Fluid Attacks’ manual penetration testing (MPT) is performed in Squad Plan. In MPT, several ethical hackers attack your system with prior authorization and report the security weaknesses or vulnerabilities they find. In this task, they use the same tactics, techniques and procedures as threat actors. For instance, our ethical hackers, or pentesters, may craft attacks that involve the consecutive exploitation of several vulnerabilities. Their creativity —which is not a feature of automated tools— allows them to achieve a bigger impact than that accomplished by exploiting solely one of the found vulnerabilities. Our manual code review and attacks to the running systems are done from the early phases of the software development lifecycle (SDLC), meaning that our hackers can show you the evidence of exploitation and provide recommendations on remediation before cybercriminals find out about your systems’ weaknesses. Furthermore, by providing our hackers with your source code, they can pinpoint the exact location of the security issues, thus making what needs to be taken care of even clearer.
These are the benefits of MPT
Tests by a highly certified red team
Fluid Attacks' red team has achieved several penetration testing certifications, including OSEE, eCPTXv2 and eWPTXv2. Therefore, we assure you that our professionals know how malicious hackers proceed, which is vital to test your systems' resistance to attacks.
Manual penetration testing involves having ethical hackers interact with your running system with the purpose to simulate "real-world" cyberattacks. This way, we can show you evidence of the impacts of exploiting the detected vulnerabilities, some of which are not found through other methodologies.
Testing from early stages
In DevSecOps fashion, our MPT supports your efforts to implement security into early stages of development in the form of manual code reviews and attacks on internal pre-production environments.
Minimal rates of false positives
Our experts' manual review of security testing findings allows us to reduce the rates of false positives to a minimum.
Minimal rates of false negatives
Manual penetration testing completes the work done with our automated techniques, always trying to guarantee that no security issues go unnoticed. The same cannot be achieved by companies that only offer scanning tools.
Assessments based on standards
Fluid Attacks' MPT helps you identify any failure to comply with predefined security requirements. By following the recommendations for necessary fixes, your company will be able to comply with requirements belonging to well-known international standards and guidelines (e.g., CAPEC, CWE, GDPR, HIPAA, ISO/IEC 27002, NERC, NIST, OWASP, PCI DSS).
Uninterrupted customer service
Fluid Attacks offers several support options, including the possibility for Squad Plan users to have a video call with one of our hackers, who will help them understand the most complex findings and their possible solutions.
An element of comprehensive tests
Along with manual penetration testing, in our Squad Plan we perform SAST, DAST, SCA, CSPM, SCR and RE. The combination of automated and manual methods allows vulnerability assessments to be as complete as possible.