Types of authentication used
This section guides you through the different authentication methods available for Fluid Attacks to access your repositories:
OAuth
Available for Azure, Bitbucket, GitHub, and GitLab
Using the OAuth protocol is advised, as it is more secure and simple than the two alternatives.
OAuth (Open Authorization) is an authorization protocol that allows users to grant applications limited access to their resources without directly sharing their credentials. Once authorized, the application receives an access token, which is a string representing the granted permissions. This token allows the application to access the specified resources for a certain period and within the defined scope of permissions, without ever needing the user's credentials.
The following are some key benefits of OAuth:
- Enhanced security: Users do not expose their credentials to third-party applications.
- Granular control: Users can choose which resources to share and revoke access at any time.
- Improved user experience: OAuth provides a simplified authorization process without the need for multiple logins.
Learn to use this option by reading Import repositories fast and safely with OAuth.OAuth is supported for connections as follows:
SSH
SSH (Secure Shell) is a network protocol that provides a secure, encrypted connection to remote devices over the cloud. It is primarily used for remote login and command-line execution but also supports file transfer, port forwarding, and other secure network services. SSH connectivity is established through an authentication process that uses public and private key cryptography.
The following are some key benefits of SSH:
- Strong authentication: SSH typically employs public-key cryptography for authentication, where a user generates a pair of keys: a private key (kept secret) and a public key (shared with the server). This ensures that only someone with the private key can access the server.
- Encryption: All communication over SSH is encrypted, protecting data from eavesdropping and tampering.
- Integrity: SSH includes mechanisms to verify the integrity of transmitted data, ensuring that it has not been modified in transit.
SSH is supported for connections as follows:
| Cloud | Egress IP | Connector |
| ✅ | ✅ | ✅ |
HTTPS
HTTPS (Hypertext Transfer Protocol Secure) is an extension of the Hypertext Transfer Protocol (HTTP) that is used for secure communication over a computer network. HTTPS secures communications by encrypting the communication channel with Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). This encryption ensures that the information transferred between users and the repository is protected against possible threats, guaranteeing the data's confidentiality, integrity, and authenticity, maintaining a reliable and secure collaboration environment.
The following are some key benefits of HTTPS:
- Data encryption: HTTPS prevents eavesdropping and man-in-the-middle attacks.
- Data integrity: HTTPS ensures that the data received has not been altered in transit.
- Website identity verification: HTTPS verifies the identity of the website, protecting against phishing and other fraudulent activities.
Note: While Fluid Attacks also supports the HTTP protocol, using HTTPS is strongly recommended for secure connections and data protection.
HTTPS is supported for connections as follows:
| Cloud | Egress IP | Connector |
| ✅ | ✅ | ✅ |
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.