Quick startBasicsWhat is CSPM?

What is CSPM?

Last updated: Mar 27, 2026

Cloud security posture management (CSPM) is a security technique for detecting misconfigurations and policy violations in cloud infrastructure.

Unlike static application security testing, which examines application source code, CSPM assesses infrastructure as code (IaC) scripts, container images, and cloud environments and services. This allows security teams to identify configuration weaknesses before they can be exploited, complementing code-level techniques with coverage of the cloud layer.

To learn more about Fluid Attacks' CSPM capabilities, refer to the following resources in this documentation:

  • Supported cloud environments: Discover which cloud providers are currently supported for CSPM scanning.
  • Security requirements verified with CSPM: Understand the security requirements that form the basis of Fluid Attacks' CSPM scans, including the weaknesses detected, their severity, and their CWE IDs.
  • Use the scanners: Perform CSPM, among other techniques, with Fluid Attacks' free and open-source command-line interface (CLI) tools.
  • Sign up: Start the free trial of Fluid Attacks' CSPM and other automated techniques, in which the scanner is configured for you to continuously monitor your cloud security as you develop, and Fluid Attacks provides you with reports, analytics, and remediation suggestions on its platform.

What is DAST?

The Fluid Attacks scanner performs dynamic application security testing, DAST, a technique for detecting security vulnerabilities in running applications.

Billing

Learn about Fluid Attacks' billing model for the Continuous Hacking solution, including details on author identification.