Qasaba is an Attack Surface Management (ASM) platform.
Qasaba improves your organization's security posture by providing insight into the most probable initial access paths. Thanks to our proprietary technology we are able to deliver frequent and in-depth reports on the weaknesses that could be leveraged by the real attackers. Before they do.
Qasaba uses real-time sensors to uncover assets otherwise difficult to reach.
Our algorithms outperform most competitors, especially for large networks.
We use dozens of rules to filter out false positives and help you prioritize issues.
Qasaba is entirely proprietary software developed by offensive security professionals.
Keep focused on priorities
You don't need more tools. You need better results.
We don't want you to have yet another tool, so there are even more screens to look at and more information noise to be processed.
Asset discovery
There are dozens of modules that process information gathered by our probes, each of them specialized in a particular area.
TCP/UDP services
There is a difference between what you believe is available to the world versus what is really exposed.
Domain names
We are able to identify domain names and subdomains, as well as suggest ones likely to be related.
Data leaks
We have unique ways of discovering deeply hidden content based on our experience in Red Teaming operations.
Weak passwords
Our custom dictionaries and password testing methodology are at your hand, whenever you need.
Technology stack
It is surprising to learn that your servers are running software you have never heard of.
Cloud assets
We suggest cloud storage assets that are very likely related to your organization.
Vulnerabilities
Find imminent threats with our top of the league vulnerability matching and exploitation probability rules.
Pentesting hints
Hints are added automatically whenever there is something that should draw pentester's attention.
Changes
You will be notified whenever there is a change in software stack or versions.
A new approach to the problems of increasingly complex organizations
Qasaba was born out of necessity. Constantly monitoring a large infrastructure of one of the biggest financial institutions in Europe turned out to be a task that no number of humans could do in any predictable time. Not to mention the difficulties in hiring highly-trained experts to do probably the most tedious and ineffective job in the world of IT.
Learn more about the solution
Case studies
We call them success stories since it wasn't too late
Qasaba revealed critical issues that have gone unnoticed despite regular auditing, penetration testing, and vulnerability scanning. Here are some of the examples:
Development environment
A development environment had been exposed to the public network, just before the planned release of a mobile application. We managed to identify it and report instantly.
Vulnerable CMS
We had found a vulnerable plugin in a Content Management System of a medical company, on a machine that was regularly scanned and checked during penetration tests.
Data leak
Archives containing technical documentation and configuration backups were discovered on a single machine of a large network operator. The finding was reported immediately and fixed within two hours.
Unauthorized services
A number of services operated privately by former employees were detected in the infrastructure of a company processing sensitive personal data.
Infected machine
We had successfully identified and reported a server that was infected by malware, an issue that was not discovered by an AV agent.
Vulnerable Web application
A critical issue in a project management system had been identified, not reported previously by a vulnerability scanner, enabling anyone to access confidential information.