Skip to main content

Introduction

Regarding a field as critical as cybersecurity, it is always best to be aware of the ideal conditions for keeping systems as secure as possible and the difficulties associated with non-compliance. At Fluid Attacks, we recognize this, which is why we are committed to sharing our knowledge on the topic with our clients and the community. Using a reasonable and meticulous method, we have been building this block of information over the years and have compiled it into three categories, which we present in this section of our documentation, called Criteria.

In the first part, we exhibit an ever-evolving list of vulnerabilities, grouped according to CAPEC (Common Attack Pattern Enumeration and Classification), which supports our security assessments and analysis as a red team. In the second part, we present a list of security requirements that guide and determine the rigor of our tests. And finally, we offer a list in which we reference all the international security standards that we have filtered and condensed to construct our summary of requirements.