Attack Surface Management module
Overview
Attack Surface Management (ASM) is a comprehensive security capability designed to help you discover, monitor, and secure your organization's external digital footprint. By providing your domains and IP addresses, the platform automatically identifies all externally exposed assets - such as web applications, network services, technologies, and SSL certificates - and continuously scans them to detect security weaknesses.
Why ASM? ASM gives you the attacker's view of your external security posture—showing exactly what's exposed and exploitable before adversaries find it.
What ASM Delivers
- Deep Asset Discovery - Comprehensive enumeration of your external attack surface
- Automated Security Scanning - Active testing powered by a template-based scanning engine
- Vulnerability Detection - Identification and validation of exploitable security weaknesses
- Actionable Remediation - Clear fix guidance, CVSS scoring, and exploitation likelihood
This enables security teams to proactively reduce risk across web applications, network services, IP addresses, and technology stacks.
Core Capabilities
Attack Surface Management provides continuous, active security testing across your entire external digital footprint—giving you the attacker's view before adversaries find it.
-
Active Security Testing ASM actively interacts with your assets to uncover vulnerabilities that passive techniques cannot detect, such as authentication bypasses, injection flaws, and insecure configurations.
-
Template-Based Scanning Engine Scans leverage an extensive and continuously updated library of security templates aligned with real-world attack techniques.
-
Continuous Monitoring Automated, scheduled scans ensure your security posture remains current as your infrastructure changes.
-
Actionable Results Each finding includes severity scoring, exploitation context, and clear remediation steps—helping teams prioritize effectively.
How It Works
Add Top-Level Assets
Begin by adding your organization's primary external assets:
| Asset Type | Description | Examples |
|---|---|---|
| Domains | Root or primary domains | example.com, company.org |
| IP Addresses | Public-facing infrastructure IPs | 203.0.113.10 |
Once added, ASM automatically runs an asset discovery workflow. Asset discovery focuses on visibility, while security scans focus on risk.
DNS Discovery
| Discovery | Description |
|---|---|
| DNS Records | A, CNAME, NS, MX, TXT, SOA, CAA |
| Subdomains | Automatically enumerated subdomains |
| Associated IPs | IPs resolved from DNS data |
Application Discovery
| Discovery | Description |
|---|---|
| Web Applications | HTTP/HTTPS services and responses |
| Technologies | Frameworks, CMSs, and libraries (e.g., nginx, React, WordPress) |
| SSL Certificates | Certificate chain, expiration, and security grade |
| HTTP Headers | Security headers and server metadata |
| Screenshots | Visual previews of discovered web applications |
Network Discovery
| Discovery | Description |
|---|---|
| Open Ports | Exposed TCP/UDP ports |
| Network Services | Services running on each port |
| Service Banners | Version and service identification |
| Protocols | TCP/UDP protocol detection |
| SSL/TLS Configuration | Encryption details per service |
IP Metadata Enrichment
Each discovered IP is enriched with contextual metadata:
| Metadata | Description |
|---|---|
| Provider | Hosting or cloud provider (e.g., AWS, Azure, Cloudflare) |
| Geolocation | Country and region |
| ASN Information | ASN number and organization |
Tip: If an asset is not discovered automatically, it can be added manually at any time to ensure full coverage.
Security Scanning
Once assets are identified, ASM performs active security scans to identify vulnerabilities and misconfigurations.
Default Scans
Default scans are preconfigured and enabled automatically:
- Cover all discovered assets
- Use all available scan templates
- Run on a recurring schedule
This provides immediate and continuous security coverage with no setup required.
Custom Scans
You can create targeted scans to fit specific needs:
| Scan Type | Focus Area | Applies To |
|---|---|---|
| DNS Scan | DNS security and configuration | Domains |
| Application Scan | Web apps, technologies, certificates | Domains, IPs |
| Network Scan | Ports, services, and protocols | IP addresses |
Port Configuration (Network Scans)
| Option | Description |
|---|---|
| Top 100 | Fast scans of common ports |
| Top 1000 | Broader coverage with common services |
| Custom | Specific ports or ranges (e.g., 80, 443, 8000–8100) |
Scan Execution Options
Scans can be run:
- Automatically — via default scheduling
- On-demand — triggered manually at any time
- On a schedule — using custom cron expressions
Vulnerability Detection
ASM performs active vulnerability validation, going beyond simple version matching to confirm whether vulnerabilities are actually exploitable.
Vulnerability Categories
| Category | Examples |
|---|---|
| CVE Vulnerabilities | Actively validated known vulnerabilities |
| Web Vulnerabilities | XSS, SQL injection, SSRF, path traversal |
| Authentication Issues | Auth bypass, IDOR |
| Misconfigurations | Default credentials, exposed admin panels |
| SSL/TLS Issues | Weak ciphers, expired certificates |
| DNS Security | SPF/DMARC issues, spoofing risks |
| Information Disclosure | Sensitive files, debug endpoints |
| Cloud Misconfigurations | Insecure cloud service exposure |
Severity Levels
| Severity | Meaning |
|---|---|
| Critical | Immediate action required |
| High | High-risk issue requiring prompt remediation |
| Medium | Moderate risk |
| Low | Minor issue |
| Info | Informational finding |
Remediation Guidance
Every vulnerability includes:
- Clear technical description
- Business and security impact
- CVSS severity score
- Exploitation likelihood assessment
- Step-by-step remediation guidance
- External references and documentation
Scan Templates
ASM is powered by a template-based scanning engine, with dedicated templates for each scan type:
- Application Scan Templates — Web security checks
- Network Scan Templates — Network and service-level checks
- DNS Scan Templates — DNS security validation
Customizing Templates
- Use all templates for maximum coverage
- Select specific templates for focused assessments
Continuous Updates
The template library is continuously updated with:
- New CVE detections
- Emerging attack techniques
- Improved validation logic
Learn what each template detects, how intrusive it is, and when to use it:
Scanning Templates Catalog→Best Practices
- Assets are discovered automatically on a weekly basis — add your domains and IPs to get started
- Use Top 100 ports initially for faster insights
- Enable scheduled scans for continuous visibility
- Prioritize Critical and High findings
- Monitor newly discovered assets and changes over time
FAQ
What IP addresses are used for scanning?
To whitelist our scanners in your firewall or allowlist, use these IP addresses:
66.234.148.10688.218.2.20666.234.150.90185.183.32.71175.110.121.93146.70.36.7066.234.151.234