Authorization
Session management
At Fluid Attacks, session management is pivotal to ensuring the security and authentication of users across our products. We employ JSON Web Tokens (JWT) as the mechanism for session management, known for their security, efficiency, and widespread ...
Endpoint
Requirements for Laptops Device Management At Fluid Attacks, in order to protect our clients data we administer our devices with a Mobile Device Management (MDM) tool. This tool enables us to manage how our devices are being used and harden the ...
Access revocation
When talent go on vacation or leave the company, it is essential to revoke their access to the information and systems that are available to them. At Fluid Attacks, we have a two-step process for access revocation: Deactivating the IAM account: By ...
Secret rotation
Key rotation is essential when dealing with sensitive data. The best way to prevent key leakage is by changing keys regularly. Our rotation cycles are as follows: KMS keys: every year or earlier if necessary JWT tokens: daily Digital certificates: ...
Authorization for Fluid Attacks staff
Every application we use must have user-granular authorization settings to grant a least privilege policy at all times. Some examples are the following: IAM and KMS: These two tools are widely used within Fluid Attacks. They allow us to ensure that ...
Authorization for clients
Our platform has a set of necessary roles for every hacking project. Once the client decides which members of their team should be project managers, Fluid Attacks assigns them the role, providing them the ability to give the minimum required ...