Apiiro
How does Fluid Attacks' solution compare to Apiiro's? The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company’s cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.
|
Criteria
|
Fluid Attacks Essential
|
Fluid Attacks Advanced
|
Apiiro
|
|
Accuracy
|
Fluid Attacks' SAST tool achieved the best possible result against the OWASP Benchmark: a TPR (True Positive Rate) of 100% and an FPR (False Positive Rate) of 0%.
|
Fluid Attacks identifies 90% of the evaluated systems' risk exposure. (Accuracy is calculated with the F1 score. Risk exposure is calculated with the formula CVSSF=4^(CVSS-4).)
|
Apiiro does not show information regarding false positive or false negative rates.
|
|
Binary SAST
|
Yes. Fluid Attacks Essential supports APK files.
|
Yes. Fluid Attacks Advanced's capability is equal to that of the Essential plan.
|
Yes. No information available about the types of binary files Apiiro supports.
|
|
Languages (source code SAST)
|
Yes. Fluid Attacks Essential supports the following languages and technologies: Android, C#, CloudFormation, Configuration files, Dart, Docker, Docker Compose, Go, HTML, HTML5, jBASE, Java, JavaScript, Kotlin, Kubernetes, PHP, Python, Razor, Shell Scripting, Storybook, Swift, Terraform, TypeScript and YAML.
|
Yes. Fluid Attacks Advanced supports all languages and technologies supported in the Essential plan, as well as the following: ABAP, ActionScript, Apex, Assembler, ATS, Awk, C, C++, Clean, ClojureScript, Colm, cScript, Dale, Elvish, F#, Falcon, Fish, Fortran, Guile, Hana SQL Script, Haskell, Haxe, Idris, Ion, Janet, JCL, Joker, JScript, JSP, Lisp, Lobster
,
Natural, Nim, Objective-C, Pascal, Perl, PL-SQL, PL1,
PL/SQL,
PowerScript, PowerShell, Prolog, R, RC, RPG4, Rust, Scala, SQL, SQR, Standard ML, T24, TAL, tcsh, Transact-SQL, VB.NET, VBA, VisualBasic 6, XML, among others.
|
Yes.
No information available about the languages Apiiro supports.
|
|
Frameworks (source code SAST)
|
Yes. Fluid Attacks Essential supports the following frameworks: .NET, .NET Core, Angular, ASP.NET, Bootstrap, Django, Express, FastAPI, Flask, Flutter, Ktor, Laravel, Nest, Next.js, Node.js, React Native, React.js, Spring, Spring Boot and Vue.js. |
Yes. Fluid Attacks Advanced supports all frameworks supported in the Essential plan, as well as the following: Apache Struts, Ember.js, Gatsby, Meteor, Phoenix, Ruby Sinatra, Ruby on Rails, Svelte, Symfony, Tornado, among others.
|
No information available
|
|
DAST
|
Yes. Fluid Attacks scans unauthenticated HTTP endpoints, including headers, DNS records, HTML content, and SSL connections for encryption suites, protocols, and X509 certificates.
|
Yes. Fluid Attacks Advanced's capability is equal to that of the Essential plan.
|
No
|
|
IAST
|
No
|
No
|
No
|
|
SCA
|
Yes. Fluid Attacks Essential supports the following package managers: Cargo, Composer, Conan, Docker Images, GitHub Actions, Go, Gradle, Hex, Maven, NPM, NuGet, pNPM, pip, Poetry, Pub, RubyGems, SBT, SwiftPM and Yarn.
|
Yes. Fluid Attacks Advanced's capability is equal to that of the Essential plan.
|
Yes. No information available about the package managers Apiiro supports.
|
| Secrets |
Yes. Fluid Attacks Essential detects secrets in API keys, AWS credentials, database connection passwords, express-session secrets, hardcoded emails (in security-related contexts), hardcoded environment variables (e.g., api_key, password, secret), hardcoded secrets in cryptographic calls, JWT, private keys, RSA keys, salts, SSH keys, symmetric keys, initialization vectors, SonarQube tokens and passwords (in identifiable fields).
|
Yes. Fluid Attacks Advanced's capability is equal to that of the Essential plan, with the addition of manual reviews to verify other attack vectors and the exploitability of secrets.
|
Yes. No information available about the kind(s) of secrets Apiiro detects.
|
|
Containers
|
Yes. Fluid Attacks Essential scans containers based on the following distributions: Alpine, Arch, Debian, and RedHat.
|
Yes. Fluid Attacks Advanced's capability is equal to that of the Essential plan.
|
No
|
| PTaaS |
No
|
No | |
|
Reverse engineering
|
No
|
No
|
|
|
Secure code review
|
No
|
No
|
|
|
CSPM
|
No
|
||
|
ASPM
|
|||
|
SCM integrations
|
|||
|
Ticketing integrations
|
|
||
|
ChatOps integrations
|
None |
None
|
|
|
IDE integrations
|
It offers the same integrations as the Essential plan.
|
None
|
|
|
CI/CD integrations
|
AWS CodePipeline, Bamboo, CircleCI, GitHub Actions, GitLab CI, Jenkins, TeamCity, Travis CI, and any other CI/CD system that supports Docker
|
It offers the same integrations as the Essential plan.
|
None
|
|
Cloud integrations
|
It offers the same integrations as the Essential plan.
|
||
|
Compliance integrations
|
None
|
None
|
None
|
|
SCA integrations
|
Native scanner (included, no integration needed)
|
|
|
|
SAST integrations
|
Native scanner (included, no integration needed)
|
|
|
|
DAST integrations
|
Native scanner (included, no integration needed)
|
|
|
| IAST integrations |
None
|
None
|
None |
|
Secrets integrations
|
Native scanner (included, no integration needed)
|
|
|
|
Container integrations
|
Native scanner (included, no integration needed)
|
|
|
|
CSPM integrations
|
Native scanner (included, no integration needed)
|
Its capability is equal to that of the Essential plan.
|
|
|
Compliance
|
Fluid Attacks Essential validates some requirements based on these standards and guidelines: Agile Alliance, BSIMM, BIZEC-APP, BSAFSS, CAPEC™, CASA, C2M2, CCPA, CERT-C, CERT-J, CIS, CMMC, CPRA, CWE™, CWE TOP 25, ePrivacy Directive, FACTA, FCRA, FedRAMP, FERPA, FISMA, GDPR, GLBA, HIPAA, HITRUST CSF, ISA/IEC 62443, ISO/IEC 27001, ISO/IEC 27002, ISSAF, LGPD, MITRE ATT&CK®, MISRA-C, MVSP, NERC CIP, NIST 800-53, NIST 800-63B, NIST 800-115, NIST 800-171, NIST CSF, NIST SSDF, NYDFS, NY SHIELD Act, OSSTMM3, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, OWASP-M TOP 10, OWASP SAMM, OWASP SCP, OWASP Top 10 Privacy Risks, OWASP TOP 10, PA-DSS, PCI DSS, PDPA, PDPO, POPIA, PTES, Resolution SB 2021 2126, SANS 25, SIG Core, SIG Lite, SOC2®, SWIFT CSCF, WASC and WASSEC.
|
Fluid Attacks Advanced validates all the requirements according to the same standards and guidelines as the Essential plan.
|
|
| Certifications or attestations | It is covered by the same certifications and attestations as the Essential plan. | ISO/IEC 27001 and SOC 2 Type II | |
|
Marketplaces
|
It is available in the same marketplace as the Essential plan. | AWS, GCP and GitHub | |
|
Fast and automatic
|
|||
|
Remediation
|
Fluid Attacks Essential provides detailed documentation on fixes and features both on its platform and in its VS Code extension, which uses generative AI to offer custom step-by-step correction guidance. Additionally, its extension leverages gen AI to offer automated fixes capabilities.
|
In addition to the Essential plan features, Fluid Attacks Advanced offers the option of "Talk to a hacker" in which its experts help clients understand the most challenging vulnerabilities, which helps as a basis to figure out remediation.
|
Apiiro offers documentation on fixes and remediation guidance for security vulnerabilities.
|
|
CI/CD security
|
Fluid Attacks Essential can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build).
|
Fluid Attacks Advanced's capability is equal to that of the Essential plan.
|
No
|
|
Vulnerability detection method
|
Hybrid (automated tools + AI + human intelligence)
|
Automated tools and AI
|
|
|
Vulnerability chaining
|
No
|
By combining vulnerabilities A and B, Fluid Attacks Advanced discovers a new, higher impact vulnerability C.
|
No
|
|
Delivery of evidence
|
Fluid Attacks Essential's evidence is delivered in (a) PDF executive reports, (b) XLSX technical reports, (c) code pieces and (d) graphs and metrics of the system's security status.
|
Fluid Attacks Advanced delivers all the types of evidence mentioned in the Essential plan, and additionally, (a) video recordings of the attack and (b) screenshots with explanatory annotations.
|
Apiiro's evidence is delivered in (a) PDF reports and (b) graphs and metrics of the system's security status.
|
|
Exploitation
|
No
|
No
|
|
|
Zero-day vulnerabilities
|
No
|
Fluid Attacks Advanced's security researchers search for zero-day vulnerabilities in open-source software.
|
No
|
|
AI/ML triage
|
No
|
Using artificial intelligence (AI), Fluid Attacks Advanced prioritizes potentially vulnerable files for assessment. Its AI is specially trained by machine learning (ML) with thousands of snippets of vulnerable code.
|
|
|
Deployment
|
Same as the Essential plan
|
||
|
Open source
|
Yes. MPL-2.0 license. Partially equivalent to the paid version.
|
No
|
|
|
Year founded
|
Same as the Essential plan
|
||
|
Number of employees
|
Same as the Essential plan
|
||
|
Other services
|
|||
|
Reputation sites (on a scale of 1 to 10)
|
Between 9.16 and 10.00 based on 31 reviews over 6.3 years from the following three sources: Clutch, Gartner Peer Insights and PeerSpot |
Same as the Essential plan
|
Between 8.14 and 9.62 based on 13 reviews over 2 years from the following six sources: Capterra, G2, GetApp, PeerSpot, Software Advice and TrustRadius
|
|
Status page
|
No
|
||
|
Demo
|
|||
|
Free trial
|
No
|
References were last checked on Oct 23, 2024.
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.