Authorization
Secure employee termination
This document details the protocol Fluid Attacks follows each time a talent leaves the company. High-level process The administrative team preps termination paperwork for cases in which it applies (letter of dismissal, reports, inventory list, among ...
Session management
At Fluid Attacks, session management is pivotal to ensuring the security and authentication of users across our products. We employ JSON Web Tokens (JWT) as the mechanism for session management, known for their security, efficiency, and widespread ...
Endpoint
Device Management At Fluid Attacks, in order to protect our clients data we administer our devices with a Mobile Device Management (MDM) tool. This tool enables the following: Comprehensive visibility into macOS security tools, device compliance, ...
Access revocation
When talent take leave for more than three days, go on vacation, or leave the company, it is essential to revoke their access to the information and systems that are available to them. In the first two cases, access is enabled upon their return to ...
Secret rotation
Key rotation is essential when dealing with sensitive data. The best way to prevent key leakage is by changing keys regularly. Our rotation cycles are as follows: KMS keys: every year or earlier if necessary JWT tokens: daily Digital certificates: ...
Authorization for Fluid Attacks staff
Every application we use must have user-granular authorization settings to grant a least privilege policy at all times. Some examples are the following: IAM and KMS: These two tools are widely used within Fluid Attacks. They allow us to ensure that ...
Authorization for clients
Our platform has a set of necessary roles for every hacking project. Once the client decides which members of their team should be project managers, Fluid Attacks assigns them the role, providing them the ability to give the minimum required ...