Fluid Attacks policy on encryption in transit | Fluid Attacks

Encryption in Transit

All our applications and services have industry-standard encryption in transit.

  1. The Fluid Attacks domain uses the latest TLSv1.3 cryptographic protocol for maximum protection of data in transit.

Evidence of TLSv1.3 usage by Fluid Attacks
Image Source: SSLlabs. (2023). SSL Configuration [Screenshot]. Retrieved from SSL Labs

  1. Digital certificates for Fluid Attacks are renewed every 30 days in order to minimize leaks.

  2. We use the HSTS policy to ensure that every connection to our domain goes through HTTPS.

  3. We demand all connections to support at least TLSv1.2.

  4. Our platform's database uses TLSv1.2 for the protection of data in transit.

  5. We possess fully dedicated network channels with some of our biggest clients, allowing us to isolate all unwanted traffic. This is particularly useful for running secure dynamic application hacking.

  6. For the rest of our clients, we use fully encrypted VPNs.

  7. Ephemeral environments always include a digital certificate, validated with ACME protocol, and not self-signed.

  8. We maintain an SSL A+ score from SSL Labs. An updated report can be found here.