Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
Photo by Ingo Stiller on Unsplash

Discovering Security Champions

Six recommendations for SecDevOps from Carnegie Mellon

I recently attended a webcast from Carnegie Mellon University entitled "At What Point Does DevSecOps Become Too Risky for the Business?" (I’m not sure if this was the appropriate title, but I...

Photo by Kuma Kum on Unsplash

Manual SQLi Bypass

Bypassing SQLi filters manually

Among the most recurring vulnerabilities are injection flaws, not for nothing they are first in the OWASP Top Ten list. This type of vulnerability can disrupt your entire security and...

Photo by Sebastian Pena Lambarri on Unsplash

Everyone Is Responsible for SEC

An overview of DevSecOps, better SecDevOps

We recently published a post about 'DevOps.' At the end of it, we asked about the inclusion of security in this methodology of continuous integration and deployment. Consequently, we refer to the...

Blacksmith. Photo by Hannah Gibbs on Unsplash: https://unsplash.com/photos/BINLgyrG_fI

Understanding SSRF

Attacking a web server using SSRF

Many web applications request outside services for data, configurations, updates, among others. This is beneficial for the developers and maintainers because it keeps separation of duties in their...

Photo by Michael Fenton on Unsplash

Breaking Down DevOps

The central components of DevOps definition

DevOps is a predominant phenomenon, a new way of thinking and working in software engineering that is receiving a lot of attention nowadays. The word DevOps a combination of the words...

Click pen and magnifying glass on book page. Photo by Joao Silas on Unsplash: https://unsplash.com/photos/I_LgQ8JZFGE

Search the History

Searching for credentials in a repository

At the moment, every company that develops their own product is sure that they are using some form of a source control management tool. This is used to track modifications to a source code...

Photo by Vinayak Varma on Unsplash

Anyone Can Look Inside!

Working with OSS today can be a great advantage

A few days ago, we had mentioned the recent increase in the use of Open Source Software (OSS) by development teams to support or shape their applications. As shared by Oram & Bhorat, "every...

Photo by Jeremy Thomas on Unsplash

Effective Vulnerability Triage

BDSA and various data points for prioritization

Here at the beginning, we give you the link for the Synopsys' webinar. As Dale Gardner pointed out in November of last year: "Open-source software is increasingly used by development teams to...

Photo by Bradley Feller on Unsplash

We've Reached a New Standard

More requirements in Rules are firmly supported

Earlier this month our CTO, Rafael Alvarez, informed us: "We’ve already finished the synthesis of the GDPR standard in Rules." What does that mean? As Danilo Vásquez —Security Analyst at Fluid...

Photo by Geran de Klerk on Unsplash

Are SAST and SCA Enough for You?

An automatic process that could prove to be limited

Sebastián Revuelta’s webinar is a kind of practical conference in which the author presents one of the applications created and used in his organization. We will take and present some of the...

Photo by Charles Deluvio on Unsplash

Always 100% Ready for Remote Work

The product of a valuable effort over ten years ago

Back in 2009, Fluid Attacks experienced one of the most significant cultural changes in its history: selling all its offices, furniture and belongings, and keeping only its laptops. At that time,...

Photo by Tyler Nix on Unsplash

Have You Noticed the PII Leakage?

WhiteHat: the more you collect, the higher the risk

I want to start with this sentence that Khare gave us days before the webinar (which you can access here) in a blog post (link here): “Mobile app owners and developers are receiving a failing...

Service status - Terms of Use