Use the CLI
Know and reproduce the scanner’s OWASP Benchmark results
Fluid Attacks uses the OWASP Benchmark Fluid Attacks is committed to delivering highly accurate security testing results. This means minimizing errors from the automated tools and security analysts involved in the Continuous Hacking solution. To ...
Validate CASA tier 2 requirements
Cloud Application Security Assessment (CASA) requirements are based on the OWASP Application Security Verification Standard (ASVS). Failure to implement them is associated with CWE entries. A software application must meet all 73 CASA requirements, ...
Contribute to enhancing the scanner
Fluid Attacks' scanner is open source, just like the company's other products. You can freely access and examine the source code. While direct code contributions by individuals outside of Fluid Attacks are not currently allowed, the company ...
Exclude findings from scan reports
Fluid Attacks offers the NOFLUID feature to allow you to exclude from reports some specific, potentially insecure lines within your application's source code or infrastructure-as-code (IaC) configurations. This way you can avoid findings that might ...
Understand the scanner output
Fluid Attacks' standalone scanner provides varying levels of detail in its output, depending on the chosen format. This page provides a detailed explanation of each field present in the standalone scanner output. The CLI snippets and CSV files are ...
Run scans locally or in your CI/CD
The Fluid Attacks scanner can be seamlessly integrated into your development workflow, allowing you to perform security scans both locally and within your continuous integration and continuous delivery (CI/CD) pipeline. Run the Fluid Attacks scanner ...
Configure the tests by the standalone scanner
Fluid Attacks' scanner is an AppSec testing tool that scans your source code, infrastructure, and applications, then reports any security vulnerabilities it finds. You can use the scanner in two ways: The scanner is available for use as follows: Paid ...