Scope | Fluid Attacks Help

Scope

The scope establishes the boundaries of what is included in security testing. This is particularly important for maintaining a clear service-level agreement (SLA). In the context of Continuous Hacking, the scope encompasses the active repositories and matching environments registered on Fluid Attacks' platform (read more details in Continuous Hacking methodology).

The following environment and code parity analysis serves to define Fluid Attacks' scope and, therefore, what potentially constitutes a false negative (FN) and what is considered added value.
Warning on accuracy SLA
Bear in mind that for Fluid Attacks' accuracy SLA to apply several other criteria must be met.
In and out of scope scenarios by Fluid Attacks

Examples

Below are illustrative (though simplified) examples demonstrating how to identify each scenario.

A. Complete Match

You have written a small Python script, calculator.py, that contains exactly five functions (add, subtract, multiply, divide, and modulo). Inspecting the environment you provided (say, a dedicated microservice container) the following is found:
  1. Only those five functions exist in the environment.
  2. There are no additional scripts, libraries, or utilities included.
Since the environment exactly mirrors your code — no more, no less — this is a Complete Match.

B. Fully Contained

Your calculator.py with five functions is deployed on a large ML platform environment that also includes data manipulation libraries, unrelated scripts, and logging frameworks. The following can be said about the environment:
  1. It does contain your entire calculator.py.
  2. It also has multiple other scripts and libraries not related to your code.
As the entire code is there, but the environment also has "extras," this is a Fully Contained.

C. Partial Match

In the environment you provided, only the add and subtract functions from your calculator.py are present. The other three (multiply, divide, and modulo) are missing. The following can be said about your environment:
  1. Part of the code is included.
  2. It does not contain all five functions.
Because only some of the functions appear, this is a Partial Match.

D. Complete Mismatch

The provided environment is purely a text-processing service. It shares no common functions, structure, or code segments with your calculator.py.

Since none of your code’s functionality is present, this is a Complete Mismatch.

E. No Environment

You provide only your calculator.py code; there is no container, no platform, no hosted environment — no context in which it is deployed.

Since no environment at all is provided, this is a No Environment.