Welcome to Fluid Asserts’s documentation!¶
Fluid Asserts is an engine
to automate the closing of security findings
over execution environments.
Asserts performs Dynamic and Static
Application Security Testing
dynamic testing of many protocols (DXST).
Asserts reuses previously handcrafted
attack vectors in order to
automate the closing of vulnerabilities.
This makes it particularly useful
since this testing can be performed by end users as-is
or as part of a continuous integration pipeline.
Thus any changes to the Target of Evaluation (
can be continuously tested against
the closing of confirmed vulnerabilities.
Here are some of the things
Asserts can do for you:
- Determine the closed or open status of a known vulnerability.
- Perform routine, generic security tests, specially in combination with…
- Continuous Integration:
Assertsfits into your
CIpipeline to ensure your product is released with no open vulnerabilities.
- Helps ethical hackers in their daily activities by automating tasks.
- Detailed tracing: For every vulnerability check
ToEfingerprint, thus enabling clients to pinpoint the exact moment when the vulnerability appeared.
- Now easier to install than ever and thoroughly documented.
What kind of vulnerabilities can
- [New in v18.6]
Software composition analysis
Assertssearches your dependencies’ package managers for reported vulnerabilites. Including
Code vulnerabilities: nine languages supported including proprietary (
C#), open source (
Typescript), markup (
HTML), legacy (
web configuration filesand even the
Assertstest formats ranging from regular
Cookies, as well as
Protocols: The heart of
Asserts, since most vulnerabilities are network-borne. The main network protocols are covered:
Fluid Asserts collects some user’s data like public IP address, operating system, Python version and the name of the checks that you use. We do this in order to analyze what are the most common platforms and the most used functions. This help us to develop more useful tests in a future. You can disable the gathering of this information setting an environment variable named “FA_NOTRACK” and setting its value to “true”. You can enable the tracking later by deleting that environment variable or changing its value to “false”.
Fluid Asserts does not collect sensitive data like targets of evaluation (URLs, IPs) or results of the tests.