High-Tech Bridge

From Wikipedia, the free encyclopedia
Jump to: navigation, search
High-Tech Bridge
Type Private
Founded 2007 (2007)
Headquarters Geneva, Switzerland
Key people Ilia Kolochenko (CEO)
Marsel Nizamutdinov (Chief Research Officer)[1]
Frederic Bourla (Chief Security Specialist)[2]
Stéphane Koch (Vice President)[2]
Services Computer security, Penetration Testing, Computer crime investigation, Web application security
Employees 25
Website www.htbridge.com

High-Tech Bridge SA is a Geneva, Switzerland-based private information security company.[3] Founded in 2007, the company was judged by Frost & Sullivan as an industry leader and best service provider among ethical hacking providers in Europe[4][5] and is best known for discovering vulnerabilities on nasdaq.com, the Yahoo t-shirt gate affair and introducing the concept of hybrid manual/automated penetration testing through its ImmuniWeb web application security scanner.

The company is among 81 organizations, as at August 2013, that include CVE identifiers in their security advisories.[6]

History[edit]

High-Tech Bridge SA was founded at its current headquarters at World Trade Center, Geneva, Switzerland in 2007 by Ilia Kolochenko, who also lectures on cyber crime at the University of Applied Sciences and Arts in Western Switzerland, serves as its CEO.[7]

In August 2012, High-Tech Bridge's Security Research Lab was registered as CVE and CWE compatible by MITRE.[8] This registration was followed in June 2013 with ImmuniWeb achieving CVE and CWE compatible status,[9][10] making High-Tech Bridge one of only 24 organizations, globally, and the first in Switzerland, that have been able to achieve CWE compatible status.

Services[edit]

High-Tech Bridge's core business is in white hat computer penetration testing, information security auditing, computer security consulting, source code review, computer forensics, among other services.[4][11] In 2012 the company was assessed by Frost & Sullivan as one of the leading European companies in the ethical hacking market.[12]

In September 2013 High-Tech Bridge reported a weakness, that could allow hackers to perform phishing attacks via access to users' browsing history on Nasdaq.com.[13][14]

The discovery of vulnerabilities in Yahoo! sites by High-Tech Bridge was widely reported[15][16] as leading to the t-shirt gate affair and changes in Yahoo's bug bounty program. High-Tech Bridge identified and reported four XSS vulnerabilities on Yahoo! domains, for which the company was awarded two gift vouchers to the value of $25.[17][18][19][20] The sparse reward offered to security researchers for identifying vulnerabilities on Yahoo! was criticized, sparking what came to be called t-shirt-gate,[21] a campaign against Yahoo! sending out t-shirts as thanks for discovering vulnerabilities. High-Tech Bridge's discovery of these vulnerabilities and the subsequent criticism of Yahoo!'s reward program led to Yahoo! rolling out a new vulnerability reporting policy which offers between $150 and $15,000 for reported issues, based on pre-established criteria.[16][22]

In December 2013, High-Tech Bridge research[23] on privacy in popular social networks and email services was cited[24][25] in a class action lawsuit for allegedly violating its members' privacy by scanning private messages sent on the social network. High-Tech Bridge also discovered vulnerabilities on the World Economic Forum that leaked the email addresses of attendees.[26]

ImmuniWeb[edit]

High-Tech Bridge introduced the concept of the hybrid web application security scanner with the launch of ImmuniWeb in August 2013.[27] ImmuniWeb's hybrid solution conducts automated vulnerability scanning and manual web application penetration testing in parallel. By including a manual element in the security scan, the hybrid approach seeks to eliminate false positives[10][11] ImmuniWeb uses a real penetration tester in conjunction with the automated vulnerability scanning.[28]

ImmuniWeb, is both CVE and CWE comptible. ImmuniWeb has been adopted [29] as part of the UN International Telecommunication Union's (ITU) toolset for ensuring that the websites of ITU Member States are secure.

Awards and recognition[edit]

High-Tech Bridge made the Online Trust Alliance (OTA) Members - Honor Roll three years in a row: 2012-2104.[30] The OTA Honor Roll, first awarded in 2010, analyses sites based on their domain, brand and consumer protection; site, server and infrastructure security; and data protection and privacy; and acknowledges those organizations with the best security and privacy policies.[31] Its web application, ImmuniWeb, was employed in determining the nominees for OTA's 2014 list.[12]

Organizational memberships[edit]

High-Tech Bridge is a member of a number of security-related organisations, including:

References[edit]

  1. ^ "Company Overview of High-Tech Bridge SA". Bloomberg Businessweek. Retrieved 1 September 2013. 
  2. ^ a b "High-Tech Bridge CrunchBase profile". CrunchBase. 
  3. ^ "ImmuniWeb service launches to combine vulnerability scanning with manual pen testing". 1 August 2013. Retrieved 31 August 2013. 
  4. ^ a b "The Importance of Ethical Hacking: Emerging Threats Emphasise the Need for Holistic Assessments". Frost & Sullivan. Retrieved 31 August 2013. 
  5. ^ "High-Tech Bridge SA". Association suisse de la sécurité de l'information. Retrieved 31 August 2013. 
  6. ^ "Organizations with CVE Identifiers in Advisories". 26 June 2013. Retrieved 1 September 2013. 
  7. ^ "Industry Support of OTA Online Trust Honor Roll". 8 June 2012. Retrieved 31 August 2013. 
  8. ^ "Product from High-Tech Bridge Now Registered as Officially "CWE-Compatible"". MITRE. Retrieved 7 August 2014. 
  9. ^ "1 Product from High Tech Bridge Now Registered as Officially "CWE-Compatible"". 26 June 2013. Retrieved 30 August 2013. 
  10. ^ a b "Web application scanner and vulnerability assessment service launched in beta". SC Magazine. 1 August 2013. Retrieved 31 August 2013. 
  11. ^ a b "Infosecurity Exclusive: Major Media Organizations Still Vulnerable Despite High Profile Hacks". Info Security. 20 August 2013. Retrieved 7 September 2013. 
  12. ^ a b "Exclusive First Look: ImmuniWeb by High-Tech Bridge". 19 July 2013. Retrieved 31 August 2013. 
  13. ^ Cartwright, Lachlan (16 September 2013). "Cypersecurity pro on Nasdaq website: 'I needed 10 minutes to hack'". New York Daily News. 
  14. ^ Cartwright, Lachlan (17 September 2013). "Nasdaq fixes hack-vulnerable website after Daily News exposes weak security". New York Daily News. 
  15. ^ "Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal". 3 October 2013. 
  16. ^ a b Kirk, Jeremy (3 October 2013). "Yahoo security bounty program ditches T-shirts for cash". Retrieved 19 October 2013. 
  17. ^ Rubenking, Neil J. (1 October 2013). "Yahoo Offers Sad Bug Bounty: $12.50 in Company Swag". PC Magazine. Retrieved 19 October 2013. 
  18. ^ Bilton, Ricardo (1 October 2013). "‘I reported a major Yahoo security vulnerability and all I got was this lousy T-shirt’". Retrieved 19 October 2013. 
  19. ^ Frank, Blair Hanley (1 October 2013). "Researchers find critical vulnerabilities in Yahoo’s site, offered $12.50 per bug". Retrieved 19 October 2013. 
  20. ^ Hackney, Steve (7 October 2013). "Yahoo! Inc. (NASDAQ:YHOO) Removes Bugs Identified By High Tech Bridge". Retrieved 19 October 2013. 
  21. ^ Osborne, Charlie (3 October 2013). "Yahoo changes bug bounty policy following 't-shirt gate'". Retrieved 19 October 2013. 
  22. ^ Martinez, Ramses (2 October 2013). "So I’m the guy who sent the t-shirt out as a thank you". Retrieved 19 October 2013. 
  23. ^ "Social networks: can robots violate user privacy?". 
  24. ^ "Facebook sued for allegedly intercepting private messages". 
  25. ^ "Is Facebook spying on you?". CNBC. 
  26. ^ Hern, Alex (23 January 2014). "World Economic Forum website closes email address leak". The Guardian. Retrieved 23 January 2014. 
  27. ^ Michael, Alexander. "You may think you have never been hacked... you just have not realised it yet". www.frost.com. Frost & Sullivan. Retrieved 4 August 2014. 
  28. ^ Cluley, Graham. "How ethical hackers found a (small) vulnerability on my website". Graham Cluley's Security Blog. Retrieved 3 March 2014. 
  29. ^ "ITU Telecom World 2013 sets agenda for far-reaching changes in ICT sector". Itu.int. 
  30. ^ "2014 Online Trust Audit & Honor Roll". 17 June 2013. Retrieved 23 June 2014. 
  31. ^ "2014 Honor Roll - Methodology". 
  32. ^ "CVSS Adopters". FIRST. Retrieved 9 April 2014. 
  33. ^ "Global Partnerships". International Telecommunications Union. Retrieved 10 April 2014. 

External links[edit]

See also[edit]