Fluid Attacks News logo

News

Subscribe to Updates

Labels

  • All Posts
  • Fix
  • Announcement
  • Improvement
  • new

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • July 2019
Product Roadmap
In Review
VEX Support
new
In Progress
Azure integration
new
Container images analysis
new
PHP SAST Suppport
new
Platform redesign
new
CVSS 4.0 in our platform
new
new
3 years ago

Mobile App

Did you know that our mobile app shows you highly relevant information about the remediation of security vulnerabilities in your projects?

Also get OTP passphrases to open reports.

Download the app to your cell phone and stay updated!

Google Play Store

Apple App Store


Avatar of authorMaria Fernanda Toro
new
3 years ago

Detailed Information on Vulnerabilities

A few weeks ago, we announced a change in vulnerability names. Now it is the turn for our integration with the Fluid Attacks Documentation site.

In the description of each vulnerability, we will find different links with detailed information about the vulnerability and unfulfilled requirements. With this information, developers and managers will surely be able to understand the vulnerabilities better.


Avatar of authorJuan
Announcement
3 years ago

ARM Upgrade

As part of our continuous improvement, we will upgrade our database on Monday, Sep 27, from 9 p.m. to 11 p.m. EST. The ASM will be unavailable during the activity.

This upgrade improves the user experience and prepares us for future needs.

The activity will not affect stored data and API consults will be available. We apologize for any inconvenience this may cause.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.



Avatar of authorJuan
Improvement
3 years ago

Environment Table

Within the security testing service, the scope of the tests is one of the fundamental factors to guarantee their effectiveness.

For some months now, we have been working on improving the test scope management through our ARM. For this reason, we implemented an exclusive table in our Scope section that compiles the registered environments.

Through this table, we will be able to detail all the environments included within the scope of the tests and their respective roots.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Avatar of authorJuan
Improvement
3 years ago

About Roots and Permissions

In security testing, ToE (Target of Evaluation) is the basis for obtaining the expected results. For Fluid Attacks, "Roots" is the way to manage the ToE of the group.

Roots misconfiguration could seriously affect the hacking service. This is why from our product team, we are making extra efforts to protect and secure Roots management.

As a result of these efforts, Roots can be deactivated only

  • when they have no open or untreated vulnerabilities and
  • by authorized roles (system owner, user manager).

Other definitions are on the way. Stay tuned!

Avatar of authorJuan
new
3 years ago

Risk-based Analytics

One of the main dilemmas we face every day is which vulnerability to close first. It was from this that we at Fluid Attacks designed a metric to help us make better decisions. We are talking about the CVSSF.

With this new metric, we can understand that closing 10 vulnerabilities with a score equal to 1 is not the same as closing 1 vulnerability with a score equal to 10. At the same time, we can calculate the level of exposure of a system.

Thanks to this new graph based on the CVSSF, you will be able to know which vulnerabilities to attack and remediate first to reduce the level of exposure of your system.

Avatar of authorJuan
new
3 years ago

Filters Everywhere

As the security testing service progresses, the amount of data generated can be overwhelming. 

Filtering the information is of great importance in order to manage the group correctly.

From now on, within the ARM, you will find new filter sections that allow you to organize the information according to the needs of each day.

Avatar of authorJuan
Improvement
3 years ago

Upload Files

Sharing files from a controlled system is very important when it comes to security.

This is why, from now on, it will be possible to share files of up to 5 GB through our platform.

Avatar of authorJuan
new
3 years ago

Live Chat

If you have a question about any feature of the ARM or need help on how to use it, we recommend you to get in touch using the Live Chat option. Through this means, we provide you with fast and personalized support on minor issues for which it is not necessary to schedule a video call (in this case, the Talk to an expert option would apply).

To find the Live Chat option, go to the top-right corner of the ARM and click on the question mark icon. Select Live Chat from the drop-down menu. That's it! You will be ready to talk to someone on our staff who can support you in your work with our app.

Avatar of authorMaria Fernanda Toro
Announcement
3 years ago

Updated Vulnerability Names

Standardization is the concept that allows us to have traceability throughout our processes. Therefore, as fans of this idea, we decided to update the vulnerabilities' names to have a standard system.

Among the changes made, you will see:

  • Titles in English (other information remains in the preferred language).
  • The F at the beginning of the title disappeared.

We are creating new typologies all the time. If you want to know the details of the typologies created, you can visit 

https://docs.fluidattacks.com/criteria/vulnerabilities/

Avatar of authorJuan