Notes:
- Filling out business registration number and business name is necessary for generating security testing certificates.
- When a group's value in the Managed field is Under review, group access is blocked for members with the exception of Fluid Attacks staff.
- Changing the Managed field value from Under review to a different value reestablishes group access to members without having to issue any invitations.
Role required: User Manager
If you need to make a change in the
group information fields, just modifying the values in any of the fields activates the
Continue button, which you should click in order to save changes.
After changes are saved, you and other group members are sent a notification showing the current group information along with how it changed.
Manage a group's information for context
Role required: User, Vulnerability Manager or User Manager
It is essential to make available information that gives the context of the system(s) for which group was created, both for your team members that are part of the project and for Fluid Attacks' security analysts to read. To find this information, you have to go to the Scope section of the group in question and scroll down to Group context.
Click on Edit to modify the information. You can specify here the system's purpose and whether it is accessible through the Internet, among other helpful details.
Fluid Attacks' security analysts may sometimes write necessary clarifications on what should be tested in a group. These are visible only to other security analysts in the Scope section under Disambiguation.
Manage files shared with Fluid Attacks
Role required: User, Vulnerability Manager or User Manager
In the Scope section of your group, you can upload and download any files that may be useful or necessary for performing manual security testing on the software development project in question. To do this, scroll down to Files.
To upload a file, follow these steps:
- Click on the Add button.
- In the pop-up window, click on the Add file button and choose the file you wish to upload. Its size must not exceed 5GB.
- Provide a description of how the file can be of use.
- Click on Confirm when you are done.
When you have uploaded a file successfully it will be added to the table.
If you want to download or remove a file, you have to click on its name and select the corresponding option in the pop-up window.
The deletion of application files linked to specific environments is restricted. This prevents these environments from running out of valid files and becoming unmanageable. In cases where you want to delete files, you must delete the entire environment.
Manage group services
The characteristics of the subscription of a group can be managed under Services, in the Scope section. Some Fluid Attacks members with access to the group can view this information in read-only mode.
These are short descriptions of the above fields:
- Subscription type: The Fluid Attacks solution the group is using (currently, clients can subscribe only to the all-in-one solution, Continuous Hacking)
- Service: Whether testing is done with or without access to source code
- White: Fluid Attacks is given access to source code (white-box testing is performed)
- Black: Fluid Attacks is not given access to source code (black-box testing is performed)
- Essential: Security testing is performed with Fluid Attacks' automated tools
- Advanced: Manual security testing is performed by Fluid Attacks' hacking team
If you are Fluid Attacks staff and have the necessary permission, you can modify the service configuration:
- Make the necessary changes and click Continue. This causes a pop-up window to appear.
If you deactivate Essential, Advanced is also deactivated, as the latter always uses features of the former.
- Review the changes in the pop-up window. You have to give observations about the change and write the name of the group where the change is being made. If you deactivate Essential or Advanced, you are asked the reason for this downgrade.
- When you verify that everything is correct, click on the Confirm button.
After changes are made successfully, you and group members that have the Updated services notification enabled receive an email informing the changes made.