The Fluid Attacks platform offers comprehensive features designed to manage all your applications and vulnerabilities detected in these. To access the platform, click here.
Below, you will find a series of requirements that you need to consider.
We support the following web browsers, as well as any browser that is compatible with the ECMAScript 2019 standard.
|Firefox||60, 68, 78, 81, 82, 83, 88, 89, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105|
|Chrome||71, 75, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, 103, 104, 105, 106|
|Edge||84, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105|
|Safari||12.1, 13.1, 14, 14.1, 15, 15.1, 15.2, 15.3, 15.4, 15.5, 15.6,16|
|Opera||78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90|
|Chrome iOS||90, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105|
To authenticate in the platform, you need a valid user in at least one of these providers:
For added security, we do not manage users, credentials or MFA (multi-factor authentication). We adopt our customers' policies.
Below, you will find a concise overview of all the sections that constitute our platform. Each section features links that will take you to their main page. We invite you to explore these links to understand each section better.
All customer data is consolidated in this section of the platform. Each organization has a data bucket that only users of that organization can access.
In this section, you will find the following subsections (see the right-hand menu):
Within the Analytics section, you can view tables and different types of graphs, which offer valuable information about how your software is performing in detecting and resolving identified vulnerabilities.
Information presented, among others, includes the following:
- Exposure management over time
- Exposure benchmark
- Accepted vulnerabilities by CVSS severity
- Vulnerabilities treatment
- Accepted vulnerabilities by user
You might have multiple apps within your organization, and it's likely that you want to keep separate their respective vulnerabilities.
You can create as many groups as needed. You have the option of having one group for each application or several groups for a single application; the choice is yours.
Within the "Groups" section, you will discover:
One of the primary sections within the platform is where you can access all the confirmed security issues related to your application. This feature is located in the "Vulnerabilities" section.
This section is divided as follows:
In this section, you will see the list of vulnerabilities, each accompanied by its specific location. In addition, you have the possibility to perform actions such as requesting a reattack, change the treatment, assign a vulnerability to a specific coworker, among other available options.
We invite you to enter here if you want to discover more about this section.
The "Description" tab offers technical insights about the vulnerability type, encompassing its nature, non-compliant security requisites, potential risks, and recommended remedial actions. For a deeper understanding, follow the provided link.
This section provides supporting evidence regarding the existence and exploitation of the specific type of vulnerability reported. The evidence can come in the form of images or videos. For more information, please click here.
The detailed history information of each vulnerability is provided in the Tracking tab section. Here, you will see the entire vulnerability process.
Records tab, you will find a table with data obtained by our ethical hackers after exploiting the vulnerability in your system. Here, you can see sensitive and relevant information for your organization. For more details, click here.
Consulting in the vulnerability
Consulting should be used to communicate with us when a problem is related to any of the reported vulnerabilities or to validate the executed reattacks.
Note: Consulting in the vulnerability view is available for users with Plan Machine in view mode.
Within Group-level analytics, you'll discover graphs, tables, and metrics tailored to your specific group.
Fluid Attacks platform includes an agent that present in the CI pipelines can break the build for open vulnerabilities. This section shows the result of recent executions and more information such as the following:
- Execution date
- Execution status (secure or vulnerable)
- Checked vulnerabilities
- Strictness (Tolerant/Strict)
- Type (SAST/DAST)
In this section you will find a field where you can add comments, questions or doubts you may have about the group in general.
Note: This section is only for the Squad plan.
To get more information about it, check the Roles section.
The authors section gives you a list of git users that commit code to checked repositories.
You need to define the surface that the Fluid Attacks team will check. The following information is required to enable the testing service:
- Roots: Git repositories where you version the application’s source code.
- Environments: URLs where applications are deployed.
- Files: Any information that could help the service.
- Tags: Keywords to build portfolios and get information and analytics for groups that share the tag.
- Services: Active services for the group.
- Deletion: Function to safely delete all group data.
If you want to see more of this section of scope, you can enter it here.
Please check the tags in Scope for more information.
Some users can access your organization's data, but this permission does not guarantee access to groups or vulnerabilities, only access to organization-level analytics and policies.
Explore more of this section by clicking on this link.
You can use vulnerability treatments to plan remediation. To control the correct use of them, you can define rules that will apply to all groups in your organization. To explore this section further click here.
This section refers to repositories that are not yet associated with any group on the platform, which can consult with the credentials available in the Credentials tab. to learn more about this section, you can enter here.
shows the compliance of all
standards validated by
at the Organization and group level.
When the platform was last deployed, be it because of new features or improvements to old features, is not top secret information we are keeping from our clients. You can see this information by clicking on the icon with the letter i on the platform's top-right menu.
Upon clicking, you will see the commit hash ID (a commit’s unique identifier) that corresponds to the update. Below, you will see the update deployment date and time. You can click on the commit hash to see on GitLab the specific lines of code that were changed, the developer who made the change, what was removed and added, and on what file.
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.