Managed Services

World-class IT security takes a unified approach to planning, staffing, implementation and management. Casaba works as an integrated partner providing leadership and support in the development and execution of end-to-end security programs, teams and processes.

Learn More

Consulting Services

Casaba has the specialized expertise and flexibility needed to assess and assure the security of your most critical software and infrastructure assets. We can assemble a surgical security task force with the capabilities to quickly identify and resolve vulnerabilities.

Learn More

Cyber crime costs $445 Billion annually

A breach hurts all around, from costly data loss to bad PR to expensive response and fixes. We can help by designing and testing your products with you, and exercising your detection and response capabilities.

Our services

Casaba is recognized by Microsoft as a world-class partner and provider in securing the Internet of Things and building Security Development Lifecycle programs. Visit our services page to read more, or download our PDF service descriptions to read offline.

Services Overview

Start here to get an overview of the professional services we offer, or dig in to more specific areas below.

Download PDF

Security Development Lifecycle (SDL)

Learn about Casaba's expertise and capability in building and managing a healthy SDL program.

Download PDF

Penetration Testing

Learn how we can play the red team to identify vulnerabilities, test your defenses, and exercise your detection capability.

Download PDF

Planning and Design

Learn how Casaba can help you build end-to-end security into your application and infrastructure from the ground up.

Download PDF

Application Testing

We test Web, mobile, or native applications through black/white/gray box and reverse engineering methods.

Download PDF

Software Development

Need help with secure software development? From prototypes to production components, we can help.

Download PDF

Crypto and Policy

Use our expertise in cryptography, policy, and regulatory policy to make sure you're compliant.

Download PDF

Denial of Service

Leverage our experience in building software and systems that can withstand DoS and DDoS attacks.

Download PDF

Casaba's customers include Fortune 100 brands, major retailers, and cloud services.

Our Tools

We offer these as a service to the community. Our tools come with no commitment to maintenance and no claims to warranty. Use at your own risk.


Implemented as a cross-platform library developed in C and C++, UCAPI hinders visual spoofing attacks by recognizing the visually confusable characters and similar strings from a wide variation of languages being employed. Partially based on Unicode TR39, UCAPI can provide software vendors with safety options not currently available in Win32 or .NET libraries.


A plugin for the free Fiddler HTTP proxy, Watcher passively audits a web application to find security bugs and compliance issues automatically. Safe for production use, Watcher acts as an assistant to the developer by quickly identifying issues that commonly lead to security problems in web apps. No configuration required.


An XSS testing plugin for the free Fiddler HTTP proxy, x5s actively injects tiny probes of ASCII and Unicode into every user-controlled input of a Web-application in order to elicit and identify character transformations and encoding issues that could lead to XSS vulnerability. x5s is automatic and easy to run.

Path fuzzer

Put file systems or applications through brutal folder and file name read testing to identify what crumbles. Path fuzzer mutates names and file extensions with fuzzed strings, floating point integers, non-printable characters, illegal characters (> < : " / \ |), reserved names (COM1, AUX) and more. It runs effortlessly without setup but does offer configuration options.