Confidentiality
No personal gain
Fluid Attacks requires all talent to treat all client information, including vulnerability reports, with the utmost confidentiality and integrity, and to avoid any actions that could compromise the client's security or privacy. This includes ...
Device enrolling and re-enrolling
Fluid Attacks establishes security and monitoring controls over all Fluid Attacks devices, including smartphones, used by employees. Enrolling These are the steps Fluid Attacks follows when it hands devices to employees: The employee's credentials ...
Secure deletion
Laptops When a talent leaves the company, their computer is locked through our MDM (Mobile Device Management) solution on their last day of work. Once we physically manage the device, a secure deletion process is completed as follows: The device is ...
We only hire directly
All our talent have indefinite-term contracts directly with our company. Due to our business nature, we never hire through contractors, freelancers, or any other third party.
Personnel NDA
Everyone within our company knows how important it is to keep our clients' information secure. We enforce this by requiring all our new talent to sign a non-disclosure agreement (NDA). The NDA document can be found here.
Encryption in transit
All our applications and services have industry-standard encryption in transit. The Fluid Attacks domain uses the latest TLSv1.3 cryptographic protocol for maximum protection of data in transit. Image Source: SSLlabs. (2023). SSL Configuration ...
Encryption at rest
All our applications and services have industry-standard encryption at rest. All the sensitive data provided by our clients (repository access keys, VPN credentials, etc.) is encrypted using the symmetric algorithm of our key management system (KMS). ...