Manage a group's configuration | Fluid Attacks Help

Manage a group's configuration

Manage group information

Group information fields

You can find the information of your company and the group scrolling down the Scope section.

Find group information fields on the Fluid Attacks platform

The following are the descriptions of the fields:
  • Business registration number: The unique number that identifies your company as an incorporated entity
  • Business name: Legal name of your company
  • Description: A short and summarized description of the system(s) associated to the group
  • Sprint length: If you use sprint as part of your work methodology, this field specifies the number of weeks each sprint lasts for this group
  • Start date: The start date of your team's project
  • Report language: Language in which your organization chooses to get reports (only English and Spanish are available)
  • Managed: The current payment configuration of the group (this information is visible to all group members but can only be modified by authorized Fluid Attacks members):
    • Managed: The group is using another payment method than a credit card, and this method has already been validated
    • Not managed: The group's payment method is credit card
    • Under review: Either payment is pending, a payment method's effectiveness is being validated, or a free trial has expired and a paid subscription is required to continue testing (see the notes below to learn how this option affects group access)
    • Free trial: The company is enjoying a free trial for which no payment method is required
Notes on group information fields
Notes:
  1. Filling out business registration number and business name is necessary for generating security testing certificates.
  2. When a group's value in the Managed field is Under review, group access is blocked for members with the exception of Fluid Attacks staff.
  3. Changing the Managed field value from Under review to a different value reestablishes group access to members without having to issue any invitations.

Edit group information

Role requirement info
Role required: User Manager
If you need to make a change in the group information fields, just modifying the values in any of the fields activates the Continue button, which you should click in order to save changes.

Change group information on the Fluid Attacks platform

After changes are saved, you and other group members are sent a notification showing the current group information along with how it changed.

Note on group information edit permissionsNote: The Fluid Attacks staff roles that give the permission to edit these fields are Customer Manager and Admin.

Manage a group's information for context

Role requirement infoRole required: User, Vulnerability Manager or User Manager
It is essential to make available information that gives the context of the system(s) for which group was created, both for your team members that are part of the project and for Fluid Attacks' security analysts to read. To find this information, you have to go to the Scope section of the group in question and scroll down to Group context.

Edit group context on the Fluid Attacks platform

Click on Edit to modify the information. You can specify here the system's purpose and whether it is accessible through the Internet, among other helpful details.

Manage disambiguation information for a group

Role requirement info
A Fluid Attacks Admin, ArchitectCustomer Manager, Hacker, Reattacker, Resourcer, or Reviewer role is required.
Fluid Attacks' security analysts may sometimes write necessary clarifications on what should be tested in a group. These are visible only to other security analysts in the Scope section under Disambiguation.

Manage disambiguation on the Fluid Attacks platform

Manage files shared with Fluid Attacks

Role requirement infoRole required: User, Vulnerability Manager or User Manager
In the Scope section of your group, you can upload and download any files that may be useful or necessary for performing manual security testing on the software development project in question. To do this, scroll down to Files.

Manage files on the Fluid Attacks platform

To upload a file, follow these steps:

  1. Click on the Add button.
  2. In the pop-up window, click on the Add file button and choose the file you wish to upload. Its size must not exceed 5GB.
  3. Choose a file to upload on the Fluid Attacks platform

  4. Provide a description of how the file can be of use.
  5. Upload a file to the Fluid Attacks platform

  6. Click on Confirm when you are done.

When you have uploaded a file successfully it will be added to the table.

If you want to download or remove a file, you have to click on its name and select the corresponding option in the pop-up window.

Download or remove a file on the Fluid Attacks platform

Warning on deleting environment files
The deletion of application files linked to specific environments is restricted. This prevents these environments from running out of valid files and becoming unmanageable. In cases where you want to delete files, you must delete the entire environment.

Manage group services

Role requirement info
A Fluid Attacks Customer Manager or Admin role is required.
The characteristics of the subscription of a group can be managed under Services, in the Scope section. Some Fluid Attacks members with access to the group can view this information in read-only mode.

Manage group subscription on the Fluid Attacks platform

These are short descriptions of the above fields:
  • Subscription type: The Fluid Attacks solution the group is using (currently, clients can subscribe only to the all-in-one solution, Continuous Hacking)
  • Service: Whether testing is done with or without access to source code
    • White: Fluid Attacks is given access to source code (white-box testing is performed)
    • Black: Fluid Attacks is not given access to source code (black-box testing is performed)
  • Essential: Security testing is performed with Fluid Attacks' automated tools
  • Advanced: Manual security testing is performed by Fluid Attacks' hacking team

If you are Fluid Attacks staff and have the necessary permission, you can modify the service configuration:

  1. Make the necessary changes and click Continue. This causes a pop-up window to appear.
  2. Change group services on the Fluid Attacks platform
    Caution on deactivating the Essential plan
    If you deactivate Essential, Advanced is also deactivated, as the latter always uses features of the former.

  3. Review the changes in the pop-up window. You have to give observations about the change and write the name of the group where the change is being made. If you deactivate Essential or Advanced, you are asked the reason for this downgrade.
  4. Confirm changes to group services on the Fluid Attacks platform

  5. When you verify that everything is correct, click on the Confirm button.

After changes are made successfully, you and group members that have the Updated services notification enabled receive an email informing the changes made.