Skip to main content

Encryption in transit

All our applications and services have industry-standard encryption in transit.

  • The Fluid Attacks domain uses the latest TLSv1.3 cryptographic protocol for maximum in transit protection.

  • We maintain an SSL A+ score from SSL Labs.

  • Digital certificates for Fluid Attacks are renewed every 30 days in order to minimize leaks.

  • We use the HSTS policy to ensure that every connection to our domain goes through HTTPS.

  • We demand all connections to support at least TLSv1.2.

  • Attack Surface Manager’s (ASM) database uses TLSv1.2 for in transit protection.

  • We possess fully dedicated network channels with some of our biggest clients, allowing us to isolate all unwanted traffic. This is especially useful for running secure dynamic application hacking.

  • For the rest of our clients, we use fully encrypted VPNs.

  • Ephemeral environments always include a digital certificate, validated with ACME protocol, and not self-signed.