Fluid Attacks maintains rigorous standards for its technical teams. The company conducts a training plan its talent must complete to ensure they have the essential skills in secure coding and application testing. They are required to send their achieved certificates of completion to the relevant staff. Additionally, Fluid Attacks offers a program to foster further professional development.
Pre-entry certification
Pentesters joining Fluid Attacks are required to complete a pre-entry certification to ensure that they meet the technical level demonstrated in the selection process. Fluid Attacks covers the full cost of two certifications related to web or mobile application testing. These certifications are chosen according to the talent's profile and must be obtained within a 45-day period.
Secure code training
At Fluid Attacks, it is mandatory for talent from the development and pentesting teams to complete training on several secure coding practices, thus fostering their capabilities for recognizing and avoiding common vulnerabilities.
Secure code training focuses on teaching individuals how to write code that is not only functional but also secure from different types of cyber threats. The main goal of this training is to ensure that software is developed with security as a key part of it. Also, by learning secure coding practices, individuals can identify vulnerable and noncompliant code more efficiently. Software development projects using this approach reduce their vulnerabilities, enhance their overall security posture, and promote a culture of strong application security.
Fluid Attacks uses the training course
Developing Secure Software (LFD121) by The Linux Foundation, as its content covers important security topics that can be useful in Fluid Attacks' context.
Some of the topics are the following:
- Security basics
- Secure design principles
- Reusing external software
- Input validation
- Processing data securely
- Threat modeling
- Cryptography
Code review training
Fluid Attacks’ pentesters are encouraged to complete code review exercises on different programming languages. The goal with this is to have an in-depth and continuous code review training with real vulnerabilities.
Fluid Attacks has chosen
PentesterLab as our code review training provider. They provide a comprehensive and up-to-date list of exercises that are based on real-world scenarios.
Further training
Additionally, in line with fostering a culture of continuous learning and professional development, all talent has voluntary access to Fluid Attacks'
Certification Hub program. In the latter, they can apply for support to access additional industry-related certifications they are interested in. This helps individuals to pursue specialized knowledge and enhance their expertise beyond the initial training requirements.