Comparison between Fluid Attacks and ImmuniWeb | Fluid Attacks

ImmuniWeb

How does Fluid Attacks' service compare to ImmuniWeb's? The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company’s cybersecurity needs.

Criteria Fluid Attacks Essential Fluid Attacks Advanced ImmuniWeb
Accuracy Our SAST tool achieved the best possible result against the OWASP Benchmark: a TPR (True Positive Rate) of 100% and an FPR (False Positive Rate) of 0%. We identify 90% of the evaluated systems' risk exposure. (Accuracy is calculated with the F1 score. Risk exposure is calculated with the formula CVSSF=4^(CVSS-4).) They offer an SLA of zero false positives. The clients can activate a money-back guarantee if they discover false positives on their own.
Binary SAST No Yes. We support Java Bytecode, x86 ASM and ARM ASM. No
Source SAST Yes. We support the following languages: Bash, Cloudformation, C#, Dart, Go, HTML, Java, JavaScript, Kotlin, PHP, Python, Swift, TypeScript and Terraform. Yes. We support all languages supported in the Essential plan, as well as the following: ABAP, ActionScript, Apex, Assembler, ASP.NET, ATS, Awk, C, C++, Clean, ClojureScript, Colm, cScript, Dale, Dart, Elvish, F#, Falcon, Fish, Fortran, Guile, Hana SQL Script, Haskell, Haxe, Idris, Informix, Ion, Janet, JCL, Joker, JScript, JSP, Lisp, Lobster, Natural, Nim, Objective C, OracleForms, Pascal, Perl, PHP, PL-SQL, PL1, PowerScript, PowerShell, Prolog, R, RC, RPG4, Rust, Scala, SQL, Standard ML, Swift, TAL, tcsh, Transact-SQL, VB.NET, VBA, VisualBasic 6 and XML. No
DAST Yes. We can scan single-page apps (SPA), multi-page apps (MPA), REST API, GraphQL API and gRPC API. Yes. Its capability is equal to that of the Essential plan. Yes. They can scan SPA, REST API, SOAP API and GraphQL API.
IAST No No No
SCA Yes. We support the following package managers: Cargo, Composer, Conan, Docker Images, GitHub Actions, Go, Gradle, Hex, Maven, NPM, NuGet, pNPM, pip, Poetry, Pub, RubyGems, SBT, Swift and Yarn. Yes. Its capability is equal to that of the Essential plan. Yes
Reverse engineering No Yes No
Secure code review No Yes No
Manual penetration testing No Yes Yes
CSPM Yes Yes No
ASPM (previously, ASOC) Yes Yes No
Compliance We validate some requirements based on these standards and guidelines: Agile Alliance, BIZEC-APP, BSAFSS, BSIMM, CAPEC™, CASA, CCPA, CERT-C, CERT-J, C2M2, CMMC, CIS, CPRA, CWE™, CWE TOP 25, ePrivacy Directive, FACTA, FedRAMP, FERPA, FISMA, GDPR, GLBA, HIPAA, HITRUST CSF, ISA/IEC 62443, ISSAF, ISO/IEC 27001, ISO/IEC 27002, LGPD, MISRA-C, MITRE ATT&CK®, MVSP, NERC CIP, NIST 800-53, NIST 800-63B, NIST 800-171, NIST 800-115, NIST CSF, NIST SSDF, NYDFS, NY SHIELD Act, OSSTMM3, OWASP ASVS, OWASP API Security Top 10, OWASP MASVS, OWASP-M TOP 10, OWASP SAMM, OWASP SCP, OWASP Top 10, OWASP Top 10 Privacy Risks, PCI DSS, PDPA, PDPO, POPIA, PTES, Resolution SB 2021 2126, SANS 25, SIG Core, SIG Lite, SOC2®, SWIFT CSCF, WASSEC and WASC. We validate requirements based on these standards and guidelines: Agile Alliance, BIZEC-APP, BSAFSS, BSIMM, CASA, CCPA, CERT-C, CERT-J, CMMC, C2M2, CAPEC™, CIS, CWE™, CWE TOP 25, ePrivacy Directive, FACTA, FCRA, FedRAMP, FERPA, FISMA, GDPR, GLBA, HIPAA, HITRUST CSF, ISA/IEC 62443, ISSAF, ISO/IEC 27001, ISO/IEC 27002, LGPD, MISRA-C, MITRE ATT&CK®, MVSP, NERC CIP, NIST 800-53, NIST 800-63B, NIST 800-115, NIST 800-171, NIST CSF, NIST SSDF, NYDFS, NY SHIELD Act, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, OWASP SCP, OWASP SAMM, OWASP Top 10, OWASP-M Top 10, OWASP Top 10 Privacy Risks, OSSTMM3, PA-DSS, PCI DSS, PDPA, PDPO, POPIA, PTES, Resolution SB 2021 2126, SANS 25, SIG Core, SIG Lite, SOC2®, SWIFT CSCF and WASSEC. They validate the following standards: CCPA, CPRA, PDPA, HIPAA, HITECH, ISO 27001, ISO 27002, NYDFS, FISMA, CMMC, FTCA, GLBA, FCRA, FACTA, OWASP, NIST, PCI DSS, FedRAMP and GDPR.
Own vulnerability knowledge base Through our extensive documentation on known vulnerabilities, our clients have a source of information from which they can learn about vulnerabilities and how to remediate them. Access to our extensive documentation is equal to that in the Essential plan.
Fast and automatic Yes Yes Fast scans performed by automated security testing tools and slower security assessments relying on manual techniques.
Remediation We offer extensive documentation on fixes and functions in our IDE extension that leverage gen AI to get step-by-step remediation guidance and automated fixes. In addition to the Essential plan features, we offer the option of "Talk to a hacker" in which our experts help clients understand how to remediate the most challenging vulnerabilities. Depending on the billed plan, the client can access their security analysts to solve technical questions or vulnerability questions.
CI/CD security We can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build). Offers the same capability as that of the Essential plan. They can break the build.
Vulnerability detection method Automated tools Hybrid (automated tools + AI + human intelligence) Hybrid (automated tools + human intelligence)
Vulnerability chaining No By combining vulnerabilities A and B, we discover a new, higher impact vulnerability C. **_**
Safe exploitation No Yes **_**
Delivery of evidence Our evidence is delivered in (a) PDF executive reports, (b) XLS/PDF technical reports, (c) code pieces and (d) graphs and metrics of the system's security status. We deliver all the types of evidence mentioned in the Essential plan, and additionally, (a) video recordings of the attack and (b) screenshots with explanatory annotations. Their evidence is delivered in (a) PDF reports and (b) XLS files.
Exploitation No We can do exploitation as long as the client provides an available environment. **_**
Zero-day vulnerabilities No Our security researchers search for zero-day vulnerabilities in open-source software. **_**
AI/ML triage No Using artificial intelligence (AI), we prioritize potentially vulnerable files for their assessment. Our AI is specially trained by machine learning (ML) with thousands of snippets of vulnerable code. **_**
Demo Yes Yes Yes
Free trial Yes No Yes

Note on reference review date
References were last checked on April 26, 2023.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.