At Fluid Attacks, we aim to apply the most relevant security standards to offer our clients the best services. This time, we are showcasing the HITRUST CSF. This standard is both risk and compliance-based, making it possible for organizations of varying risk profiles to customize their security and privacy control baselines. It is sensitive to data protection compliance and the challenges of assembling and maintaining various programs. Therefore, it provides the structure, transparency, guidance and cross-references to authoritative sources organizations need to check their data protection compliance, as well as an approach to ensure the proper alignment, maintenance and comprehensiveness of components. You can find this and other standards we are applying at Fluid Attacks in the Docs/Criteria section. The version used in this section is HITRUST CSF v9.6.0.

We are glad to announce that we are working hard every day to enhance our ARM for your daily use. Currently, we are working on changes that will enable users to generate reports without role restrictions. Additionally, we are working on enhancing our authentication process by diversifying our channels for delivering one-time passphrases. These future improvements will provide access, speed and flexibility to the generation of the reports about the vulnerabilities in a specific group.

At Fluid Attacks, we are happy to constantly improve our products and services to provide our users and clients with a more intuitive and enjoyable experience. This time, we made changes to our documentation, specifically in the Criteria section. Before this change, the URLs of the standards in the Compliance subsection - that is, those we use as the basis for our security testing - ended in three-digit numbers. Now, as expected, each URL ends with the name of the corresponding standard. Let's say you are looking for information about BSIMM within our documentation: The URL of that site will no longer end in /001 but in /bsimm. This small change will undoubtedly favor your navigation.

Before and after:

Remember, all feature improvements are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

On the ARM, you must be part of a specific group to access its confidential information. For you to join a particular group, the group's Manager must send you an invitation. This invitation will arrive in your email inbox with the subject "Access granted to (name of the group) on ARM by Fluid Attacks." In that email message, you can either confirm or reject access. If you confirm, you will immediately have full access.

All feature improvements are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

We are excited to announce the security standards we are applying at Fluid Attacks. Remember, our priority is to keep improving our security and services. This time, we are showcasing the OWASP Top 10. This is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. You can find this and other standards we are applying at Fluid Attacks in the Docs/Criteria section. The version used in this section is OWASP Top 10:2021.

We are always improving our system for our clients and tracking vulnerabilities in a correct and ethical manner.

Over time, at Fluid Attacks, we have improved the efficiency and runtime of our Machine service, prioritizing the tracking and reporting of vulnerabilities for our clients. Our team of developers has not stopped contributing to the positive evolution of this service. Now, we are constantly scanning, detecting, reporting and reattacking vulnerabilities in the repositories in a faster way. All this without leaving aside our essential commitment to keep the false positive rate to a minimum.

Today we are pleased to announce our new Estimated MTTR indicator. This feature helps us calculate the estimated time it would take your team to remediate a specific vulnerability. This is useful to give you an idea of how much time you should invest in completing this task.

You will find this indicator among the global type information of each vulnerability.

We are excited about improving the ARM for you. We invite you to subscribe to our News to be updated on all our improvements and new features.

If you want to know more about Fluid Attacks and all services we offer, you need to visit our Docs site. Here we give to support the workers and clients how to use our service and products. Here you will see five sections: About, Machine, Squad, Criteria, and Development. Depending on your interest, select the one you need.

Today we are pleased to announce that using our machine technology, our response time to reattack requests has decreased from hours to several minutes for particular vulnerabilities.

We are excited about improving our ARM for your daily work. We invite you to follow our News to be updated on all our improvements and use this amazing features.

Time is essential in our daily life, and when it comes to securing our systems, time is the difference between a good and a bad strategy. This is why our team is committed to responding to our customers' requests as fast as possible.

The Surface section in the ARM is where you can check the attack surface of your software that Fluid Attacks' services have evaluated. There are two ways to do this: using the Lines tab or the Inputs tab. 

In the Lines tab, you can see the files and repositories included in our SAST service.

In the Inputs tab, you can find every field of your app included in our DAST service. 

In these tables, you can verify if a specific file or field has vulnerabilities.