Welcome to Fluid Asserts’s documentation!¶
Fluid Asserts is an engine
to automate the closing of security findings
over execution environments.
Asserts performs Dynamic and Static
Application Security Testing
dynamic testing of many protocols (DXST).
Asserts reuses previously handcrafted
attack vectors in order to
automate the closing of vulnerabilities.
This makes it particularly useful
since this testing can be performed by end users as-is
or as part of a continuous integration pipeline.
Thus any changes to the Target of Evaluation (
can be continuously tested against
the closing of confirmed vulnerabilities.
Here are some of the things
Asserts can do for you:
Determine the closed or open status of a known vulnerability.
Perform routine, generic security tests, specially in combination with…
Assertsfits into your
CIpipeline to ensure your product is released with no open vulnerabilities.
Helps ethical hackers in their daily activities by automating tasks.
Detailed tracing: For every vulnerability check (both on
ToEfingerprint, thus enabling clients to pinpoint the exact moment when the vulnerability appeared.
Now easier to install than ever and thoroughly documented.
What kind of vulnerabilities can
Code vulnerabilities: nine languages supported including proprietary (
C#), open source (
Typescript), markup (
HTML), legacy (
web configuration filesand even the
Protocols: The heart of
Asserts, since most vulnerabilities are network-borne. The main network protocols are covered:
Fluid Asserts collects some user data like public IP address, operating system, Python version and the name of the checks that you use. We do this in order to analyze what are the most common platforms and the most used functions. This helps us develop more useful tests in the future. You can disable the gathering of this information setting an environment variable named “FA_NOTRACK” and setting its value to “true”. You can enable the tracking later by deleting that environment variable or changing its value to “false”.
Fluid Asserts does not collect sensitive data like targets of evaluation (URLs, IPs) or results of the tests.