Confidentiality
No personal gain
Fluid Attacks requires all talent to treat all client information, including vulnerability reports, with the utmost confidentiality and integrity, and to avoid any actions that could compromise the client's security or privacy. This includes ...
Device enrolling and re-enrolling
Fluid Attacks establishes security and monitoring controls over all Fluid Attacks devices, including smartphones, used by employees. Enrolling These are the steps Fluid Attacks follows when it hands devices to employees: The employee's credentials ...
Secure deletion
Fluid Attacks utilizes AWS cloud infrastructure for data storage. Our secure deletion process for cloud-based information follows AWS's validated secure deletion procedures in compliance with ISO/IEC 27017:2015 and ISO/IEC 27018:2019: Standard ...
We only hire directly
All our talent have indefinite-term contracts directly with our company. Due to our business nature, we never hire through contractors, freelancers, or any other third party. Other confidentiality measures Device enrolling and re-enrolling Direct ...
Personnel NDA
Everyone within our company knows how important it is to keep our clients' information secure. We enforce this by requiring all our new talent to sign a non-disclosure agreement (NDA). The NDA document is publicly available. Other confidentiality ...
Encryption in transit
All our applications and services have industry-standard encryption in transit. The Fluid Attacks domain uses the latest TLSv1.3 cryptographic protocol for maximum protection of data in transit. Image Source: SSLlabs. (2023). SSL Configuration ...
Encryption at rest
All our applications and services have industry-standard encryption at rest. All the sensitive data provided by our clients (repository access keys, VPN credentials, etc.) is encrypted using the symmetric algorithm of our key management system (KMS). ...