TL;DR: Asterisk is an AI “hacker” with the ability to find, exploit, and patch security loopholes across your digital assets. It does all of this with no user intervention and generates a report with zero false positives. (example)

The Problem

• Almost 95% of potential vulnerabilities raised by static security tools (SAST) are false positives, and security engineers spend a lot of time filtering them out.
• Current security tech cannot detect business logic bugs - think of vulnerabilities like unauthorized access, privilege escalation, and bugs that would rack up your AWS/API bills.

Solution

• Verification: Asterisk verifies a vulnerability by spinning up a sandbox, running the software being scanned, and attempts to exploit the bug. If Asterisk flags a vulnerability, you can be sure it's real.
• Context-aware Threat Modeling: Asterisk understands your codebase and can thus emulate a malicious hacker by coming up with attack scenarios, like the recent CrowdStrike incident.

Our Team

We are Mufeed, Asjid and Vivek. All of us have a background in security research and systems engineering.

Mufeed: represented 🇮🇳 at WorldSkills CTF, 🥇 medalist - IndiaSkills CTF, 🥉 medalist - BRICS Skills CTF

Asjid: 🥈 medalist - IndiaSkills, ex-security research engineer at Emirates National Bank (UAE)

Vivek: ex-distributed systems/platforms engineer at Chorus One (one of the biggest POS validators)

Our team has helped secure Google, Mastercard, Okta, Nvidia, Microsoft, etc. We are also the team behind Devika, the open-source alternative to Devin with over 18K stars on GitHub.

Our Ask

If you're looking for a complete security audit of your digital assets or want to talk about anything security, email us (hello@asterisk.so) or book a demo (asterisk.so/demo).