Compliance

At Fluid Attacks, we compile diverse international standards and regulations, focused on the security of systems and information assets, that guide us in evaluating your software.

OWASP

OWASP is a non-profit foundation committed to improving software security. They establish various cybersecurity risk rankings. With our vulnerability detection, we can help you meet the corresponding requirements so that your company’s IT systems are protected from such risks.
Go to OWASP Arrrow

PCI

PCI DSS is a standard created by the Payment Card Industry that establishes minimum requirements to be fulfilled by companies that manage cardholder information. We can assist you in detecting vulnerabilities in your systems related to this standard through our ethical hacking.
Go to PCI Arrrow

HIPAA

HIPAA is a legislation created in the U.S. to regulate and optimize the flow of Protected Health Information (PHI) within the healthcare environment. We support you in complying with this legislation by identifying vulnerabilities in your systems that could allow attackers to breach data privacy.
Go to HIPAA Arrrow

NIST

The NIST SP 800-53 is a U.S. security and privacy control database that can guide the protection of federal agencies' and citizens' private information. We can help you follow this standard’s security best practices by discovering the weaknesses in your systems associated with them.
Go to NIST Arrrow

GDPR

GDPR is a European regulation for data protection and privacy that applies to any organization that stores, processes or transfers European citizens' personal information. We help you achieve compliance with this regulation, starting with identifying all relevant vulnerabilities in your software.
Go to GDPR Arrrow

CVE

CVE is a free-to-use list of publicly known cybersecurity vulnerabilities. Services and products worldwide incorporate it to ensure certainty among stakeholders when communicating vulnerabilities. We work and stay updated based on the CVE IDs for our findings and reports when evaluating your systems.
Go to CVE Arrrow

CWE

CWE is a free-to-use list of popular hardware and software weaknesses. It works as a standard language for security operations and tools that detect, eliminate and prevent weaknesses or flaws. We work and keep updated based on CWE for our findings and reports when evaluating your systems.
Go to CWE Arrrow