Manage a group’s configuration
Manage group information
Group information fields
You can find the information of your company and the group scrolling down the Scope section.
The following are the descriptions of the fields:
- Business registration number: The unique number that identifies your company as an incorporated entity
- Business name: Legal name of your company
- Description: A short and summarized description of the system(s) associated to the group
- Sprint length: If you use sprints as part of your work methodology, this field specifies the number of weeks each sprint lasts for this group (if you do not change it, the default value is one week)
- Start date: The start date of your team’s project
- Report language: Language in which your organization chooses to get reports (only English and Spanish are available)
- Payment: The current payment configuration of the group (this information is visible to all group members but can only be modified by authorized Fluid Attacks members):
- Managed: The group is using another payment method than a credit card, and this method has already been validated
- Not managed: The group’s payment method is credit card
- Under review: Either payment is pending, a payment method’s effectiveness is being validated, or a free trial has expired and a paid subscription is required to continue testing (see the notes below to learn how this option affects group access)
- Free trial: The company is enjoying a free trial for which no payment method is required
Notes:
- Filling out business registration number and business name is necessary for generating security testing certificates .
- When a group’s value in the Managed field is Under review, group access is blocked for members with the exception of Fluid Attacks staff.
- Changing the Managed field value from Under review to a different value reestablishes group access to members without having to issue any invitations .
Edit group information
Role required: Group Manager
If you need to make a change in the group information fields , just modifying the values in any of the fields activates the Continue button, which you should click in order to save changes.
After changes are saved, you and other group members are sent a notification showing the current group information along with how it changed.
Note: The Fluid Attacks staff roles that give the permission to edit these fields are Customer Manager and Admin .
Manage a group’s information for context
Role required: User, Vulnerability Manager or Group Manager
It is essential to make available information that gives the context of the system(s) for which group was created, both for your team members that are part of the project and for Fluid Attacks’ security analysts to read. To find this information, you have to go to the Scope section of the group in question and scroll down to Group context.
Click on Edit to modify the information. You can specify here the system’s purpose and whether it is accessible through the Internet, among other helpful details.
Manage disambiguation information for a group
A Fluid Attacks Admin , Architect , Customer Manager , Hacker , Reattacker , Resourcer , or Reviewer role is required.
Fluid Attacks’ security analysts may sometimes write necessary clarifications on what should be tested in a group. These are visible only to other security analysts in the Scope section under Disambiguation.
Manage files shared with Fluid Attacks
Role required: User, Vulnerability Manager or Group Manager
In the Scope section of your group, you can upload and download any files that may be useful or necessary for performing manual security testing on the software development project in question. To do this, scroll down to Files.
To upload a file, follow these steps:
- Click on the Add button.
- In the pop-up window, click on the Add file button and choose the file you wish to upload. Its size must not exceed 5GB.
- Provide a description of how the file can be of use.
- Click on Confirm when you are done.
When you have uploaded a file successfully it will be added to the table.
If you want to download or remove a file, you have to click on its name and select the corresponding option in the pop-up window.
The deletion of application files linked to specific environments is restricted. This prevents these environments from running out of valid files and becoming unmanageable. In cases where you want to delete files, you must delete the entire environment.
Manage group services
A Fluid Attacks Customer Manager or Admin role, or a Group Manager role , is required.
Please bear in mind the following details when downgrading from the Advanced plan:
- DAST for APIs and mobile apps stops.
- Vulnerabilities detected through PTaaSÂ , SCRÂ and REÂ are permanently deleted.
- Regaining accuracy SLA coverage requires a new Health Check after reupgrading.
The characteristics of the subscription of a group can be managed under Services, in the Scope section. Some Fluid Attacks members with access to the group can view this information in read-only mode.
These are short descriptions of the above fields:
- Service type: The Fluid Attacks solution the group is using (currently, clients can subscribe only to the all-in-one solution, Continuous Hacking )
- Type of testing: Whether testing is done with or without access to source code
- White: Fluid Attacks is given access to source code (white-box testing is performed)
- Black: Fluid Attacks is not given access to source code (black-box testing is performed)
- Essential: Security testing is performed with Fluid Attacks’ automated tools
- Advanced: In addition to all the features of the Essential plan, manual security testing is performed by Fluid Attacks’ team of pentesters
If you have the necessary permission , you can modify the plan subscription:
- Make the necessary changes and click on the button below. This causes a pop-up window to appear.
- Review the changes in the pop-up window. You have to give observations about the change and write the name of the group where the change is being made.
If you deactivate Essential or Advanced, you are asked the reason for this downgrade after confirming that you understand the implications.
- When you verify that everything is correct, click on the Confirm… button.
After changes are made successfully, you and group members that have the Updated services notification enabled receive an email informing the changes made.