Abricto Attack Surface
Management (ASM)

An organization’s internet-facing perimeter is an ever-changing landscape. Abricto Security’s Attack Surface Management (ASM) solves this challenge by actively discovering new systems as they arise. All systems are catalogued; services are enumerated and assessed for vulnerabilities.


“More effective than bug bounties, less triage work for enterprise teams”


Discovering, validating and triaging external vulnerabilities is a daunting and resource intensive challenge for most organizations. Vulnerability scanners and bug bounty programs look great on paper but are often ineffective, cost-prohibitive or both. The Abricto ASM service provides active discovery and ongoing surveillance of your internet-facing presence. Our US-based security consultants do the heavy-lifting of triage, delivering only validated, prioritized and actionable vulnerabilities for remediation. Abricto ASM is a subscription-based service, so there are no variable or hidden costs.

Continuous Discovery and Assessment

  • High-impact vulnerabilities, such as those that are actively being targeted in attack campaigns, are identified and prioritized.
  • Applications are assessed for vulnerabilities like SQL injection, cross-site scripting, command execution and more.
  • Management services like SSH and Remote Desktop are checked for common, guessable or previously breached credentials.
  • Cloud services are checked for configuration flaws such as exposed API keys or unsecured data stores.

Up-to-Date Inventory

  • New internet-facing systems are discovered daily and metadata about the system is available to be consumed by your asset inventory.
  • Existing systems are continuously re-assessed for new vulnerabilities or attribute changes that should be reflected in inventory records.

Vulnerability Validation-as-a-Service

  • We independently validate all vulnerabilities, eliminating false-positive notifications.
  • No more time wasted by your team drilling down into dashboards or reports trying to triage alerts.
  • Remediation efforts are focused on qualified and prioritized vulnerabilities, maximizing organizational efficiency and effectiveness.

Service Experience

  • Access to the Abricto Security Client Portal:
    • View discovered and vetted vulnerabilities
    • Jira integration out of the box
    • Rich API available for custom integration
    • View historical metrics of asset vulnerabilities

Abricto ASM handles the discovery, identification and validation of external vulnerabilities. No more false-positives and no more communication barriers.