Digital certificates for Fluid Attacks are renewed every 30 days in order to minimize leaks.

We use the HSTS policy to ensure that every connection to our domain goes through HTTPS.

We demand all connections to support at least TLSv1.2.

Our platform's database uses TLSv1.2 for the protection of data in transit.

We possess fully dedicated network channels with some of our biggest clients, allowing us to isolate all unwanted traffic. This is particularly useful for running secure dynamic application hacking.

For the rest of our clients, we use fully encrypted VPNs.

Ephemeral environments always include a digital certificate, validated with ACME protocol, and not self-signed.

We maintain an SSL A+ score from SSL Labs. An updated report can be found here.