AASA is built on a microservices-based architecture using secure and scalable technologies including [e.g., Node.js, React, MongoDB/PostgreSQL, Elasticsearch], hosted on [e.g., AWS/Azure] with Kubernetes orchestration for high availability and performance.
By default, AASA is a cloud-native SaaS platform. However, on-premises deployment options are available for enterprise customers on request.
The platform uses containerized services and auto-scaling groups to dynamically scale resources based on traffic and processing demand.
AASA uses multi-region deployment, active-active failover, and real-time health monitoring to maintain 99.9%+ uptime.
AASA supports:
Yes. For internal scanning, you can deploy AASA’s lightweight scanning agents behind your firewall, which securely relay scan data to the central platform.
Absolutely. AASA is designed to flag vulnerabilities aligned with OWASP Top 10,NIST CWE Top 25, and other industry-standard threat taxonomies.
Yes, AASA’s reporting engine maps detected vulnerabilities and exploits to the MITRE ATT&CK framework for contextual threat analysis.
AASA leverages threat intelligence, heuristic analysis, and behavior-based detection to identify potential zero-day threats. By monitoring suspicious activity and integrating with global advisories, AASA ensures early alerts and provides recommended mitigations to help you respond quickly.
Yes, alongside automated scans, AASA offers manual security testing performed by our certified cybersecurity professionals. Manual testing helps identify complex vulnerabilities like business logic flaws, privilege escalation, and advanced attack vectors that automated tools might miss. Our experts follow industry standards to ensure thorough assessments and provide detailed, actionable remediation steps.
The vulnerability database is updated daily to ensure the latest threat intelligence and CVE updates are applied to all scans.
AASA supports plug-and-play integration with:.
Yes, AASA offers native integration with Jira and ServiceNow to automatically raise and track remediation tasks based on vulnerability findings.
Yes, AASA provides a comprehensive set of RESTful APIs for custom integrations and automation across your DevSecOps ecosystem.
All sensitive data is encrypted at rest using AES-256 and in transit via TLS 1.2+. Data storage complies with global data protection regulations (GDPR, DPDP, etc.).
Yes. Reports and raw scan data can be exported in PDF, CSV, or JSON formats for internal analysis or reporting.
By default, scan data is retained for 1 year. Retention periods can be extended based on your subscription plan or regulatory requirements.
Yes, the platform supports concurrent scans across multiple applications, projects, or environments.
Yes, AASA’s scanning engine is configurable to prioritize critical severity vulnerabilities, ensuring rapid detection of high-risk issues.
Risk will be calculated with the help of ESOF cyber Score which is derived by our own patent mathematical formula.
AASA includes a built-in false positive management workflow. Users can mark and submit findings for review by TAC Security's expert validation team.
AASA supports Role-Based Access Control (RBAC) with customizable roles like Admin, Auditor, Developer, and Viewer. You can define granular permissions for each module.
Yes, SSO via SAML 2.0 and OAuth 2.0 (e.g., Google Workspace, Azure AD) is fully supported.
Yes, AASA enforces MFA for all user accounts, supporting OTP, authenticator apps, and hardware tokens.
Yes, AASA provides executive dashboards with high-level risk posture summaries, trends, and KPIs designed for leadership reporting.
Yes, AASA provides audit-aligned reports and evidence logs tailored for frameworks such as ISO 27001, PCI-DSS, SOC 2, and DPDP Act.
Yes, compliance and executive reports are fully customizable—based on organization-specific controls, severity thresholds, and remediation SLAs.
While AASA itself facilitates audit readiness by generating evidence-based reports and assessments, the platform issues completion certificates for assessments performed, which can support your internal and external compliance efforts.
Most customers can get started with AASA within 1–3 business days. The onboarding process includes account setup, initial configuration, and optional integration with your CI/CD and ticketing tools.
Yes, AASA offers guided onboarding with dedicated support specialists to help you with configuration, integrations, and best practices for your environment. For any support, reach out to us on account_esof@tacsecurity.co.in
AASA follows a flexible subscription-based pricing model, tailored to the number of applications, scan frequency, and additional services like manual testing or compliance reporting.
Absolutely. You can upgrade your plan at any time to include more applications, add manual testing, or expand compliance reporting features.
AASA provides multi-channel support with SLAs based on your subscription tier. Premium plans include dedicated account managers and priority response times.
Standard support is available Monday to Friday, 9 AM to 6 PM IST. Premium support offers extended hours and optional 24/7 assistance for critical issues.
Yes, enterprise plans include a dedicated account manager to assist with strategic guidance, reporting, and issue resolution.
Yes, AASA offers onboarding training sessions, user guides, and video tutorials. Customized training workshops are also available for larger teams.
Absolutely. In addition to training, we provide access to knowledge bases, best practice guides, and regular webinars on platform updates and security trends.
Yes, AASA is designed with an intuitive interface and guided workflows, making it accessible to both technical and non-technical users.
Yes, AASA supports team collaboration with role-based access controls, enabling security, development, and compliance teams to work together seamlessly.
AASA follows a continuous delivery model with regular updates for threat intelligence, scanner capabilities, and platform improvements, ensuring you stay ahead of emerging threats.
Yes, customers receive regular release notes and can subscribe to update notifications via email or in-platform announcements.