Attack surfaces
Last updated: Mar 2, 2026
Supported
Please note that the following API types are currently available exclusively in our Advanced plan: GraphQL API, gRPC API, REST API and SOAP APIs.
Currently, these are the attack surfaces supported by Fluid Attacks' DAST and PTaaS:
- DNS records
- GraphQL API
- gRPC API
- Headers
- HTML content
- REST API
- SSL connections for encryption suites, protocols, and X509 certificates
- SOAP APIs
- Unauthenticated HTTP endpoints
- Webhooks
- WebSockets
Unsupported
Fluid Attacks' PTaaS and DAST do not support the following attack surfaces:
- Authenticated HTTP endpoints
- DOM APIs
- OpenAPIs
- Postman APIs
- Swagger APIs
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.