Rules is a set of security requirements that allows you to parameterize a pentest according to the risk appetite of your organization. Rules allows you to determine what is tested and what is not, and find out what is considered a vulnerability. It is also the basis for determining how rigorous a pentest was, based on tested and untested requirements. The security requirements are independent of the type of technology being used and are written as specific and understandable objectives. They are the security demands that you agree to follow and comply with. Through our hacking services, we determine if these are met or not.

Categories

  1. Credentials: Rules regarding the creation and management of passwords and other tokens used in authentication and authorization processes.

  2. Authentication: Rules regarding authentication and identity verification mechanisms.

  3. Authorization: Rules regarding access control mechanisms and account management.

  4. Session: Rules regarding the management of sessions and session information.

  5. Legal: Rules regarding the compliance with legal requirements.

  6. Privacy: Rules regarding the management of sensitive personally identifiable information (PII).

  7. Data: Rules regarding the protection and management of business information.

  8. Source: Rules regarding the protection, management and content of source code.

  9. System: Rules regarding the management of corporate systems.

  10. Files: Rules regarding the management of files in systems and applications.

  11. Logs: Rules regarding the protection, management and content of logs.

  12. Emails: Rules regarding the protection and management of email accounts and services.

  13. Services: Rules regarding the management of corporate services and the use of third-party services.

  14. Certificates: Rules regarding the management and content of digital certificates.

  15. Cryptography: Rules regarding the management of cryptographic keys and the use of cryptographic algorithms and protocols.

  16. Architecture: Rules regarding configurations and mechanisms for system architecture hardening.

  17. Network: Rules regarding the protection, management and configuration of computer networks.

  18. Virtualization: Rules regarding the configuration and management of virtual environments.

  19. Devices: Rules regarding the configuration and protection of mobile and IoT devices and applications.

  20. Social: Rules regarding the use of social networks and publicly accessible websites.

Want to know more about our products? Do not hesitate to contact us.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy