Today we are pleased to announce that using our machine technology, our response time to reattack requests has decreased from hours to several minutes for particular vulnerabilities.

We are excited about improving our ARM for your daily work. We invite you to follow our News to be updated on all our improvements and use this amazing features.

Time is essential in our daily life, and when it comes to securing our systems, time is the difference between a good and a bad strategy. This is why our team is committed to responding to our customers' requests as fast as possible.

The Surface section in the ARM is where you can check the attack surface of your software that Fluid Attacks' services have evaluated. There are two ways to do this: using the Lines tab or the Inputs tab. 

In the Lines tab, you can see the files and repositories included in our SAST service.

In the Inputs tab, you can find every field of your app included in our DAST service. 

In these tables, you can verify if a specific file or field has vulnerabilities.

Remember, with the last feature we release Vulnerability Assignment. With this, you can choose whom in your team to assign a vulnerability. Besides this feature, we want to announce the new view named To-Do List. Here you can manage all the assigned vulnerabilities and have good tracking in your daily tasks. You can access clicking on the icon To-Do List in the top bar or go to todos.

Another way to constantly get notified about this great feature in your daily living is the notification email. When you have been assigned to a vulnerability, you will have an email telling you what vulnerability is.

We are very happy and excited improving our ARM for your daily work. We invite you to follow our News to be updated on all our improvements and use this amazing features.

You can now choose whom in your team to assign a vulnerability we have reported in any of your groups.

Thanks to this feature, the first in a series of related innovations, you can easily keep track of the vulnerability management of each member of your team.

We invite you to follow our news channel to be updated on all our improvements.

You, dear Fluid Attacks' client, who may have recently become aware of the risk posed by the Log4j zero-day vulnerability worldwide, can immediately find out if it is present in your software for prompt remediation.

In the ARM, in any of your groups, you can look for the vulnerability type "011. Use of software with known vulnerabilities," in which this critical severity flaw should appear as CVE-2021-44228. Remember that you can break the build in case that problem is present. If you have any doubts about this, don't hesitate to contact us!

Hi there,

Until today, tracking was only available for a group of vulnerabilities. Now, we have released a new feature to track reported vulnerabilities one by one:

Thanks to this feature, you can know what happened with every vulnerability, obtaining dates, managers, and justifications for each change in its history.

We hope this feature will help you in vulnerability management and keep you on the remediation path.

Fulfilling top industry privacy standards, we added to our ARM the option to delete your account:

With this option (User menu -> Delete account), in case you don't need to use our platform anymore, you can delete your account and relinquish all your currently available permissions.

Additionally, you can unsubscribe (Group -> Scope -> Unsubscribe) from any group.

Keep in mind that we do not retain for you any information about your deleted account or the groups from which you unsubscribed. Therefore, if you delete your account by mistake, you will then log in to the ARM as a new user. On the other hand, if you unsubscribe from a group by mistake, you must request a new invitation to the group.

Every day we are working to improve our users' experience in the ARM.

After a recent migration in our database, we were able to speed up the browsing on the platform, especially for groups with a large number of vulnerabilities, reducing their loading time.

In the coming weeks, we will make optimizations on other views, aiming to achieve a significant improvement in the browsing speed across the entire platform.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Recently, our agent got a beautiful update (among other things).

We implemented a new clear and friendly interface to bring you more information when running our DevSecOps Agent.

The new table design, in which we added the severity values, provides our users with the complete status of each vulnerability in their systems.

Remember to check our installation guide (https://docs.fluidattacks.com/machine/agent/installation) to begin using our agent, and, if you have any questions, don't hesitate to contact us at help@fluidattacks.com.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to the email mentioned above.

Our purpose as Fluid Attacks is to provide value through the vulnerabilities we report. Therefore, we are continuously working on improving our processes to generate more accurate reports.

After an exhaustive review, we decided to remove all vulnerability reports of the following typologies:

• 060. Insecure exceptions
• 061. Errors without traceability
• 070. Inappropriate coding practices - Wildcard import
• 073. Conditional statement without a default option

We did this because we consider these typologies as recommendations of programming practices and not vulnerabilities per se. Following this decision, we have been removing these recommendations from the ARM so that development teams can focus on remediation of the reported vulnerabilities.