We detect and report all vulnerabilities and security issues during the whole software development lifecycle. With this method, we perform comprehensive testing, detecting security issues continuously as software evolves. The inspection is done with very low rates of false positives and ensures previous issues were resolved before going to production.
Break the Build in Your CI
We can break the build in your CI, obliging developers to fix the open vulnerabilities in order to deploy. With just one click in our Attack Surface Manager (ASM), leaders can decide which vulnerabilities are crucial and must break the build in their CI if they are still open.
Critical Information Extraction and Information Removal
Information extraction is done to maximize the impacts of the finding. The data gathered during a subscription remains on ASM. Your subscription’s admin is allowed to delete it. The data is removed 30 days after the admin’s decision. This operation can be reversed during those 30 days. In that time, no user (even the admin) has access to the group’s data unless the operation is reversed.
Severity of Tested Requirements
You can decide through Criteria which security requirements will be tested. You can know the exact severity of each hacking project (for inspected and uninspected profiled requirements).
Hacking Techniques, Team, Duration and Cycles
Continuous hacking means automatic and manual testing with speed. It is done through the ethical hacking of the apps, the infrastructure, and the source code. Fluid Attacks makes Zero-Day findings and reports minimal rates of false positives. The testing needs access to the Git repository and the integration environment. The selected system is attacked repeatedly to test all existing versions by using various techniques such as SAST, DAST, IAST and SCA.
All versions of existing code should be attacked up to the subscription start point, in addition to the monthly test limit. A health check is scheduled in order to catch up with the development team. Then, the continuous hacking advances simultaneously with the development.
Fluid Attacks performs multiple finding validations. You can check at
any time if any of the findings have been closed. To perform remediation
validation: First, you must define the treatment used to remediate the
vulnerability. Then, you must request, through ASM, a finding
validation. You can always resolve any doubts by contacting
Fluid Attacks directly.
Attack Surface Manager
ASM is the platform that allows control in the testing and remediation processes of vulnerabilities. It can be used to access general data on each finding. It also allows you to check the findings' remediation status and classify them by age. In addition, it displays stats and project progress in real time, among other things.