Integrity
Training plan
Fluid Attacks maintains rigorous standards for its technical teams. The company conducts a training plan its talent must complete to ensure they have the essential skills in secure coding and application testing. They are required to send their ...
Comprehensive reporting
Fluid Attacks adheres to comprehensive reporting of all identified security vulnerabilities in software, which can be accessed on Fluid Attacks' platform. Furthermore, the Advanced plan offers accuracy SLAs, ensuring a minimum of incorrect alerts and ...
Software Artifacts SLSA levels
The SLSA framework helps organizations measure the level of assurance that the Software Artifacts they produce actually contain and use what they intended (integrity), by ensuring that the whole build and release process, and all of the involved ...
Static website
Our website is a static website, meaning that it only serves plain HTML files. As it does not have any complex functionality that would require an application server, it cannot be hacked. Requirements 176. Restrict system objects 266. Disable ...
Awareness
Description The idea of this program is to keep our team members aware of the most common cyber risks, and the actions that can be taken to protect all type of data. As part of the awareness program, Fluid Attacks has selected EasyLlama. It has a ...
Monitoring
General For general monitoring process we use different types of tools and services that help us to be aware of issues in our stack. We monitor AWS infrastructure with CloudWatch. For management purposes on AWS accounts, we register events related to ...
Developing for integrity
This section describes everything we do in our development cycle to reach a high integrity level. Monorepo We have a Git repository for all our applications. By taking this approach instead of dividing applications into smaller repositories, we ...
Secure emails
The Fluid Attacks domain has DKIM and SPF protocols enabled. Additionally, it has the DMARCv1 protocol enabled in verbose mode for the running of advanced diagnostics. These protocols help email recipients verify if an email comes from a trusted ...
Extensive hiring process
All job applicants must undergo an extensive assessment process to prove their technical capabilities and human values, as well as a security process. The assessment involves the following: A technical interview Pentesting applicants only: A ...
Certified security analysts
We continuously encourage our security analysts to certify their knowledge. Usually, they start applying for certificates after having worked in the company for six months. Here you can find a comprehensive list of certifications that our team of ...
Certified cloud provider
Our main cloud provider has several certifications from ISO and CSA (Cloud Security Alliance). Many of these certifications are focused on granting that the entity follows best practices regarding secure cloud-based environments and information ...
Certification Hub
Definition Certification Hub is a Fluid Attacks program that promotes the professional growth of talent by supporting them in the study of programs related to the roles that they perform. For Fluid Attacks' security analysts, the focus of the ...