Manage a group's configuration
Manage group information
Group information fields
You can find the information of your company and the group scrolling down the Scope section.
The following are the descriptions of the fields:
- Business registration number: The unique number that identifies your company as an incorporated entity
- Business name: Legal name of your company
- Description: A short and summarized description of the system(s) associated to the group
- Sprint length: If you use sprint as part of your work methodology, this field specifies the number of weeks each sprint lasts for this group
- Start date: The start date of your team's sprint
- Report language: Language in which your organization chooses to get reports (only English and Spanish are available)
- Managed: The current payment configuration of the group (this information is visible to all group members but can only be modified by authorized Fluid Attacks members):
- Managed: The group is using another payment method than a credit card, and this method has already been validated
- Not managed: The group's payment method is credit card
- Under review: Either payment is pending, a payment method's effectiveness is being validated, or a free trial has expired and a paid subscription is required to continue testing (see the notes below to learn how this option affects group access)
- Free trial: The company is enjoying a free trial for which no payment method is required
Notes:
- Filling out business registration number and business name is necessary for generating security testing certificates.
- When a group's value in the Managed field is Under review, group access is blocked for members with the exception of Fluid Attacks staff.
- Changing the Managed field value from Under review to a different value reestablishes group access to members without having to issue any invitations.
Edit group information
Role required: User Manager
If you need to make a change in the group information fields, just modifying the values in any of the fields activates the Continue button, which you should click in order to save changes.
After changes are saved, you and other group members are sent a notification showing the current group information along with how it changed.
Note: The Fluid Attacks staff roles that give the permission to edit these fields are Customer Manager and Admin.Manage a group's information for context
Role required: User, Vulnerability Manager or User ManagerIt is essential to make available information that gives the context of the system(s) for which group was created, both for your team members that are part of the project and for Fluid Attacks' security analysts to read. To find this information, you have to go to the Scope section of the group in question and scroll down to Group context.
Click on Edit to modify the information. You can specify here the system's purpose and whether it is accessible through the Internet, among other helpful details.
Manage disambiguation information for a group
A Fluid Attacks Admin, Architect, Customer Manager, Hacker, Reattacker, Resourcer, or Reviewer role is required.
Fluid Attacks' security analysts may sometimes write necessary clarifications on what should be tested in a group. These are visible only to other security analysts in the Scope section under Disambiguation.
Manage files shared with Fluid Attacks
Role required: User, Vulnerability Manager or User ManagerIn the Scope section of your group, you can upload and download any files that may be useful or necessary for performing manual security testing on the software development project in question. To do this, scroll down to Files.
To upload a file, follow these steps:
- Click on the Add button.
- In the pop-up window, click on the Add file button and choose the file you wish to upload. Its size must not exceed 5GB.
- Provide a description of how the file can be of use.
- Click on Confirm when you are done.
When you have uploaded a file successfully it will be added to the table.
If you want to download or remove a file, you have to click on its name and select the corresponding option in the pop-up window.
Manage group services
A Fluid Attacks Customer Manager or Admin role is required.
The characteristics of the subscription of a group can be managed under Services, in the Scope section. Fluid Attacks customers with access to the group can only view this information.
These are short descriptions of the above fields:
- Subscription type: The Fluid Attacks solution the group is using (currently, clients can subscribe only to the all-in-one solution, Continuous Hacking)
- Service: Whether testing is done with or without access to source code
- White: Fluid Attacks is given access to source code (white-box testing is performed)
- Black: Fluid Attacks is not given access to source code (black-box testing is performed)
- Essential: Security testing is performed with Fluid Attacks' automated tools
- Advanced: Manual security testing is performed by Fluid Attacks' hacking team
If you are Fluid Attacks staff and have the necessary permission, you can modify the service configuration:
- Make the necessary changes and click Continue. This causes a pop-up window to appear.
- Review the changes in the pop-up window. You have to give observations about the change and write the name of the group where the change is being made. If you deactivate Essential or Advanced, you are asked the reason for this downgrade.
- When you verify that everything is correct, click on the Confirm button.
If you deactivate Essential, Advanced is also deactivated, as the latter always uses features of the former.
After changes are made successfully, you and group members that have the Updated services notification enabled receive an email informing the changes made.