The rigorous inspection carried out makes it possible to detect all security issues with no false positives and no false negatives, and to check if the issues have been properly repaired before the system goes into production. Through human creativity and precision, combined with the speed of the automatic, Drills finds deep and zero-day vulnerabilities during software development.
Performed on code, environments,
infrastructure and clouds.
Maximum rigor in the search for
Forget about False Positives.
Find Zero-Day vulnerabilities.
Obtain a higher rate of remediation
and at a faster speed since feedback
from Fluid Attacks’ security analysts
is constant throughout the development
Obtain detailed evidence of the
Obtain access to the extracted
You are able to decide which security requirements will be tested on each ethical hacking (profiling). You will know the exact severity for each hacking (for inspected and uninspected profiled requirements).
Security analysts report findings in Integrates, the communication, monitoring and reporting platform for projects. You can use it to access general information about each finding, check its remediation status, classify it according to age, visualize real-time project statistics and progress, as well as other functionalities.
Multiple finding validation cycles are performed during the subscription period. You can check if any findings have been successfully closed as many times as you require. In order to perform this remediation validation, you must first define the treatment used to remediate the vulnerability and then request, through Integrates, a finding validation. You can request clarification on any issue by directly contacting Fluid Attacks' hackers also through Integrates.
All versions of existing code should be attacked up to the subscription start point, in addition to the monthly test limit. A healthcheck is intended to catch up with the development team within the first 3 months of subscription. Then the continuous hacking advances simultaneously with the development.
Whenever findings indicate the need to obtain information, the extraction is done to maximize finding impacts without compromising sensitive information. 7 days after a customer approves their final report all information gathered during ethical hacking is deleted securely from all Fluid Attacks’ systems.