Differentiators

We're an ethical hacking and pentesting company offering services to identify cybersecurity vulnerabilities. In the following table, we outline what differentiates us from our competitors:

Table 1. Comparative table.

FeatureFluid AttacksOthers' tools

Precision

Our combination of technology and human expertise ensures that we achieve minimal rates of false positives (lies).

They report about 35% false positives.*

Accuracy (only tool)

Our SAST tool achieved the best possible result against the OWASP Benchmark read the post here: A TPR (True Positive Rate) of 100% and an FPR (False Positive Rate) of 0%.

Some of them boast about a TPR of 100%, but their FPR numbers may not be outstanding. Others hardly come close to the expected results.

Completeness

Thanks to our combination of technology and human expertise, we have minimal rates of false negatives (omissions).

They may reach a rate of 80% false negatives.*

All in one

We provide comprehensive testing through a single solution, including the following techniques: SAST, DAST, SCA, Pentesting, DevSecOps, fuzzing, manual code review, reversing (if the source is not given), false positive elimination, exploitation with public, private, and custom exploits, user enumeration, password guessing and cracking, and trojan infection.

Their standard solutions do not include all techniques. It is common that some have to be acquired separately.

Compliance

We validate the following standards: OWASP, GDPR, NERC, NIST, PCI DSS, HIPAA, ISO27002, CWE, CVE, EPR, BSIMM9, COMMON CRITERIA, as well as company-specific requirements.

They validate only some of the standards mentioned.

Fast & automatic

Our scans take minutes for deterministic vulnerabilities and hours or days for the most critical vulnerabilities.

Generally, their scans take minutes or hours.

Support

Our standard service includes consulting and clarification by hackers through our platform for users to understand vulnerabilities.

Usually, companies provide support to the users of the tools as an additional and expensive service.

Break the build

We break the build without false positives.

They break the build with false positives.

Method

Hybrid (automated tools + hands-on expert review).

Automatic.

Correlation of attacks

By combining vulnerabilities A and B, we discover a new, higher impact vulnerability C, which may compromise more records.

They do not achieve that correlation.

Safe mode

We can operate in safe mode, avoiding being detected by the SOCs or affecting service availability in productive environments.

They can operate in safe mode but in a limited way, only for some checks.

Type of evidence

Some of our most relevant evidence is (1) portions of code, (2) images of the attack with explanatory annotations, (3) animated GIFs of the attack, (4) executive reports in PDF, (5) technical reports in XLS and PDF, and (6) graphics and metrics illustrating the system's security status.

Some of their most relevant evidence is portions of code and executive reports.

Exploitation

We can do exploitation as long as we have (1) an available environment and (2) the appropriate authorization.

There is no exploitation because they are not capable of doing DAST.

Management

Through our platform, the entire security testing process is centrally managed, the vulnerability remediation process is controlled, permanent support is provided to the development teams, and executive indicators for organizational management are delivered in a simple way and in real time.

In some companies, the tools are fragmented and do not have a single centralized management process.

Zero-day vulnerabilities

Our hackers are skilled at finding zero-day vulnerabilities.

They fail to find these vulnerabilities.

Pricing

Our cost is variable and proportional to the number of developers building and modifying the code.

They tend to have a fixed cost, which is independent of the development team's size.


* Data from a 3-year experiment run by Fluid Attacks on 6 commercial tools and 6 open source tools.

Do you want more information about our services? Do not hesitate to contact us.

Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.