You can choose on which surface of your system and based on which standards you want to apply evaluations by our certified ethical hackers. They will perform Penetration Testing involving techniques such as SAST, DAST and SCA, and the project’s duration will depend on the Target of Evaluation’s size. During that time, you will find the collected data on our ASM until a final report is issued. Finally, we will conduct reattacks to verify your success in remediating the reported vulnerabilities.
Ethical hacking can be done to achieve specific, full or variable coverage. Specific coverage refers to a system where its overall size can be assessed (application fields, lines of code, open ports) and you choose to cover only a specific percentage. When you choose to cover the entire system, that is full coverage. Variable coverage refers to a system where its overall size cannot be assessed and a specific scope is predefined.
Critical Information Extraction and Information Removal
Information extraction is done to maximize the impacts of the findings. The data gathered during a project remains on our Attack Surface Manager (ASM). Your project’s admin is allowed to delete it. The data is removed 30 days after the admin’s decision. This operation can be reversed during those 30 days. In that time, no user (even the admin) has access to the project’s data unless the operation is reversed.
Severity of Tested Requirements
For every hacking process, you can be aware of its severity. Besides, you can choose all the security requirements to be tested that you consider necessary. Each requirement can be found and understood using Criteria.
Hacking Techniques, Team, Duration and Cycle
It is possible to perform ethical hacking of the source code, the application or the infrastructure. You can choose the hacking technique that best suits the needs of your business to meet the required security assessment of each system. One-shot hacking, performed with manual testing and use of tools by Fluid Attacks’ certified hackers, seeks to attack a single version of your application. Therefore, it has only one inspection cycle on the selected system. The duration depends on the size of the ToE attack surface. Once all the requirements for starting the project have been met, each attack will have a defined start and end date.
Whenever findings allow it, the infrastructure is infected with malicious files. This process is carried out to gain extra data, infect servers, and verify network controls. We use Shells and cyber-weapons with the prior authorization of the client.
Delivery of Reports and Validation / Presentation Meetings
Final reports are all-inclusive (evidence of risks, remediation, etc.). These are given to the clients via a safe file transfer website. Each ethical hacking test includes a remote meeting with the technical team of the client to verify the reports. All stakeholders in the project can take part when there is a formal presentation of the executive report.
Attack Surface Manager
You can check the status of findings during the execution of the project using ASM. Each project must have a leader so that he or she can express the needs of your company before, during, and after the performance. Daily progress reports are sent by email. These include coverage, strictness, partial results, and overall progress.