Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Continuous Hacking

We detect and report all vulnerabilities and security issues during the entire software development cycle. Our participation during the entire development period allows us to detect security issues continuously as the software evolves. There’s no need to have a working environment to start hacking since we are able to analyze source code published on a project’s GIT repository. The rigorous inspection carried out by our team allows us to detect all security issues with no false positives and to check if issues were properly repaired before the system goes into the production phase.

Source code symbol

Hacking techniques

  • Integral continuous hacking is achieved through application and infrastructure ethical hacking, as well as source code analysis. We require access to both, the GIT repository and integration environment, in order to perform integral continuous hacking.

  • In limited continuous ethical hacking, you can choose between application ethical hacking or source code analysis. Access to the GIT repository or the integration environment is required to perform limited continuous hacking.

Healthcheck

When a new continuous ethical hacking subscription starts, if there were any previous issues it is necessary to perform a healthcheck. This means we will attack all versions of the existing code up to the subscription start point in addition to the monthly test limit to catch up with the development team within the first 3 subscription months. Then we’ll continue hacking simultaneously as development continues (healthcheck will have additional fees).

Source code with successful checks
Checklist

Severity and Hacking Environments

You are able to decide which security requirements will be tested on each Ethical Hacking (Profiling) through our Rules product. You will know the exact severity for each hacking (for inspected and non-inspected profiled requirements). Basic service allows customers to choose a single environment from production, testing or integration. Customers can also add additional testing environments for validation at an additional charge.

Duration of Service and Attack Cycles

The minimum subscription time for continuous ethical hacking is one year. The selected system will be attacked multiple times to test all versions generated during the development phase.

Calendar
Two persons having a conversation

Integrates

Our platform for communication, follow up and reporting of your project. You can use Integrates to access general information about each finding, check its remediation status, classify it according to age, visualize real-time project statistics and progress, as well as other functionalities.

You can also use chat and comments for any project or finding question. Integrates provides a Technical Report, which contains detailed information on all security vulnerabilities. It gives technical personnel a road map for a technical remediation plan. Also, you can find an Executive Report for use of all project’s stakeholders. It includes an in-depth findings analysis and a projected business impact statement, as well as a summary of the project scope, methodology used, conclusions and recommendations.

Remediation

Multiple finding validation cycles are performed during the subscription period to ensure findings have been properly repaired. We can check if any finding has been successfully closed as many times as a customer wants us to. In order to perform this remediation validation, a customer must first define the treatment used to remediate the vulnerability and then request, through Integrates, a finding validation. You can request clarification on any issue by directly contacting our hackers through our platform Integrates.

Checklist
Computer with an open lock symbol

Reproduce mock attacks

We can reproduce mock attacks with Asserts, an automated closing engine which closes security findings over execution environments (DAST and SAST). Asserts breaks the build if finds out that a vulnerability is open, either because it reopened or has not been closed.

Critical information extraction

Whenever findings indicate the need to obtain information, information extraction is done to maximize finding impacts without compromising sensitive information. Example.

Arrows flowing out of a lock
Trash can with a cloud behind

Information gets deleted securely

7 days after a customer approves their final report all information gathered during Ethical Hacking is deleted securely from all of our systems.

Highly trained hacking team

Our hackers have practical certifications and academic backgrounds related to security testing. They perform manual testing and use tools to guarantee that our reporting includes insecure programming practices, standard alignment and security regulation compliance, and findings with specific business impacts. This enables us to detect Zero Day findings with no false positive reports.

Team
  • To check on differences between our services and other providers take a look at our differentiators here.

  • To check on differences between our One-shot hacking and Continuous hacking take a look at our comparative here.

Want further information about our services? Do not hesitate to contact us.


Service status - Terms of Use