Choose the Right Escape Product¶
Escape offers three complementary security testing products:
- Attack Surface Management (ASM)
- Dynamic Application Security Testing (DAST)
- AI Pentesting
Each product addresses a different layer of your security strategy.
This guide helps you understand when to use each one — and when combining them makes sense.
At a Glance¶
| ASM | DAST | AI Pentesting | |
|---|---|---|---|
| Main Goal | Discover your attack surface | Systematically test for known vulnerabilities | Discover complex, business logic vulnerabilities |
| Approach | Asset discovery & monitoring | Rule-based automated testing | AI-driven adaptive testing |
| Best For | Inventory & visibility | CI/CD automation | Authorization & multi-step logic testing |
| Speed | Very fast, wide coverage | Fast and predictable | Slower, deeper analysis |
| Core Strength | Visibility | Consistency | Depth & reasoning |
Start With Your Objective¶
Use ASM when you need visibility¶
ASM is designed to answer:
- What assets are exposed?
- Which APIs and web applications are publicly reachable?
- Did something new appear in production?
- How is the attack surface evolving over time?
ASM continuously discovers and monitors exposed assets, helping you maintain an accurate inventory.
Best starting point for new environments.\ Essential for ongoing visibility.
Quickstart: ASM Quickstart
Use DAST when you need systematic testing¶
DAST is ideal when you want to:
- Run automated security tests in CI/CD
- Test against known vulnerability patterns
- Enforce security policies
- Get fast, repeatable results
DAST provides consistent, rule-based security testing at scale.
Best for continuous testing and regression coverage.
Quickstart: DAST Quickstart
Use AI Pentesting when you need depth¶
AI Pentesting is built for situations where traditional rule-based testing is not enough.
Use it when you need to:
- Discover multi-step vulnerabilities
- Test authorization boundaries (IDOR, BOLA, privilege escalation)
- Identify business logic flaws
- Perform adaptive testing that reacts to application behavior
AI Pentesting explores, reasons, and adapts dynamically to uncover complex issues.
Best suited for authorization testing and contextual analysis.
Quickstart: AI Pentesting Quickstart
Real-World Scenarios¶
Launching a New Application¶
Goal: Secure a new application before production.
Recommended approach:
- Use ASM to discover all exposed endpoints.
- Use DAST to test for known vulnerabilities.
- Use AI Pentesting to validate authorization and business logic.
Continuous Security in CI/CD¶
Goal: Maintain security posture during development.
Recommended:
- Use DAST in your pipeline for fast, automated testing.
Authorization Testing¶
Goal: Validate access control and user separation.
Recommended:
- Use AI Pentesting for comprehensive authorization testing.
Asset Discovery & Inventory¶
Goal: Identify everything exposed to the internet.
Recommended:
- Use ASM to discover and monitor all assets.
Building a Complete Security Program¶
For full coverage, combine all three:
- ASM provides visibility.
- DAST provides systematic coverage.
- AI Pentesting provides deep contextual analysis.
Together, they deliver layered security testing.
How the Products Work Together¶
ASM + DAST¶
- ASM discovers assets.
- DAST tests them automatically.
- Broad and consistent coverage.
ASM + AI Pentesting¶
- ASM identifies high-value targets.
- AI Pentesting deeply tests critical applications.
DAST + AI Pentesting¶
- DAST provides fast rule-based coverage.
- AI Pentesting addresses complex, adaptive scenarios.
- Balanced speed and depth.
All Three¶
Maximum visibility, consistency, and depth across your security program.
Getting Started¶
Choose your starting point:
- ASM Quickstart – Discover your attack surface
- DAST Quickstart – Start automated security testing
- AI Pentesting Quickstart – Begin AI-powered testing