NowSecure
How does Fluid Attacks' solution compare to NowSecure's? The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company’s cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.
|
Criteria
|
Fluid Attacks Essential
|
Fluid Attacks Advanced
|
NowSecure
|
|
Accuracy
|
Our SAST tool achieved the best possible result against the OWASP Benchmark: a TPR (True Positive Rate) of 100% and an FPR (False Positive Rate) of 0%.
|
We identify 90% of the evaluated systems' risk exposure. (Accuracy is calculated with the F1 score. Risk exposure is calculated with the formula CVSSF=4^(CVSS-4)).
|
They claim to have a false positive rate of less than 1%, based on feedback from their customers. |
|
Binary SAST
|
Yes. We support APK files.
|
Yes. Its capability is equal to that of the Essential plan.
|
|
|
Languages (Source SAST)
|
Yes. We support the following languages and technologies: Android, C#, CloudFormation, Configuration files, Dart, Docker, Docker Compose, Go, HTML, HTML5, jBASE, Java, JavaScript, Kotlin, Kubernetes, PHP, Python, Razor, Shell Scripting, Storybook, Swift, Terraform, TypeScript and YAML.
|
Yes. We support all languages and technologies supported in the Essential plan, as well as the following: ABAP, ActionScript, Apex, Assembler, ATS, Awk, C, C++, Clean, ClojureScript, Colm, cScript, Dale, Elvish, F#, Falcon, Fish, Fortran, Guile, Hana SQL Script, Haskell, Haxe, Idris, Ion, Janet, JCL, Joker, JScript, JSP, Lisp, Lobster, Natural, Nim, Objective C, Pascal, Perl, PL-SQL, PL1, PL/SQL, PowerScript, PowerShell, Prolog, R, RC, RPG4, Rust, Scala, SQL, SQR, Standard ML, T24, TAL, tcsh, Transact-SQL, VB.NET, VBA, VisualBasic 6, XML, among others.
|
Yes. They perform static analysis of mobile applications and support the following languages and technologies: Kotlin, Swift, Java, Objective C, among others.
|
Frameworks (Source SAST) | Yes. We support the following frameworks: .NET, .NET Core, Angular, ASP.NET, Bootstrap, Django, Express, FastAPI, Flask, Flutter, Ktor, Laravel, Nest, Next.js, Node.js, React Native, React.js, Spring, Spring Boot and Vue.js. | Yes. We support all frameworks supported in the Essential plan, as well as the following: Apache Struts, Ember.js, Gatsby, Meteor, Phoenix, Ruby Sinatra, Ruby on Rails, Svelte, Symfony, Tornado, among others. | No information available |
|
DAST
|
Yes. We scan unauthenticated HTTP endpoints, including headers, DNS records, HTML content, and SSL connections for encryption suites, protocols, and X509 certificates.
|
Yes. Its capability is equal to that of the Essential plan.
|
Yes. They perform dynamic analysis of mobile applications, including their respective SSL connections. They also cover GraphQL API and REST API. |
|
IAST
|
No
|
No
|
Yes. No information available about the languages and technologies they support.
|
|
SCA
|
Yes. We support the following package managers: Cargo, Composer, Conan, Docker Images, GitHub Actions, Go, Gradle, Hex, Maven, NPM, NuGet, pNPM, pip, Poetry, Pub, RubyGems, SBT, SwiftPM and Yarn.
|
Yes. Its capability is equal to that of the Essential plan.
|
Yes. No information available about the package managers they support.
|
PTaaS | No | Yes | Yes. They offer PTaaS and one-shot MPT for mobile applications as add-ons to their product licenses. |
|
Reverse engineering
|
No
|
||
|
Secure code review
|
No
|
No information available
|
|
|
CSPM
|
No
|
||
|
ASPM
|
No
|
||
SCM integrations | It offers the same integrations as the Essential plan. | No | |
Ticketing integrations | It offers the same integrations as the Essential plan. | ||
ChatOps integrations | No | No | Slack |
IDE integrations | It offers the same integration as the Essential plan. | No | |
CI/CD integrations | AWS CodePipeline, Bamboo, CircleCI, GitHub Actions, GitLab CI, Jenkins, TeamCity, Travis CI, and any other CI/CD system that supports Docker | It offers the same integrations as the Essential plan. | |
Cloud Integrations | It offers the same integrations as the Essential plan. | No | |
Compliance integrations | No | No | No |
SCA integrations | Native scanner (included, no integration needed) | Its capability is equal to that of the Essential plan. | |
SAST integrations | Native scanner (included, no integration needed) | Its capability is equal to that of the Essential plan. | |
DAST integrations | Native scanner (included, no integration needed) | Its capability is equal to that of the Essential plan. | No |
IAST integrations | No | No | No |
Secrets integrations | Native scanner (included, no integration needed) | Its capability is equal to that of the Essential plan. | No |
Container integrations | Native scanner (included, no integration needed) | Its capability is equal to that of the Essential plan. | No |
CSPM integrations | Native scanner (included, no integration needed) | Its capability is equal to that of the Essential plan. | No |
|
Compliance
|
We validate some requirements based on these standards and guidelines: Agile Alliance, BSIMM, BIZEC-APP, BSAFSS, CAPEC™, CASA, C2M2, CCPA, CERT-C, CERT-J, CIS, CMMC, CPRA, CWE™, CWE TOP 25, ePrivacy Directive, FACTA, FCRA, FedRAMP, FERPA, FISMA, GDPR, GLBA, HIPAA, HITRUST CSF, ISA/IEC 62443, ISO/IEC 27001, ISO/IEC 27002, ISSAF, LGPD, MITRE ATT&CK, MISRA-C, MVSP, NERC CIP, NIST 800-53, NIST 800-63B, NIST 800-115, NIST 800-171, NIST CSF, NIST SSDF, NYDFS, NY SHIELD Act, OSSTMM3, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, OWASP-M TOP 10, OWASP SAMM, OWASP SCP, OWASP Top 10 Privacy Risks, OWASP TOP 10, PA-DSS, PCI DSS, PDPA, PDPO, POPIA, PTES, Resolution SB 2021 2126, SANS 25, SIG Core, SIG Lite, SOC2®, SWIFT CSCF, WASC and WASSEC.
|
We validate all the requirements according to the same standards and guidelines as the Essential plan.
|
They validate requirements based on these standards and guidelines: ADA MASA, CCPA, CISA BOD 23-01, CMMC, CMMC 2.0, CWE, CWE TOP 25, FFIEC, FISMA, GDPR, HIPAA, ISO/IEC 27001, MITRE ATT&CK, NIAP, NIST 800-53, NIST 800-171, OMB M-22-18, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, OWASP MASTG, OWASP-M TOP 10, OWASP SAMM, OWASP TOP 10, PCI DSS, SOC2, SOX, among others.
|
| Certifications or attestations | SOC 2 Type II and SOC 3 | It is covered by the same certifications and attestations as the Essential plan. | ISO/IEC 27001 and SOC 2 Type II |
Marketplaces | It is available in the same marketplace as the Essential plan. | ||
|
Fast and automatic
|
|||
|
Remediation
|
We provide detailed documentation on fixes and features both on our platform and in our IDE extension, which uses generative AI to offer custom step-by-step correction guidance. Additionally, our IDE extension leverages gen AI to offer automated fixes capabilities.
|
In addition to the Essential plan features, we offer the option of "Talk to a hacker" in which our experts help clients understand how to remediate the most challenging vulnerabilities.
|
They provide detailed documentation on fixes and features on their platform.
|
|
CI/CD security
|
We can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build).
|
Its capability is equal to that of the Essential plan.
|
They can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build). |
|
Vulnerability detection method
|
Hybrid (automated tools + AI + human intelligence)
|
Automated tools + human intelligence as part of their PTaaS or MPT offering
|
|
|
Vulnerability chaining
|
No
|
By combining vulnerabilities A and B, we discover a new, higher impact vulnerability C.
|
No
|
|
Delivery of evidence
|
Our evidence is delivered in (a) PDF executive reports, (b) XLSX technical reports, (c) code pieces and (d) graphs and metrics of the system's security status.
|
We deliver all the types of evidence mentioned in the Essential plan, and additionally, (a) video recordings of the attack and (b) screenshots with explanatory annotations.
|
|
|
Exploitation
|
No
|
We can do exploitation as long as the client provides an available environment.
|
They do exploitation as part of their PTaaS and MPT offering.
|
|
Zero-day vulnerabilities
|
No
|
Our security researchers search for zero-day vulnerabilities in open-source software.
|
No
|
|
AI/ML triage
|
No
|
Using artificial intelligence (AI), we prioritize potentially vulnerable files for assessment. Our AI is specially trained by machine learning (ML) with thousands of snippets of vulnerable code.
|
No |
Deployment | Same as the Essential plan. | SaaS and on-premises | |
Open source | No | ||
Year founded | Same founding year as the Essential plan. | ||
Number of employees | Same number of employees as the Essential plan. | ||
Other services | Focus on both automated and manual offensive testing for applications in development. | Focus on automated offensive testing for mobile applications in development. | |
Reputation sites (On a scale of 1 to 10) | Between 9.16 and 10.00 based on 31 reviews over 6.3 years from the following 3 sources: Clutch, Gartner Peer Insights and PeerSpot. | Same reviews and score as the Essentials plan. | Between 7.99 and 8.81 based on 36 reviews over 4.3 years from the following 5 sources: Capterra, G2, Gartner Peer Insights, PeerSpot and TrustRadius. |
Status page | |||
|
Demo
|
|||
|
Free trial
|
References were last checked on Oct 17, 2024.
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.