Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

One-Shot Hacking

We detect and report all vulnerabilities and security issues within one specific version of your application. The rigorous inspection carried out by our team allows us to detect all existing security issues with no false positives.

Hacking techniques

It’s possible to perform source code, application or infrastructure Ethical Hacking. You can choose which hacking technique best suits your business' needs to fulfill each system’s required security assessment.

Source code symbol
Source code symbol with successful checks

Coverage

Ethical Hacking can be done to achieve specific coverage, variable coverage or full coverage.

Specific coverage refers to a system where its overall size can be assessed (application fields, lines of code, open ports) and you choose to cover only a specific percentage of the system.

Variable coverage refers to a system where its overall size cannot be assessed and specific scope is predefined (fixed number of application fields, lines of code or open ports). Ethical Hacking ends when the target size is achieved, regardless of the total size the system has.

Full coverage refers to a system where its overall size can be assessed (application fields, lines of code, open ports) and you choose to cover the entire system.

You decide the Severity

You can decide which security requirements will be tested on each Ethical Hacking (Profiling) through our Rules product. You will know the exact Ethical Hacking severity for each attack (For inspected and non-inspected profiled requirements). You are also able to choose one hacking environment from the available software environments (production, development, integration, etc.) You are able to decide which solutions best suit your organization’s needs.

Checklist
Clock

Duration and Schedule of Ethical Hacking

The duration depends on the size of the ToE attack surface. After all requirements to start the project have been met, each attack will have a defined start and end date.

Inspection Cycles

One-shot Ethical hacking seeks to attack a single version of your application, therefore it has only one inspection cycle on the selected system.

Metal Gear
Person working in a computer

Findings follow up using Integrates, communication and reports

Customers can check out finding status during project execution using our Integrates product. Each project will have a project manager, so you can express your company’s needs before, during and after execution. Daily progress reports are sent via e-mail. Reports include coverage, strictness, partial result and overall progress.

Exploitation

As long as we have access to deployed applications and customer authorization, using our own exploitation engine Asserts.

Computer with an open lock symbol
Arrows flowing out of a lock

Critical information extraction

Whenever findings indicate the need to obtain information, information extraction is done to maximize finding impacts without compromising sensitive information. Example.

Infection

Whenever findings allow it, infrastructure gets infected with malicious files in order to get additional information, infect servers and verify network controls. We use Shells and our customized cyberweapon Commands with previous customer authorization.

Skull symbol in front of a computer
Bar graph with a continuous line on top

Reports delivered by secure vault

Final reports are all-inclusive (evidence of security vulnerabilities, remediation, etc.) and are delivered to customers using a secure file transfer website.

Validation meeting

Each Ethical Hacking test includes a meeting with the customer’s technical team to validate reports. If there are any issues, these are addressed. This meeting takes place remotely.

Two persons having a conversation
Bar graph in a presentation

Report presentation meeting

This is a formal executive report presentation including questions-and-answers. All project stakeholders can participate. It can take place personally or remotely according to the customer’s needs.

Information gets deleted securely

7 days after customer’s final report approval all information gathered during Ethical Hacking is deleted securely from all our systems.

Trash can with a cloud behind
Team

Highly trained hacking team

Our hackers are certified in practical hacking in real scenarios and have academic backgrounds related to security testing. They are able to perform manual hacking and also use tools to guarantee the reporting of several types of findings including those with specific business impacts, those regarding insecure programming practices, and those regarding standard alignment and security regulation compliance. This enables us to detect Zero-Day findings, all with no false-positive reports.

  • To check on differences between our services and other providers take a look at our differentiators here.

  • To check on differences between our One-shot hacking and Continuous hacking take a look at our comparative here.

Want further information about our services? Do not hesitate to contact us.


Service status - Terms of Use