Supported attack surfaces | Fluid Attacks Help

Supported attack surfaces

Supported

Info
Please note that the following API types are currently available exclusively in our Advanced plan: GraphQL API, gRPC API, REST API and SOAP APIs.
Currently, these are the attack surfaces supported by Fluid Attacks' DAST and PTaaS:
  1. DNS records
  2. GraphQL API
  3. gRPC API
  4. Headers
  5. HTML content
  6. REST API
  7. SSL connections for encryption suites, protocols, and X509 certificates
  8. SOAP APIs
  9. Unauthenticated HTTP endpoints
  10. Webhooks
  11. WebSockets

Unsupported

Fluid Attacks' PTaaS and DAST does not support the following attack surfaces:
  1. Authenticated HTTP endpoints
  2. DOM APIs
  3. OpenAPIs
  4. Postman APIs
  5. Swagger APIs
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.