We detect and report all vulnerabilities and security issues during the whole software development lifecycle. With this method, we perform comprehensive testing, detecting security issues continuously as software evolves. The inspection is done without false positives and ensures previous issues were resolved before going to production.
Young hacker smiling

Key Features

Break the Build in Your CI

Forces breaks the build in your CI, obliging developers to fix the open vulnerabilities in order to deploy. With just one click in Integrates, managers can decide which vulnerabilities are crucial and must break the build in their CI if they are still open.

Critical Information Extraction and Information Removal

Information extraction is done to maximize the impacts of the finding. The data gathered during a subscription remains on Integrates. Your subscription’s admin is allowed to delete it. The data is removed 30 days after the admin’s decision. This operation can be reversed during those 30 days. In that time, no user (even the admin) has access to the group’s data unless the operation is reversed.

Severity of Tested Requirements

You can decide through Rules which security requirements will be tested. You can know the exact severity of each hacking project (for inspected and uninspected profiled requirements).

Hacking Techniques, Team, Duration and Cycles

Continuous hacking means automatic and manual testing with speed. It is done through the ethical hacking of the apps, the infrastructure, and the source code. Fluid Attacks makes Zero-Day findings and does not report false positives. The testing needs access to the Git repository and the integration environment. The selected system is attacked repeatedly to test all existing versions by using various techniques such as SAST, DAST, IAST and SCA.

Health Check

All versions of existing code should be attacked up to the subscription start point, in addition to the monthly test limit. A health check is scheduled in order to catch up with the development team. Then, the continuous hacking advances simultaneously with the development.

Remediation

Fluid Attacks performs multiple finding validations. You can check at any time if any of the findings have been closed. To perform remediation validation: First, you must define the treatment used to remediate the vulnerability. Then, you must request, through Integrates, a finding validation. You can always resolve any doubts by contacting Fluid Attacks directly.

Vulnerability Management Platform

Integrates is the platform that allows control in the testing and remediation processes of vulnerabilities. It can be used to access general data on each finding. It also allows you to check the findings' remediation status and classify them by age. In addition, it displays stats and project progress in real time, among other things.

 

 

 

 

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy