See where vulnerabilities are and more details | Fluid Attacks Help

See where vulnerabilities are and more details

See a vulnerability summary

The Vulnerabilities section is the first one you see when accessing a group. It presents you first with a summary of what has been detected in the group in terms of quantity of vulnerabilities and the risk exposure they represent. The latter refers to the extent to which the system is vulnerable to successful cyberattacks as measured by Fluid Attacks' CVSSF metric.

See vulnerability summary on the Fluid Attacks platform

The summary gives you this information:
  1. Weaknesses: Number of categories into which detected security issues most likely fall
    1. Open: Number of weaknesses corresponding to vulnerabilities that are present in the system
    2. Closed: Number of weaknesses that were reported in the past but are currently not present in the system
  2. Vulnerabilities: Number of spots in the system where security issues have been detected
    1. Open: Number of vulnerabilities that are present
    2. Closed: Number of vulnerabilities that were reported in the past but are currently not present
    3. Fix with AI: Number of present vulnerabilities that can be fixed with the help of Custom Fix or Autofix
  3. Risk exposure: The sum of the CVSSF scores of all the vulnerabilities that have not been remediated (beneath is the percentage corresponding to the group's share of risk exposure within the organization)
  4. Idea
    A warning icon appears next to the risk exposure value if there are unsolved events in the group (i.e., situations that impede testing). To its side, there is an external link icon that directs to the group's Events section.

See the list of vulnerabilities detected

Warning
Deprecation notice:
  1. Since March 10, weaknesses 011 and 393 are no longer used to report vulnerabilities found with SCA. Instead, when you use a vulnerable software dependency, it is reported to you under the weakness the dependency actually has.
  2. Since April 4, severity information on the platform is exclusively available in CVSS v4.0.
InfoRole required: User, Vulnerability Manager or Group Manager
The Vulnerabilities section first provides you with an overview of all the vulnerabilities detected in your software grouped by the weakness they are categorized in.

View reported types of vulnerabilities on the Fluid Attacks platform

NotesNote: A weakness is a category following Fluid Attacks' classification, whereas a vulnerability is a specific instance of that weakness found in your software.

Know the Vulnerabilities table

InfoRole required: User, Vulnerability Manager or Group Manager

The Vulnerabilities table conveniently groups the vulnerabilities detected in your system by weaknesses and provides general details.

Understand the Vulnerabilities table on the Fluid Attacks platform

The following are short descriptions of what you find for each column:
  1. Weakness: The standardized security weakness best matching the characteristics of the vulnerabilities in your system
  2. Status: Indicates the condition of this weakness, where it is Open if the weakness is present or Closed if the weakness has been remediated
  3. Priority score: The share corresponding to the weakness out of the total priority units accumulated by a group, where priority units comprise (a) the quantitative value corresponding to the qualitative assessment you or your team made of the affected root regarding how critical it is to your software development project; (b) your organization's prioritization policies based on testing technique that found the vulnerability, attack vector, and vulnerability exploitability; (c) the Priority set for individual vulnerabilities when assigned a treatment; and (d) a default score calculated using the Common Vulnerability Scoring System (CVSS) as follows:  (4^(CVSS-4)) / 4.096
  4. Open vulns: The count of vulnerabilities in your system, related to the weakness, that are still present
  5. Severity overview: The number of detected vulnerabilities of each CVSS qualitative severity rating, which groups scores as follows:
    • Low (0.1 - 3.9)
    • Medium (4.0 - 6.9)
    • High (7.0 - 8.9)
    • Critical (9.0 - 10.0)
  6. Last reported: Days since the last vulnerability of this weakness was found (regardless of the current Status)
  7. Age: Days since this weakness was first detected in your system
  8. Release date: Date when the weakness was first reported in your system
  9. Remediation: Percentage of the related reported vulnerabilities remediated by your team
  10. Reattack: Status of reattacks for this weakness ('Pending' if a reattack is due, '-' otherwise)
  11. Treatment: The number of vulnerabilities per assigned treatment
Idea
Customize your view by reordering, showing or hiding columns using the Columns button.
You can expand rows using the downward arrow to view some of the information about the weaknesses stacked, along with some additional bits, like if the weakness is exploitable.

Expand type of vulnerability on the Fluid Attacks platform

Notes
Note: You might see the same weakness listed multiple times. This is due to the grouping together of vulnerabilities that, while pertaining to the same weakness, differ in some aspects in specific attributes (description, recommendations, severity, etc.).

Spot newly reported vulnerabilities

Newly reported weaknesses are highlighted with a New label for seven days in the table, helping you quickly identify them.


Recognize newly reported vulnerabilities on the Fluid Attacks platform

Search the Vulnerabilities table

InfoRole required: User, Vulnerability Manager or Group Manager
The search bar in the Vulnerabilities section lets you quickly find specific information within the table by showing only the rows whose content match your search. It is advisable you search by entering the name of the weakness, repository nickname or vulnerability location (e.g., file name).
Search the vulnerabilities table on the Fluid Attacks platform

Filter the Vulnerabilities table

InfoRole required: User, Vulnerability Manager or Group Manager

You can filter the table to facilitate your search. To access the multiple options, click the filters button (Find the filters button in the Fluid Attacks platform).
Find filters icon in Vulnerabilities on the Fluid Attacks platform
Filters icon
Filter the vulnerabilities table on the Fluid Attacks platform
Select a filter option
Filter vulnerabilities by priority on the Fluid Attacks platform
Select values and apply filter


To clear a filter, click on the X next to it.

Clear filters of the vulnerabilities table on the Fluid Attacks platform

Note on filtersNote: Your filters persist only in the Vulnerabilities section of the group you applied them to.
You can also use a selection of quick filters: OriginStatus, and Severity.

Filter vulnerabilities by severity on the Fluid Attacks platform

Hide and show columns in the Vulnerabilities table

InfoRole required: User, Vulnerability Manager or Group Manager

You can customize the table view by choosing which columns to display. Click the columns button (Find columns button on the Fluid Attacks platform) to open a pop-up window where you can hide or show columns. To quickly find a desired column, you can type its name in this window's search bar. Once you are done customizing, click on Save.

Customize vulnerabilities table on the Fluid Attacks platform

Use the Reset to default button to enable only these recommended columns: Weakness, Status, Priority score, Open vulns, Severity overview, and Last reported.
Note on column preferencesNote: Your preferences for which columns to see persist across Vulnerabilities sections within your groups.

Reorder columns in the Vulnerabilities table

InfoRole required: User, Vulnerability Manager or Group Manager

You can further customize the table view by choosing the column order. Click the columns button (Find columns button on the Fluid Attacks platform) to open a pop-up window where you can drag the column names to rearrange the table. You can click on the X of a corresponding column to hide it. When you are finished, click on Save.

Reorder Vulnerabilities table on the Fluid Attacks platform

Note on column order preferencesNote: Your column order preferences persist across Vulnerabilities sections within your groups.

Generate reports

InfoRole required: Vulnerability Manager or Group Manager

The Generate report option in the Vulnerabilities section allows you to download reports varying in detail. Group Managers additionally have the option to generate security testing certificates. For details on available report types and how to generate them, read Download a report of detected vulnerabilities.

Generate reports on the Fluid Attacks platform

Idea
Remember the feature to access recent downloads!

See where vulnerabilities are located

InfoRole required: User, Vulnerability Manager or Group Manager
In the Vulnerabilities section, when you click on the associated weakness, you then access a set of spaces dedicated to it. The header is visible across the latter, and it informs the group name, the weakness that groups the vulnerabilities, and the amount of time it may take you to remediate one vulnerability.

Understand the vulnerability header on the Fluid Attacks platform

The Vulnerabilities section informs where in your system each vulnerability related to the selected weakness was detected and provides relevant information for its management.
View vulnerabilities locations on the Fluid Attacks platform

These are the descriptions of what you find in the table:
  1. Vulnerability: The found vulnerability, identified by its file path
  2. Notes
    The copy icon in this column allows you to copy the URL of the vulnerability on the platform.
    Idea
    Newly reported vulnerabilities are marked with the New label for seven days.
  3. Specific: The exact lines of code, inputs (e.g., password fields) or ports where the vulnerability was found (thus the repetition of files in Location sometimes)
  4. Origin: Whether the vulnerability is Inherited (present in third-party code) or Injected (present in code owned by your team).
  5. Status: Indicates whether the vulnerability is Open (present) or Closed (no longer present) in the line of code, input or port
  6. Severity (v4.0): The Common Vulnerability Scoring System (CVSS) v4.0 score assigned to the vulnerability
  7. Priority score: The share corresponding to the vulnerability out of the total priority units accumulated by a group, where priority units include (a) the quantitative value corresponding to the qualitative assessment you or your team made of the affected root regarding how critical it is to your software development project, (b) your organization's prioritization policies based on testing technique that found the vulnerability, attack vector, and vulnerability exploitability, and (c) the result of (4^(CVSS-4)) / 4.096
  8. Technique: The security testing technique used to detect the vulnerability, which can be one of these:
    • SAST: Automated static code analysis
    • DAST: Automated dynamic analysis
    • SCA: Automated analysis of third-party dependencies
    • CSPM: Automated analysis of cloud environments
    • SCR: Static code analysis done manually
    • PTaaS: Dynamic analysis done manually
    • RE: Reverse engineering of your system done manually
  9. Treatment: The defined treatment for the vulnerability:
    • Untreated: The vulnerability treatment assignment is due
    • In progress: The remediation of the vulnerability has been assigned to a member of your team
    • Temporarily accepted: The vulnerability is accepted until a defined date
    • Permanently accepted: The vulnerability is accepted indefinitely
    • Verified closed: The reattack evidences the vulnerability is no longer present
  10. Report date: The date and time when the vulnerability was reported
  11. Treatment acceptance: The status of a vulnerability acceptance request, which may be one of the following:
    • Submitted: The initial status of the request while waiting for the decision of a Vulnerability Manager or Group Manager 
    • Approved: The request was approved by a member with any of the above roles 
    • Rejected: The request was denied by a member with any of the above roles
  12. Reattack: Status of reattack requests or outcomes, if applicable, which may be one of the following:
    • Pending: Fluid Attacks is yet to communicate the outcome of the requested reattack
    • On hold: The requested reattack is not possible until your team solves an event impeding testing
    • Verified open: The reattack evidences the vulnerability is still present
    • Verified closed: The reattack evidences the vulnerability is no longer present
  13. Tags: Any tags you or your team have added to identify the vulnerability
  14. Idea
    Type a tag in the search bar to see only vulnerabilities labeled with it. And go to Analytics to see the number of vulnerabilities for each of the tags you or other team members have created.
  15. Zero risk: Whether your organization has flagged the vulnerability as representing no risk to it
  16. Assignees: The individuals assigned to address the vulnerability
To access the options to show, hide, or reorder columns, click the columns (Find columns button on the Fluid Attacks platform) button. This causes a pop-up window to appear. On the left, you can make your selection, and on the right, reorder the enabled columns. Click Save to apply the changes.

Edit Vulnerability table columns on the Fluid Attacks platform

Idea
Use the Reset to default button to enable only these recommended columns: Vulnerability, SpecificStatus, Severity (v3.1/4.0)Priority score, Technique, Treatment, and Report date.
Note on Locations column preferencesNote: Your preferences for which columns to see persist across Vulnerabilities sections within your groups.
A way to quickly find what you are looking for in the table is typing search terms in the search bar. Immediately, only the rows whose content matches your search are shown.

Search vulnerability location on the Fluid Attacks platform

You can limit the information you see on the table by clicking on the filters button (Find the filters button in the Fluid Attacks platform) and using one or more of the available options.
Find filters in Vulnerabilities on the Fluid Attacks platform
Click on the filters button
Filter by Technique on the Fluid Attacks platform
Select a filter option
Apply filters in Locations on the Fluid Attacks platform
Select values and apply filter
You can also use a selection of quick filters: Location, Status, and Origin.

Use quick filters on the Fluid Attacks platform
Idea
The Location filter and quick filter make the table display only the vulnerabilities detected in the target of evaluation (e.g., Git repo, environment URL) whose name you type.

See inside a vulnerability

InfoRole required: User, Vulnerability Manager or Group Manager

You can click on a vulnerability in the Vulnerabilities section to open a pop-up window with a header and multiple tabs: Details, Severity, Code (if applicable), Treatments (if applicable) and Tracking. This window has a unique URL for easy sharing with team members or Fluid Attacks staff, which you can copy by clicking on the link icon. Moreover, for many vulnerabilities, the window offers the How to fix tab and button, both of which trigger the generation of custom remediation guides with artificial intelligence.

The header is visible across the tabs and consists of tags that inform you of the vulnerability's Severity, Origin, Technique and Status information. If the vulnerability is in third-party software, a tag related to reachability is shown. This tag may have one of these values:
  1. Latent: (a) The vulnerability is in a package declared in your code, but (b) the package is not imported.
  2. Potential: (a) The vulnerability is in a package declared in your code, (b) the package is imported by your application's code, but (c) the vulnerability is not necessarily the vulnerable function described in the CVE entry.
  3. Reachable: (a) The vulnerability is in a package declared in your code, (b) the related package is imported by your application's code, and (c) the vulnerability is the vulnerable function described in the CVE entry.

See the details of a specific vulnerability

InfoRole required: User, Vulnerability Manager or Group Manager
The Details tab provides comprehensive information about the state of the selected vulnerability.

View vulnerability details on the Fluid Attacks platform

These are the details shown in this tab:

  • General information:
    • Location: The file path or environment URL
    • Specific LoC/port/input: The specific line of code, port number, or input field affected
    • Report date: The date the vulnerability was reported
    • Closing date: The date it was verified the vulnerability is no longer present or, for another reason, its Status changed from 'Open' to 'Closed'
    • Closing reasons: The reason the vulnerability's Status changed from 'Open' to 'Closed'
    • Commit hash: ID of the commit that created the vulnerability
    • Zero risk: Indicates if the Zero risk treatment has been applied to this finding (your organization requests this treatment if the finding poses no risk)
    • Tags: User-defined tags for identifying the vulnerability
    • Time to detect (days): The days it took to report the vulnerability since the commit that introduced it
    • Code author: Email of the contributor whose commit presents the vulnerability in question
    • Vulnerability description: Fluid Attacks' definition of the vulnerability
  • Reattacks:
    • Reattack status: If applicable, the outcome of the last reattack request (for possible values, see above)
    • Last requested date: The date of the most recent reattack request
    • Requester: The email of the member who requested the last reattack
    • Cycles: The total number of reattack requests for this vulnerability
    • Efficiency: The percentage representing one positive reattack outcome (confirming the vulnerability was fixed) out of all the reattacks carried out
  • Treatments:
    • Current treatment: The currently applied treatment for the vulnerability
    • Assignee: The email of the member assigned to address the vulnerability
    • Treatment date: The date the treatment was applied
    • Treatment expiration date: The expiration date for a Temporarily accepted treatment
    • Changes: The number of times the treatment of that vulnerability has changed
    • Bug tracking system url: URL of the issue in your bug tracking system (BTS) related to this vulnerability
    • Justification: The reason provided for applying the treatment
  • Packages details: (Visible only for vulnerabilities found via SCA)
    • Dependency: The name of the vulnerable package
    • Dependency type: Whether the vulnerable file in your software is directly or indirectly related to the third-party component in question:
      1. Direct: The file in your project explicitly imports and uses the third-party dependency
      2. Transitive: The third-party dependency is required by your direct dependencies, but not directly imported by the file in your project
      3. Undeterminable: For this file, it is impossible by anyone to determine whether the dependency is direct or transitive
    • Advisory ID: The associated Common Vulnerabilities and Exposures (CVE) identifier of the vulnerable version
    • %EPSS: The likelihood of the vulnerability being exploited compared to that of all other known vulnerabilities
    • Stage: The stage(s) in which your project depends on the third-party dependency:
      1. Build: Your file depends on the third-party component only in the software development stage
      2. Run: Your file depends on the third-party component in the live production environment
    • Reachability: Whether the function related to the vulnerability is called by your application's code (see a description of the possible values above)
    • Version status: Whether you are using the dependency in its latest version or a newer one is available (it also indicates the specific used version and the latest one)
    • Affected version: The vulnerable dependency version
    • CPEs: The string following the Common Platform Enumeration (CPE) for identifying the dependency
    • Namespace: Identifier indicating the supplier organization or project for the entry
    • Advisory URLs ([#]): Reference URLs (e.g., URL of the vulnerability advisory)

Learn the severity of a specific vulnerability

InfoRole required: User, Vulnerability Manager or Group Manager

The Severity tab provides detailed information about the CVSS severity score assigned to the specific vulnerability.

Know vulnerability severity on the Fluid Attacks platform

These are the details shown:

  1. Vector CVSS v4.0 string: The values used to derive the score represented textually
  2. Idea
    Click the string to follow the link to the score calculator showing said values.
  3. The calculated severity score and its corresponding qualitative rating
  4. The severity score breakdown showing the values for each metric along with a visual representation of the value
  5. Idea
    Hover over the metric to reveal its definition and the description of its possible values.

See the vulnerable line of code

InfoRole required: User, Vulnerability Manager or Group Manager
The Code tab highlights the vulnerable code snippet and shows the code surrounding it, allowing you to pinpoint the issue directly within your codebase.

View the vulnerable line of code on the Fluid Attacks platform

Edit treatment for a vulnerability

InfoRole required: User, Vulnerability Manager or Group Manager

The Treatments tab allows you to manage the treatment for the vulnerability, as well as manage tags, link to the related issue in a bug tracking system, and priority score. Read about these fields in Assign treatments.

Manage vulnerability treatments on the Fluid Attacks platform

Get a custom guide to fix the vulnerability

InfoRole required: User, Vulnerability Manager or Group Manager
Warning
Always review the accuracy of remediation guides generated with AI.
Notes
AI-generated fix guides are only available for vulnerabilities detected via SAST or SCR.
From the pop-up window, you can immediately get a step-by-step, custom, AI-generated guide to remediate the vulnerability. Simply select the How to fix tab or click the fix button (Fix on the Fluid Attacks platform) and let Fluid Attacks' Custom fix feature create this useful resource for you to plan the remediation of the vulnerability in question. Bear in mind that this feature is not available for some vulnerabilities.
Find fix button on the Fluid Attacks platform
Click the fix button
Fix with AI on the Fluid Attacks platform
Get fixing guide

Get an automatic fix for the vulnerability

InfoRole required: User, Vulnerability Manager or Group Manager
Warning
Always review the accuracy of automatic fix suggestions generated with AI.
Notes
AI-generated fix suggestions are only available for vulnerabilities detected via SAST or SCR.
Automatic fix suggestions are currently only available on VS Code and Cursor using the Fluid Attacks extension. If Fluid Attacks has an automatic fix for the vulnerability, a button labeled Auto-fix appears after you click the How to fix tab or click the fix button (Fix on the Fluid Attacks platform). Clicking on the button enables a pop-up window that displays requirements for using the feature and a link to download the extension.

Get autofix information on the Fluid Attacks platform

See the history of a specific vulnerability

InfoRole required: User, Vulnerability Manager or Group Manager

The Tracking tab allows you to see the management decisions made over a vulnerability over time, including changes in status, treatments, and other relevant details.

See timeline of a vulnerability on the Fluid Attacks platform

InfoRole required: User, Vulnerability Manager or Group Manager
You can easily share the pop-up window for a vulnerability with others, as it has got a unique URL containing the vulnerability ID. To copy the URL, simply click on the copy icon (Copy URL on the Fluid Attacks platform).
Get a vulnerability link on the Fluid Attacks platform
Idea
This feature is also available through the copy icon in the Vulnerability column.

See the description of vulnerabilities

InfoRole required: User, Vulnerability Manager or Group Manager

The Description section provides definitions and relevant characteristics to more clearly understand the issues and possible fixes.

View vulnerability description on the Fluid Attacks platform

Specifically, this section provides the following information:
  1. Description: Fluid Attacks' definition of the weakness in question
  2. Related requirements: The security requirements, according to Fluid Attacks' classification, that may have been violated
  3. Impacts: What an attacker can achieve exploiting the vulnerability
  4. Threat: The attack vector an attacker has to follow and the privileges they require to exploit the vulnerability
  5. Recommendations: Advice for remediating the vulnerability
  6. Do you need help with this vulnerability?: Link to schedule a video meeting to discuss the vulnerability with one of Fluid Attacks' pentesters
  7. Default CVSS v4.0 vector string: The textual representation of the values used to derive the default score for this weakness (below, you see the default severity score and its corresponding qualitative rating)

See the severity of vulnerabilities

Role requirement infoRole required: User, Vulnerability Manager or Group Manager

The Severity section details the values given to vulnerabilities in each of the metrics of the Common Vulnerability Scoring System (CVSS) v4.0. You can hover over the metrics to see their definitions and the descriptions of their possible values.

    View the severity of the type of vulnerability on the Fluid Attacks platform

    See evidence of exploitability

    InfoRole required: User, Vulnerability Manager or Group Manager
    In the Evidence section you may find screenshots of code snippets demonstrating the presence of vulnerabilities and screenshots or videos showing the ethical exploitation of some of those vulnerabilities. You can click on these resources to enlarge them and then download them. Learn more details about this section in Examine the evidence of exploitability.

    See vulnerability evidence on the Fluid Attacks platform

    See the timeline of vulnerabilities

    InfoRole required: User, Vulnerability Manager or Group Manager
    In the Tracking section, you can view vulnerabilities' timeline, detailing cycles which are marked by reattack outcomes and any temporary and permanent acceptance treatments. To see the timeline for a vulnerable line of code, input or port, refer to See the history of a specific vulnerability.

    See the history of a type of vulnerability on the Fluid Attacks platform

    See affected records

    InfoRole required: User, Vulnerability Manager or Group Manager

    The Records section  contains sensitive information gathered by Fluid Attacks' pentesters during ethical vulnerability exploitation. This information is specific to your organization and may include financial details (e.g., account numbers, transactions, credit card numbers), personal data (e.g., phone numbers, contacts, personally identifiable information) and technical information (e.g., roles, keys, access tokens).

    See affected records on the Fluid Attacks platform

    Notes
    The information in this section is stored only here and is exclusively accessible to authenticated users with proper permissions within your group.

    Comment on vulnerabilities

    InfoPlan required: Advanced
    Notes
    The Consulting section is available in the Essential plan in view-only mode.
    InfoRole required: User, Vulnerability Manager or Group Manager

    The Consulting section is a forum-like space for discussions between your team and Fluid Attacks about the vulnerabilities in question. Any member can post a new thread or reply to an existing one. To learn more about this help option, read Comment on Consulting sections.

    Comment on a type of vulnerability on the Fluid Attacks platform

    Notify of a vulnerability

    InfoRole required: Vulnerability Manager or Group Manager

    The Fluid Attacks platform allows you to send an email notification to members informing them of the vulnerabilities still present. To do this, follow these steps:
    1. Access the group where the target vulnerability was detected.

    2. In the Vulnerabilities section, click on the associated weakness.
    3. Select a type of vulnerability on the Fluid Attacks platform

    4. In the Vulnerabilities section, click on the notify button (Find the notify icon on the Fluid Attacks platform).
    5. Notify team members of vulnerabilities on the Fluid Attacks platform

    6. In the pop-up window, confirm the delivery by clicking Notify.
    7. Confirm vulnerability notification on the Fluid Attacks platform

    The notification is then sent to members who have Vulnerability alert enabled.

    Request reattacks

    InfoRole required: User, Vulnerability Manager or Group Manager

    From Fluid Attacks' platform, you can send requests to verify the effectiveness of your code fixes. These retests done by Fluid Attacks are called reattacks. To request them, you have to check the boxes of the vulnerabilities in the Vulnerabilities section, and click on Reattack. Find the entire details about this feature in Verify fixes with reattacks.

    Find the retest option on the Fluid Attacks platform

    InfoRole required: Vulnerability Manager or Group Manager
    Notes
    Members with the User role can assign fix work to themselves and edit the External BTS, Tags and Priority values.
    You can modify vulnerability management decisions from the platform's Vulnerabilities section. To make your modifications, follow these steps:
    1. Go to Vulnerabilities by clicking on a weakness name.

    2. In the table, select the checkbox on the left of the vulnerability that you need to edit.

    3. Click the Edit treatment button.
    4. Edit locations on the Fluid Attacks platform

    5. Make the necessary changes in the form. Treatment and Assignee can only be modified by Vulnerability Managers and Group Managers. (For the descriptions of the fields, read Assign treatments.)
    6. Add new vulnerability tag on the Fluid Attacks platform

    7. Click on Confirm to apply the changes.

    Approve vulnerability acceptance requests

    InfoRole required: Vulnerability Manager or Group Manager

    In the Vulnerabilities section, you can approve the request for a vulnerability to be temporarily or permanently accepted. You do this with the Treatment acceptance option. To learn all the details, read about this topic in Assign treatments.

    Accept vulnerability treatment on the Fluid Attacks platform

    Free trial
    Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.