Fluid Attacks News logo

News

Subscribe to Updates

Labels

  • All Posts
  • Fix
  • Announcement
  • Improvement
  • new

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • July 2019
Product Roadmap
In Review
VEX Support
new
In Progress
Azure integration
new
Container images analysis
new
PHP SAST Suppport
new
Platform redesign
new
CVSS 4.0 in our platform
new
Announcement
2 years ago

How many types of vulnerabilities are there in your system?

Do you find it helpful to know the total types of vulnerabilities you have in your organizations, groups and portfolios? We show you this information on the ARM under the label Total types. This number will be useful when creating and tracking objectives concerning the total types of vulnerabilities in your systems.

Remember you can find this chart in three different Analytics sections, which will show you different results, depending on whether they relate to your organizations, groups or portfolios.

Avatar of authorMaria Fernanda Toro
new
2 years ago

We’re checking a new security standard: NIST SSDF

With good security standards implemented in your software, you will be able to mitigate risks more effectively. We are excited to announce the new security standard we are applying at Fluid Attacks: the NIST Secure Software Development Framework (SSDF). It describes a set of high-level practices based on established standards, guidance and secure software development practice documents.

You can find this and other standards we are applying at Fluid Attacks in the Compliance section of our Documentation. The version used for this section is NIST SP 800-218 v1.1, February 2022. Write to us at help@fluidattacks.com if you have any comments or questions about this standard.

Avatar of authorMaria Fernanda Toro
new
2 years ago

New! Save time when adding/editing roots

Now you can see your existing credentials when you are adding or editing a root on the ARM. When you select any of them, the fields requiring credential information will immediately autofill with the details of the existing credential. This will help you save time and reduce errors.

Tell us what you think about this new feature by contacting us at help@fluidattacks.com or commenting on this post. We invite you to subscribe to our News channel where we publish weekly information about the ARM and the standards we apply on our security checks. 

Avatar of authorMaria Fernanda Toro
Announcement
3 years ago

What’s the executive role on the ARM?

We designed a role for users in managerial positions so they can stay informed about all their project's vulnerabilities and act on that information to ensure their remediation. Users with the executive role can access general and detailed data about vulnerabilities, change their treatment, request reattacks, among other functions. If you want to know more about the different roles on the ARM, we invite you to follow this link. 

Avatar of authorMaria Fernanda Toro
Announcement
3 years ago

Get reminders to use the ARM

We encourage you to use the ARM constantly to benefit your cybersecurity practices. This is why, if you are a user manager, we send you an Inactivity alert notification reminding you to use the platform when we detect you’ve stopped using it for three weeks. You can manage this alert from the Notifications section.

We are committed to our customers, always providing them excellent services and valuable features on the ARM. We invite you to subscribe to our News channel so you don't miss announcements about our platform and its improvements.

Avatar of authorMaria Fernanda Toro
new
3 years ago

New! Learn how many vulnerabilities are still not assigned

Now you can find out the percentage of open vulnerabilities which have not been assigned to a developer vs. those that have. You just have to go to the Analytics section of your organization/group/portfolio and find the pie chart named Vulnerabilities by assignment. We hope it will help your decisions to prioritize vulnerability treatments.

Feel free to explore all the charts in the ARM Analytics sections! Don’t forget to subscribe to our News channel so that you don't miss any of the news we post every week.

Avatar of authorMaria Fernanda Toro
new
3 years ago

Enjoy the ARM’s new remediation percentage feature!

Now you can find out how close you are to remediating a whole type of vulnerability. You can see this in the new column in the Vulnerabilities section, called Remediation %. This will help you prioritize remediation according to your organization goals and needs.

At Fluid Attacks, we work hard to bring features that meet our customers’ needs. If you have any comments on this new feature, don’t hesitate to post it under this post or write to us at help@fluidattacks.com.

Avatar of authorMaria Fernanda Toro
Announcement
3 years ago

Get to know the new standard we’re applying: WASC

Every day we are working to improve our security criteria. One standard we have implemented is the Web Application Security Consortium  (WASC), which is a cooperative effort to clarify and organize the threats to the security of a website. It outlines the attacks and weaknesses that can lead to compromising the website, its data or its users. You can find this and other standards we are applying at Fluid Attacks in the Compliance section of our Documentation. The version used in this section is WASC Threat Classification v2.0.


Avatar of authorMaria Fernanda Toro
new
3 years ago

Now you can manage your app’s secrets on the ARM. Try it!

We are pleased to announce that we are implementing the new Secrets section. To access it, go to Scope, click on the URL of an active Git root or Environment URLs and select Secrets from the Edit root popup window. There you can examine, add, update and delete secrets (e.g., usernames, passwords, email addresses and tokens) of the selected root. Thanks to this enhancement, User managers easily handle secrets on the ARM, and the time it takes for them to reach our analysts is considerably reduced.

We are delighted to improve the ARM every day for you. We invite you not to miss any of these updates by subscribing to our News channel.

Avatar of authorMaria Fernanda Toro
Announcement
3 years ago

User Manager Role: What are its privileges?

Did you know that the user manager role on the ARM is the one that grants the highest level of privileges on the platform? People with this role have access to all the available functions, so they have complete control over vulnerability management, including how their team handles remediation. If you want to know more about this role, follow this link. Remember that you can find out your role on the ARM by clicking the user icon on the upper-right part of your screen.

Avatar of authorMaria Fernanda Toro