Group configuration

Last updated: Mar 25, 2026

Manage group information

Group information fields

You can find information about your company and the group by scrolling down the Scope section.

The following are the descriptions of the fields:

Business registration number: The unique number that identifies your company as an incorporated entity
Business name: Legal name of your company
Description: A short and summarized description of the system(s) associated with the group
Sprint length: If you use sprints as part of your work methodology, this field specifies the number of weeks each sprint lasts for this group (if you do not change it, the default value is one week)
Start date: The start date of your team's project
Report language: Language in which your organization chooses to get reports (only English and Spanish are available)
Payment: The current payment configuration of the group (this information is visible to all group members but can only be modified by authorized Fluid Attacks members):
Managed: The group is using a payment method other than a credit card, and this method has already been validated
Not managed: The group's payment method is a credit card
Under review: Either payment is pending, a payment method's effectiveness is being validated, or a free trial has expired and a paid subscription is required to continue testing (see the notes below to learn how this option affects group access)
Free trial: The company is enjoying a free trial for which no payment method is required

(a) Filling out the business registration number and business name is necessary for generating security testing certificates.
(b) When a group's value in the Managed field is Under review, group access is blocked for members with the exception of Fluid Attacks staff.
(c) Changing the Managed field value from Under review to a different value reestablishes group access to members without having to issue any invitations.

Edit group information

Role required: Group Manager

If you need to make a change in the group information fields, just modifying the values in any of the fields activates the Continue button, which you should click in order to save changes.

Change group information on the Fluid Attacks platform

After changes are saved, you and other group members are sent a notification showing the current group information along with how it changed.

The Fluid Attacks staff roles that give permission to edit these fields are Customer Manager and Admin.

Manage a group's information for context

Role required: User, Vulnerability Manager or Group Manager

It is essential to make available information that gives the context of the system(s) for which the group was created, both for your team members who are part of the project and for Fluid Attacks' security analysts to read. To find this information, you have to go to the Scope section of the group in question and scroll down to Group context.

Edit group context on the Fluid Attacks platform

Click on Edit to modify the information. You can specify here the system's purpose and whether it is accessible through the Internet, among other helpful details.

Manage disambiguation information for a group

A Fluid Attacks Admin, Architect, Customer Manager, Pentester, Reattacker, Resourcer, or Reviewer role is required.

Fluid Attacks' security analysts may sometimes write necessary clarifications on what should be tested in a group. These are visible only to other security analysts in the Scope section under Disambiguation.

Manage disambiguation on the Fluid Attacks platform

Manage files shared with Fluid Attacks

Role required: User, Vulnerability Manager or Group Manager

In the Scope section of your group, you can upload and download any files that may be useful or necessary for performing manual security testing on the software development project in question. To do this, scroll down to Files.

Manage files on the Fluid Attacks platform

To upload a file, follow these steps:

Click on the Add button.
In the pop-up window, click on the Add file button and choose the file you wish to upload. Its size must not exceed 5 GB.
Provide a description of how the file can be of use.
Click on Confirm when you are done.

When you have uploaded a file successfully, it will be added to the table.

If you want to download or remove a file, you have to click on its name and select the corresponding option in the pop-up window.

Download or remove a file on the Fluid Attacks platform

The deletion of application files linked to specific environments is restricted. This prevents these environments from running out of valid files and becoming unmanageable. In cases where you want to delete files, you must delete the entire environment.

Manage group services

A Fluid Attacks Customer Manager or Admin role, or a Group Manager role, is required.

Please bear in mind the following details when downgrading from the Advanced plan:
(a) DAST for APIs and mobile apps stops.
(b) Vulnerabilities detected through PTaaS, SCR and RE are permanently deleted.
(c) Regaining accuracy SLA coverage requires a new Health Check after reupgrading.

The characteristics of the subscription of a group can be managed under Services, in the Scope section. Some Fluid Attacks members with access to the group can view this information in read-only mode.

These are short descriptions of the above fields:

Service type: The Fluid Attacks solution the group is using (currently, clients can subscribe only to the all-in-one solution, Continuous Hacking)
Type of testing: Whether testing is done with or without access to the source code
White: Fluid Attacks is given access to the source code (white-box testing is performed)
Black: Fluid Attacks is not given access to the source code (black-box testing is performed)
Essential: Security testing is performed with Fluid Attacks' automated tools
Advanced: In addition to all the features of the Essential plan, manual security testing is performed by Fluid Attacks' team of pentesters

If you have the necessary permission, you can modify the plan subscription:

Make the necessary changes and click on the button below. This causes a pop-up window to appear.
Review the changes in the pop-up window. You have to give observations about the change and write the name of the group where the change is being made.

If you deactivate Essential or Advanced, you are asked the reason for this downgrade after confirming that you understand the implications.
When you verify that everything is correct, click on the Confirm... button.

After changes are made successfully, you and group members who have the Updated services notification enabled receive an email informing you of the changes made.