Qasaba is an Attack Surface Management (ASM) platform.

Qasaba improves your organization's security posture by providing insight into the most probable initial access paths. Thanks to our proprietary technology we are able to deliver frequent and in-depth reports on the weaknesses that could be leveraged by the real attackers. Before they do.

Instant results

Qasaba uses real-time sensors to uncover assets otherwise difficult to reach.

Exceptional discovery

Our algorithms outperform most competitors, especially for large networks.

Actionable results

We use dozens of rules to filter out false positives and help you prioritize issues.

Battlefield tested

Qasaba is entirely proprietary software developed by offensive security professionals.

Keep focused on priorities

You don't need more tools. You need better results.

We don't want you to have yet another tool, so there are even more screens to look at and more information noise to be processed.

Asset discovery

There are dozens of modules that process information gathered by our probes, each of them specialized in a particular area.

TCP/UDP services

There is a difference between what you believe is available to the world versus what is really exposed.

Domain names

We are able to identify domain names and subdomains, as well as suggest ones likely to be related.

Data leaks

We have unique ways of discovering deeply hidden content based on our experience in Red Teaming operations.

Weak passwords

Our custom dictionaries and password testing methodology are at your hand, whenever you need.

Technology stack

It is surprising to learn that your servers are running software you have never heard of.

Cloud assets

We suggest cloud storage assets that are very likely related to your organization.

Vulnerabilities

Find imminent threats with our top of the league vulnerability matching and exploitation probability rules.

Pentesting hints

Hints are added automatically whenever there is something that should draw pentester's attention.

Changes

You will be notified whenever there is a change in software stack or versions.

A new approach to the problems of increasingly complex organizations

Qasaba was born out of necessity. Constantly monitoring a large infrastructure of one of the biggest financial institutions in Europe turned out to be a task that no number of humans could do in any predictable time. Not to mention the difficulties in hiring highly-trained experts to do probably the most tedious and ineffective job in the world of IT.

Learn more about the solution
Case studies

We call them success stories since it wasn't too late

Qasaba revealed critical issues that have gone unnoticed despite regular auditing, penetration testing, and vulnerability scanning. Here are some of the examples:

Development environment

A development environment had been exposed to the public network, just before the planned release of a mobile application. We managed to identify it and report instantly.

Vulnerable CMS

We had found a vulnerable plugin in a Content Management System of a medical company, on a machine that was regularly scanned and checked during penetration tests.

Data leak

Archives containing technical documentation and configuration backups were discovered on a single machine of a large network operator. The finding was reported immediately and fixed within two hours.

Unauthorized services

A number of services operated privately by former employees were detected in the infrastructure of a company processing sensitive personal data.

Infected machine

We had successfully identified and reported a server that was infected by malware, an issue that was not discovered by an AV agent.

Vulnerable Web application

A critical issue in a project management system had been identified, not reported previously by a vulnerability scanner, enabling anyone to access confidential information.