Web Gateway

Attack Vector

Cymulate’s Web Gateway Vector

Cymulate’s Web Gateway Vector helps you to test your HTTP/HTTPS inbound and outbound exposure to malicious or compromised websites.

Unsecure web browsing is frequently abused by hackers to exploit security weaknesses and compromise corporate environments. The World Wide Web is filled with malicious websites, and new ones are uploaded every day. Furthermore, legitimate websites developed in an unsecure manner are also being compromised and used to spread malware and other attacks. About 12% of recorded cyberattacks use a significant number of malware and malicious scripts that are delivered while browsing to infected websites or via browser add-ons.

In addition, malicious scripts–using Flash, Java and Microsoft Silverlight plug-ins on webpages–make up a quarter of malware attacks. The Cerber and Bad Rabbit attacks started off by a malicious hacker compromising a legitimate website to spread their malware. In the case of Cerber, it was found that the U.S. National Wildfire Coordinating Group’s (NWCG) website was hosting a JavaScript downloader that was used to deliver the Cerber ransomware. It used a zip archive that contained a JavaScript file with an obfuscated PowerShell. The PowerShell downloaded the Cerber executable, disguised as a GIF file. This attack was removed from the website within less than a day after infecting thousands of victims who browsed to NWCG’s legitimate website.

Despite pervasive use of proxies, web filters, and all sorts of secure browsing solutions, browsing to malicious and compromised websites is a very common risk due to malicious online advertisements, fraudulent links, exploit kits and more. Since the majority of web malware infections takes place during legitimate browsing of infected mainstream websites or via browser add-ons, assessing the outbound exposure to malicious websites is crucial.

Cymulate’s Web Gateway cyber attack simulation vector is designed to evaluate your organization’s inbound and outbound exposure to malicious or compromised websites and current capabilities to analyze any inbound traffic. It enables you to verify your organization’s exposure to an extensive and continuously growing database of malicious and compromised websites.

Immediate, actionable simulation results enable IT and security teams to identify security gaps, prioritize remediation and take corrective measures to reduce your organization’s attack surface.

Learn more about Other vectors


Automate cyber-intelligence gathering, analysis and risk rating providing businesses guidance to reduce their attack surface.

Email Gateway

Test Your E-Mail Security With Cymulate’s Vast and Diverse Email Solution.

Web Gateway

Test Your HTTP/HTTPS Outbound Exposure to Malicious Websites.

Web Appliocation Firewall

Test Your WAF Security Posture to Web Payloads and Protect Your Web Apps.

Endpoint Security

Test if your Endpoint solutions are tuned properly and if they are protecting you against the latest attack vectors.

Lateral Movement

Test Your E-Mail Security With Cymulate’s Vast and Diverse Email Solution.

Data Exfiltration

Challenge your DLPcontrols, enabling you to assess the security of outbound critical data before your sensitive information is exposed.

Immediate Threat

Challenge your internal networks against different techniques and methods used by attackers to gain access and control

Full Kill-Chain Advanced Persistent Threat

Full Kill-Chain Advanced Persistent Threat

Purple Team Simulation

Customized and automated security validation and assurance.