New Presentation of Vulnerability Info

A few months ago, we referred to a new model that we added to present information about vulnerabilities. In this case, we have improved this presentation by simply adjusting the texts in two columns for your convenience.

 

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Disabling Git Roots

Please pay attention to the following:

From now on, to disable git roots in our Attack Surface Manager, it is necessary that you assume/accept or close/remediate all vulnerabilities associated with those roots. Remember, if you don't do this, you will not be able to disable them.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

New CVSS View

Hi there,

Not everything is vulnerabilities, risk assessment, or reattacks. There is always a place for other improvements.

It is my pleasure to announce the new way to represent the CVSS v3.1 score.

Now every metric of the score is represented by an icon helping to understand each of them.

Please check your vulnerabilities, and if you have any doubt, don't hesitate to contact us.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.


New URL *ACTION REQUIRED*

Our team is continuously working to provide you with a better experience. 

From April 15th, you will be able to access our Attack Surface Manager (formerly called Integrates) through the following URL: http://app.fluidattacks.com/.

We recommend that you bookmark this updated URL for your convenience, as the current URL (https://integrates.fluidattacks.com/) will stop working from the announced date.

Additionally, please be aware that the API's URL will change from integrates.fluidattacks.com/api to http://app.fluidattacks.com/api.

Date Filter

Have data available for making decisions is the dream of any manager. But always, a context is needed. We know that, and that is why in one of our recent deployments, we add a time filter option for these three graphics:

  • Vulnerabilities over the time
  • Mean time to remediate (all vulnerabilities)
  • Mean time to remediate (non treated vulnerabilities)


You can select one of the defined filters:

  • All data
  • Last 90 days
  • Last 30 days

This is useful to evaluate the team effort in specified dates.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.



DevSecOps Agent Token

Security and UX don't always go hand in hand, but it is one of our main goals to keep it together as possible.

A few days ago, we deployed a new DevSecOps agent version that improves its predecessor's stability, performance and usability. This new version comes with some changes to how the agent is going used.

Now, in our ASM scope section (Organization>Groups>GroupName>Scope), you will find DevSecOps Agent Token section. 

Where you can copy required token to execute DevSecOps Agent.

Only group managers could view and copy the token, so if you need to get the token, please contact them.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Vulnerabilities Treatment Edition

Manage vulnerabilities could be confusing and complicated. Our team is committed to easing our customer's processes.

Simplifying treatment management, we add a new tab to the vulnerability details menu, in which you can change vulnerability treatment, define tags, or custom criticality level.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Tracking View

Knowing what happened and when with our vulnerabilities is essential to manage the team's efforts.

You can check whether a vulnerability was discovered, accepted, or closed in the new tracking view.

With this information, you can follow the history of vulnerabilities related to specific findings.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.



About Login Issues 2021-01-28


What happened

  • If a user sign-in with an existent session all cookies are deleted and an unauthorized error is propagated through all user sessions. The bug was injected on 2021/01/27 14:31 (EST).

What we’ve done

What the impact was

  • Users who tried to log in with existent sessions get unauthorized error.

What we are doing to help

  • Check all user sessions to confirm if any user is affected. 

Vulnerabilities Info

Data is the essence of any organization, and more if that data could help you prevent a security incident.

With more data more effective are the efforts to solve a vulnerability. This is why we add new vulnerability info modal to give all data about reported vulnerabilities.

You can click on the vulnerability that you want more information about in the locations table.

If you think that you need more information, let us know, and we will give you.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Show Previous EntriesShow Previous Entries