous customers. Please contact us to enable it.

But it was fun to test it anyway. Especially because the service is free. 😉

In practice, I do something similar by analyzing the results of Nessus scanning, detecting active web services and scanning them automatically with Acunetix. But here, of course, everything is more beautiful and works automatically out of the box.