Did you know that our mobile app shows you highly relevant information about the remediation of security vulnerabilities in your projects?
Also get OTP passphrases to open reports.
Download the app to your cell phone and stay updated!
A few weeks ago, we announced a change in vulnerability names. Now it is the turn for our integration with the Fluid Attacks Documentation site.
In the description of each vulnerability, we will find different links with detailed information about the vulnerability and unfulfilled requirements. With this information, developers and managers will surely be able to understand the vulnerabilities better.
As part of our continuous improvement, we will upgrade our database on Monday, Sep 27, from 9 p.m. to 11 p.m. EST. The ASM will be unavailable during the activity.
This upgrade improves the user experience and prepares us for future needs.
The activity will not affect stored data and API consults will be available. We apologize for any inconvenience this may cause.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.
Within the security testing service, the scope of the tests is one of the fundamental factors to guarantee their effectiveness.
For some months now, we have been working on improving the test scope management through our ARM. For this reason, we implemented an exclusive table in our Scope section that compiles the registered environments.
Through this table, we will be able to detail all the environments included within the scope of the tests and their respective roots.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.
In security testing, ToE (Target of Evaluation) is the basis for obtaining the expected results. For Fluid Attacks, "Roots" is the way to manage the ToE of the group.
Roots misconfiguration could seriously affect the hacking service. This is why from our product team, we are making extra efforts to protect and secure Roots management.
As a result of these efforts, Roots can be deactivated only
Other definitions are on the way. Stay tuned!
One of the main dilemmas we face every day is which vulnerability to close first. It was from this that we at Fluid Attacks designed a metric to help us make better decisions. We are talking about the CVSSF.
With this new metric, we can understand that closing 10 vulnerabilities with a score equal to 1 is not the same as closing 1 vulnerability with a score equal to 10. At the same time, we can calculate the level of exposure of a system.
Thanks to this new graph based on the CVSSF, you will be able to know which vulnerabilities to attack and remediate first to reduce the level of exposure of your system.
As the security testing service progresses, the amount of data generated can be overwhelming.
Filtering the information is of great importance in order to manage the group correctly.
From now on, within the ARM, you will find new filter sections that allow you to organize the information according to the needs of each day.
Sharing files from a controlled system is very important when it comes to security.
This is why, from now on, it will be possible to share files of up to 5 GB through our platform.
If you have a question about any feature of the ARM or need help on how to use it, we recommend you to get in touch using the Live Chat option. Through this means, we provide you with fast and personalized support on minor issues for which it is not necessary to schedule a video call (in this case, the Talk to an expert option would apply).
To find the Live Chat option, go to the top-right corner of the ARM and click on the question mark icon. Select Live Chat from the drop-down menu. That's it! You will be ready to talk to someone on our staff who can support you in your work with our app.
Standardization is the concept that allows us to have traceability throughout our processes. Therefore, as fans of this idea, we decided to update the vulnerabilities' names to have a standard system.
Among the changes made, you will see:
We are creating new typologies all the time. If you want to know the details of the typologies created, you can visit