Integrity
Software Artifacts SLSA levels
The SLSA framework helps organizations measure the level of assurance that the Software Artifacts they produce actually contain and use what they intended (integrity), by ensuring that the whole build and release process, and all of the involved ...
Static website
Our website is a static website, meaning that it only serves plain HTML files. As it does not have any complex functionality that would require an application server, it cannot be hacked. Requirements 176. Restrict system objects 266. Disable ...
Awareness
Description The idea of this program is to keep our team members aware of the most common cyber risks, and the actions that can be taken to protect all type of data. As part of the awareness program, Fluid Attacks has selected EasyLlama. It has a ...
Monitoring
General For general monitoring process we use different types of tools and services that help us to be aware of issues in our stack. We monitor AWS infrastructure with CloudWatch. For management purposes on AWS accounts, we register events related to ...
Developing for integrity
This section describes everything we do in our development cycle to reach a high integrity level. Monorepo We have a Git repository for all our applications. By taking this approach instead of dividing applications into smaller repositories, we ...
Secure emails
The Fluid Attacks domain has DKIM and SPF protocols enabled. Additionally, it has the DMARCv1 protocol enabled in verbose mode for the running of advanced diagnostics. These protocols help email recipients verify if an email comes from a trusted ...
Extensive hiring process
All job applicants must undergo an extensive testing process to prove their technical capabilities and human values. The technical part of the testing process involves solving programming and hacking challenges, uploading them to a Git repository ...
Certified hackers
We continuously encourage our hackers to certify their knowledge. Usually, hackers start applying for certificates after having worked in the company for six months. Here you can find a comprehensive list of certifications that our team of hackers ...
Certified cloud provider
Our main cloud provider has several certifications from ISO and CSA (Cloud Security Alliance). Many of these certifications are focused on granting that the entity follows best practices regarding secure cloud-based environments and information ...