Correct management of the Attack Resistance Management is critical in a successful security testing process. This is why in recent months, we have been implementing a series of improvements in the management of the roots (GIT repositories, environments). We seek to facilitate administration, ensuring the integrity and traceability of the information recorded.

Therefore, from the Scope section of our ARM, you can activate, deactivate, move or edit the roots associated with the group.

In order to maintain the integrity of the information, we must take into account that for the Roots edition

• the URL is allowed to be edited if it doesn't have reported vulnerabilities, and
• the Branch can be edited in all cases. 

There are two possible reasons for deactivating a root:

• It is out of scope
• It has been registered by mistake

In either case, the associated vulnerabilities are closed, and it is made clear that this is due to a change in the scope of testing.

In addition to the above, you can also move roots to other groups of the same organization, taking into account that

• the root doesn't exist in the destination group, and
• all vulnerabilities associated with this root will be migrated to the new group.

It is important to remember that the success of the testing depends on the proper management of its scope, so we are attentive to answer any questions you may have.

What happened

• Due to a testing strategy implementation to reproduce production tests in local environments, a conflict in service ports unleash in a service outage.

What we’ve done

• Revert commit that were causing the conflict.

What’s the impact

• ARM was unavailable  from 2021-10-22 16:11PM until 2021-10-22 16:30 (19 min).

What we are doing to help

• Pin production to a specific commit, not to master branch. Preventing rollout issues.

For more information about the permissions associated with each role, now you can find a direct link from the group's stakeholders table to the general documentation of the platform.

From there, you can see in detail the description of each role and its allowed actions.

To see the complete list of roles, you can visit https://docs.fluidattacks.com/machine/web/groups/roles.

Until recently, inviting new users was complicated; the invitation email was lost and did not reach its destination.

Now, from the Stakeholders section, we will be able to resend the invitation to ensure that the user confirms access to the application.

What happened

• Due to a recent DB migration, some vulnerabilities are not loaded correctly, caused by an inconsistency in migrated data.

What we’ve done

• Improve ARM logic to prevent errors due to those inconsistencies.
• Update inconsistent data from backups.

What’s the impact

• Accessing 40 groups in the ARM was intermittent from 2021-10-05 12M until 2021-10-05 16:40 (4.5 hours)

What we are doing to help

• We are currently ensuring any further changes to our database have a full backup.
• Continuous monitoring to data consistency.

How do my numbers compare to those of other organizations? How close am I to being the best?

Today, it is not possible to find data on the Internet to help us answer these questions. This is why, using our 20 years of history, we provide our users with several comparative graphs that will allow them to know how they are doing in terms of security.

How many vulnerabilities am I closing compared to others?

How long is it taking me to close the vulnerabilities?

These are just some questions you can answer with the help of our benchmarking analytics section.

Did you know that our mobile app shows you highly relevant information about the remediation of security vulnerabilities in your projects?

Also get OTP passphrases to open reports.

Download the app to your cell phone and stay updated!

Google Play Store

Apple App Store

A few weeks ago, we announced a change in vulnerability names. Now it is the turn for our integration with the Fluid Attacks Documentation site.

In the description of each vulnerability, we will find different links with detailed information about the vulnerability and unfulfilled requirements. With this information, developers and managers will surely be able to understand the vulnerabilities better.

As part of our continuous improvement, we will upgrade our database on Monday, Sep 27, from 9 p.m. to 11 p.m. EST. The ASM will be unavailable during the activity.

This upgrade improves the user experience and prepares us for future needs.

The activity will not affect stored data and API consults will be available. We apologize for any inconvenience this may cause.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Within the security testing service, the scope of the tests is one of the fundamental factors to guarantee their effectiveness.

For some months now, we have been working on improving the test scope management through our ARM. For this reason, we implemented an exclusive table in our Scope section that compiles the registered environments.

Through this table, we will be able to detail all the environments included within the scope of the tests and their respective roots.