We hack your software

Bronze
VERIFIED

We’re an IT security company. We do information security testing, pen-testing, and ethical hacking. What we do is identify and report back to you all security risks that exist within your information technology system. So, we actually show you how hackers can get into your computer systems and commit fraud, compromise your clients’ and your data, steal sensitive information, and generally cause lots of trouble.

Our experts have the highest industry-recognized certifications and we couple their manual review of your applications and infrastructure security with our custom-designed by us specialist software. We operate world-wide with clients on 4 continents.

 
$10,000+
 
Undisclosed
 
50 - 249
 Founded
2001
Show all +
San Francisco, CA
headquarters
  • 795 Folsom Street, 1st floor
    San Francisco, CA 94107
    United States
other locations
  • Calle 7 Sur # 42-70, Forum Building, office 2003
    Medellín, ANT 050022
    Colombia
  • Carrera 11 # 71 – 41 Avenida Chile Building, Office 602
    Bogota 110231
    Colombia

Portfolio

Continuous Hacking

Continuous hacking service aims to detect and report all vulnerabilities and security issues during all software development cycle, our participation during all development period allow us to detect security issues continuously as software version evolve during development cycle, the rigorous inspection carried out by our team allows us to detect all security issues with no false positives and check if issues

were properly repaired before system goes into production phase.

One-Shot Hacking

The One Shot Hacking service aims to detect and report all vulnerabilities and security issues within one specific version of your application. The rigorous inspection carried out by our team allows us to detect all existing security issues with no false positives.

Reviews

Sort by

Cybersecurity Evaluations for Regional Airline

"They’ve even joined us in meetings with senior management." 

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
$200,000 to $999,999
 
Jan. 2018 - Ongoing
Project summary: 

Fluid Attacks performed a security analysis on an airline's apps using ethical hacking practices. They tested both static and dynamic code.

The Reviewer
 
9,000+ Employees
 
Bogota, Colombia
CISO, Regional Airline
 
Verified
The Review
Feedback summary: 

Beyond identifying security risks, Fluid Attacks has delivered lasting knowledge of how the client can guard themselves in the future. They’ve also participated in meetings with management, going beyond their explicit scope.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the chief information security officer (CISO) at a regional airline operating in Latin America and internationally.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

With Fluid, we have executed ethical hacking and security evaluation exercises on our apps for static and dynamic code.

SOLUTION

What was the scope of their involvement?

I’m not sure of the exact technologies they use, as they have their own tools.

What is the team composition?

The team is made up of around five people.

How did you come to work with Fluid Attacks? 

They were recommended to us by other organizations that had worked with them before.

How much have you invested in them?

Around $220,000 USD.

What is the status of this engagement?

We started working with them in May 2018 and will continue working with them until December 2019.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They’ve given us the tools to find resources to take care of certain cybersecurity issues in our company.

How did Fluid Attack perform from a project management standpoint?

They’ve met all deadlines, and we gave them very precise delivery dates. The reports they delivered were also very good—helpful and of great quality.

What did you find most impressive about them?

The accompaniment they have provided is outstanding. They’ve even joined us in meetings with senior management. That has been an important value-add.

Are there any areas they could improve?

I couldn't say anything. We’ve had a great experience with them.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Analysis for Global HR Staffing Firm App

In general, the quality of their work was great.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
Confidential
 
May - June 2019
Project summary: 

Fluid Attacks performed security testing on an app, orchestrating manual analysis with their custom tools and methodology.

The Reviewer
 
11-50 Employees
 
Medellin, Colombia
Operations & Infrastructure Manager, Global HR Staffing Firm
 
Verified
The Review
Feedback summary: 

Fluid Attacks exceeded the security test’s goal. They facilitated a smooth project by providing intelligible reports, strong solutions, and insightful recommendations. The team communicated well and delivered frequent updates. Customers can expect a team with an extensive technical skillset.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the operations and infrastructure manager at a global HR firm.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We hired Fluid Attacks for security testing.

SOLUTION

What was the scope of their involvement?

Fluid Attacks performed security testing on one of our apps. They did manual analysis using their own tools and methodology.

What is the team composition?

We worked with a project manager and a security analyst.

How did you come to work with Fluid Attacks?

Another company referred them.

What is the status of this engagement?

The project was from May–June 2019.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We not only achieved our goal for the security test but exceeded it. Fluid Attacks provided clear reports and excellent solutions and recommendations. In general, the quality of their work was great.

How did Fluid Attacks perform from a project management standpoint?

Fluid Attacks communicated seamlessly. They always updated us on their progress and provided feedback.

What did you find most impressive about them?

My company was very satisfied with their high-quality services. Their team’s strong technical skills and knowledge were reassuring to us.  

Are there any areas they could improve?

There are always things to improve, but their service was just great.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

App Code Analysis for Large Bank

We were very happy with their services, which were exactly what we expected.”

Quality: 
4.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Confidential
 
2019
Project summary: 

Fluid Attacks performed code analysis on an online services web app, monitoring the app for development and code issues. They used various detection and analysis tools.

The Reviewer
 
2,000+ Employees
 
Colombia
Cybersecurity Manager, Large Bank
 
Verified
The Review
Feedback summary: 

Fluid Attacks excelled at managing expectations, revealing areas for improvement and fostering an overall positive customer experience. Their agility complemented their professional management style. Internal stakeholders are eager to renew their contract with Fluid Attacks.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there. 

I’m a cybersecurity manager at a bank.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We hired Fluid Attacks for security analysis services.

SOLUTION

What was the scope of their involvement?

Fluid Attacks did code analysis of our partner company’s online services web app. They checked the app for development and code flaws. The team used different analysis and detection tools.

What is the team composition?

We didn’t have a specific number of developers assigned to the project. Their team didn’t work on our premises.

How did you come to work with Fluid Attacks?

We were looking to perform a deeper analysis to find real improvement proposals and not just false positives.

What is the status of this engagement?

We worked on a yearly contract, which recently ended. We are looking forward to renewing our contract with them.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We were very happy with their services, which were exactly what we expected. Their deep analysis services uncovered areas for improvement. 

How did Fluid Attacks perform from a project management standpoint?

My team was pretty satisfied with their project management; their services were very good.

What did you find most impressive about them?

Their agility was impressive. My team tends to linger on projects, but Fluid Attacks was always agile and pushing us forward.

Are there any areas they could improve?

I think everything was great.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 4.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Vulnerability Testing Services for E-Payments Platform

“They’ve helped us identify security issues that we hadn’t considered before.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
September 2018 - Ongoing
Project summary: 

Fluid Attacks provides continuous security vulnerability testing and ethical hacking services to protect user information. They test new software, coding, and processes for security compliance.

The Reviewer
 
11-50 Employees
 
Medellin, Colombia
Hernan Restrepo
CTO, Payvalida
 
Verified
The Review
Feedback summary: 

Fluid Attacks has uncovered many vulnerabilities and delivered more agile coding, ultimately enabling internal stakeholders to make better-informed decisions. The dedicated team provides actionable insights for improving security. Their vast knowledge supplements continued engagement.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the CTO at Payvalida, an e-payments company. We provide payment system services to companies in Latin America; 70% of our operations are in Colombia, but we also operate in Peru, Ecuador, and Costa Rica.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We manage credit card information, so security services are vital to our business.

SOLUTION

What was the scope of their involvement?

Fluid Attacks provides ongoing ethical hacking services. Every time we make changes to our software, Fluid Attacks ensures that our code and processes correspond to certain security measures and norms. They deploy their own tools and change them according to the project. 

Fluid Attacks has contributed to making our coding more agile. They have also helped us to adopt more standard strategies and processes.

What is the team composition?

I believe three security analysts are working on the project, but the team fluctuates. They’re about to add new analysts to the project.  

How did you come to work with Fluid Attacks?

I’ve been aware of Fluid Attacks since they became a company, and I’ve always liked their methodology and evolution. When my company needed security services, I thought of Fluid Attacks because they are so well-versed in this area.

How much have you invested in them?

My company spends about 8 million Colombian Peso each month (approximately $2,500 USD).

What is the status of this engagement?

We started working with them in September 2018, and our collaboration is continuous.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They’ve helped us identify security issues that we hadn’t considered before. By making our coding more agile, Fluid Attacks has allowed us to detect vulnerabilities earlier and be clearer on the risks we’re taking, all of which helps us to make more informed decisions.

How did Fluid Attacks perform from a project management standpoint?

We haven’t experienced any inconveniences thus far concerning project management. We keep in touch using their vulnerability identification platform. Since Fluid Attacks provides an ongoing service, we don’t have many set deadlines.

What did you find most impressive about them?

They are a very dedicated team. Fluid Attacks is skilled at finding vulnerabilities. They’ve proposed many crucial ideas that guide how we made decisions regarding security.

Are there any areas they could improve?

It is impossible to be perfect at what they do, but they do it very well and are always improving.
 

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Continuous Hacking for Robotic Process Automation Platform

“Their customer support and professionalism are remarkable.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Nov. 2018 - Ongoing
Project summary: 

Fluid Attacks provides continuous ethical hacking to test for vulnerabilities and security issues within a process-automation solution. They deploy coding best practices.

The Reviewer
 
11-50 Employees
 
Medellin, Colombia
Julian Cruz
Development Lead, Technical Process Automation Company
 
Verified
The Review
Feedback summary: 

Fluid Attacks facilitate a smooth process by providing thorough vulnerability reports and technical support. Client-oriented and communicative, the team is readily available to solve problems. They ensure internal stakeholders understand the services they’re receiving and the significance of them.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the development lead at Enterdev, a technology company that develops corporate solutions for process automation. One of our solutions is Agility, a robotic process-automation solution. We have a presence in Mexico, Panama, Salvador, Guatemala, Peru, Colombia, Brazil, and Spain, with more than 22 robots operating in these countries.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

My company needed security vulnerability testing services.

SOLUTION

What was the scope of their involvement?

Fluid Attacks does ethical hacking of our Agility platform. They monitor vulnerabilities within the platform and check coding good practices. The team uses precise reporting tools.

What is the team composition?

We interact with around three individuals, but I know they have a bigger team involved in the project.

How did you come to work with Fluid Attacks?

One of our clients recommended Fluid Attacks. We had actually heard of them before that, as they are well-known in the Medellin market.

How much have you invested in them?

At the moment, we pay a monthly fee of around 3 million Colombian Peso (approximately $940 USD).

What is the status of this engagement?

We started working with them in November 2018, and our engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Fluid Attacks provides detailed vulnerability reports and technical support, so that we have a full overview of their work.

How did Fluid Attacks perform from a project management standpoint?

Project management is great. Communications are prompt, and Fluid Attacks is always available and open to solving any issues.

What did you find most impressive about them?

Their customer support and professionalism are remarkable. They made it very clear to us as the client what services we were investing in and the importance of those services.

Are there any areas they could improve?

We haven’t had any inconveniences so far.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Testing for Regional Bank

“Fluid Attacks presented important findings that we’d never identified in our own security system.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
2019 - Ongoing
Project summary: 

Fluid Attacks does black-box-like security testing to uncover vulnerabilities in an online banking system. They deploy online search tools and other tools of their own.

The Reviewer
 
1,001-10,000 Employees
 
Guatemala City, Guatemala
Carlos Cuellar
Information Security Lead, Banco Industrial-Guatemala
 
Verified
The Review
Feedback summary: 

They have delivered actionable results that internal management is pleased by. Fluid Attacks fosters efficient communication and collaboration. The team is professional, timely, and accessible.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

We are a financial entity with a presence in Salvador, Honduras, and Guatemala. I’m in charge of information security, and I’ve worked for the company for eighteen years.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We hired Fluid Attacks to find cybersecurity vulnerabilities using an approach similar to black-box security testing.

SOLUTION

What was the scope of their involvement?

Fluid Attacks used online search tools and tools of their own to test our online banking system for vulnerabilities.

What is the team composition?

We work with around three team members from Fluid Attacks.

How did you come to work with Fluid Attacks?

They contacted our organization directly, so I did some research on their local clients and working methodology. They had very good references, and we found them to be professional and have excellent norms and procedures. We asked them for a budget, and they came up with an interesting proposal. We decided to start working with them.

How much have you invested in them?

My company has spent $14,000.

What is the status of this engagement?

We started working with them in May 2019, and the work is ongoing. The project should conclude soon.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We’ve had great results. Fluid Attacks presented important findings that we’d never identified in our own security system. Generally speaking, the project went well, and my company’s management is happy with the results.

How did Fluid Attacks perform from a project management standpoint?

Their communication is very efficient and fluid; we use email and WhatsApp. Fluid Attacks also utilizes a cloud tool to share their progress and allow us to follow up.

What did you find most impressive about them?

Their timing, follow-up, and availability set them apart. They are a very professional firm, and I hope to work with them again in the future.

Are there any areas they could improve?

We have a working methodology that is very different from theirs, so we are in the process of finding one that adapts to both.

4.5
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Tests for Regional Bank

“Their recommendations have helped us improve our overall security at a foundational level.”

Quality: 
5.0
Schedule: 
4.5
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
Apr. 2019 - Ongoing
Project summary: 

Fluid Attacks discovers and fixes security vulnerabilities on a financial services website and mobile app. Deliverables include code reading and recognition. They also provide security recommendations.

The Reviewer
 
201-500 Employees
 
Santo Domingo, Dominican Republic
Business Intelligence & Corporate Development Director, Regional Bank
 
Verified
The Review
Feedback summary: 

Fluid Attacks has identified vulnerabilities that internal stakeholders weren’t aware of. They not only resolve these vulnerabilities but also provide actionable insights on overarching security policies and procedures. The team is professional and comes highly recommended. They communicate fluidly.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the director of business intelligence and corporate development at a regional bank.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

External sources indicated that our website and mobile app were vulnerable to attack. My company hired Fluid Attacks to resolve these vulnerabilities.

SOLUTION

What was the scope of their involvement?

Fluid Attacks created a report to show us the vulnerabilities on our website and mobile app. They’re using various software tools to do code reading and recognition.

What is the team composition?

We work with two team members from Fluid Attacks.

How did you come to work with Fluid Attacks?

We belong to an international corporation, and one of our partner firms had worked with Fluid Attacks. We evaluated three suppliers before choosing Fluid Attacks.

How much have you invested with them?

My company has spent $25,000.

What is the status of this engagement?

We began working with them in April 2019, and we’re continuing to work together.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They’ve discovered vulnerabilities that we didn’t know we had. Their recommendations have helped us improve our overall security at a foundational level.

How did Fluid Attacks perform from a project management standpoint?

Communication is fluid. We receive daily updates via WhatsApp, and we also communicate via calls.

What did you find most impressive about them?

Having worked with other vendors, I can confirm that Fluid Attacks is very professional. They provide a comprehensive range of services; they not only find vulnerabilities but also offer insights on our approach to security. Their manner of communicating and working is adaptable and smooth. They have great references.

Are there any areas they could improve?

I don’t have any complaints. If I had to identify something, they could improve their costs.

4.5
Overall Score
  • 4.5 Scheduling
    ON TIME / DEADLINES
  • 4.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Ethical Hacking & Vulnerability Testing for Bank

“I do not see them as a supplier, but as a strategic partner.”

Quality: 
5.0
Schedule: 
4.0
Cost: 
4.0
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
2014 - Ongoing
Project summary: 

Fluid Attacks provides regular ethical hacking tests. They’re also currently testing new tools for vulnerabilities.

The Reviewer
 
1000+ Employees
 
Panama City, Panama
Jaime Berry
Director of Corporate Security, Banistmo
 
Verified
The Review
Feedback summary: 

Fluid Attacks excels at preventing vulnerabilities. The results of their testing spur important internal and external changes. The team is technically adept and professional, facilitating a long-term, collaborative partnership.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m the director of corporate security at Banistmo, a bank and financial services company that is part of the Bancolombia Group. I’m in charge of physical security, monitoring, research, IT, and cybersecurity.  

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We hired Fluid Attacks to provide vulnerability testing.

SOLUTION

What was the scope of their involvement?
Fluid Attacks provides our ethical hacking tests, which upper management requires.

We are also working with Fluid Attacks on an important project that involves the development of several transformational tools. Fluid Attacks is testing all of the innovations for vulnerabilities so that we know these tools will be clean when we launch them.  

What is the team composition?

We have one primary point of contact that we meet with regularly. My team also meets with Fluid Attacks’s general manager once or twice a month.

How did you come to work with Fluid Attacks?

Fluid Attacks already worked with the Bancolombia Group, and the results that they'd achieved inspired us.

How much have you invested in them?

I’m not sure about the project, but yearly ethical hacking tests cost around $70,000–$90,000.

What is the status of this engagement?

We began working with Fluid Attacks in 2014, and the engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Each year, we report the results of Fluid Attacks’s tests and use them to execute changes both internally and externally. Fluid Attacks go above and beyond to prevent vulnerabilities.

How did Fluid Attacks perform from a project management standpoint?

They maintain a close partnership.

What did you find most impressive about them?

I do not see them as a supplier, but as a strategic partner. We’ve continued to engage them because they not only provide services but work closely with us. They also stand out for their professionalism and technical abilities.

Are there any areas they could improve?

I’m not directly managing the project that they're currently working with us on, but I haven’t heard any complaints or negative comments. Everything is going well.

4.0
Overall Score
  • 4.0 Scheduling
    ON TIME / DEADLINES
  • 4.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Application QA Service for Tech Solutions Company

“They are always available and ready to work on anything we need.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Mar. 2018 - Ongoing
Project summary: 

Fluid Attacks provides QA services, checking two Android mobile applications. They analyzed code and the Android application package.

The Reviewer
 
11-50 Employees
 
Bogotá, Colombia
Juan Carlos Restrepo
Technology Analyst, ETN Colombia
 
Verified
The Review
Feedback summary: 

The services provided by Fluid Attacks are excellent, producing effective results. They manage the work smoothly, tracking the developments carefully, and always ensuring that the team is available when required.

A Clutch analyst personally interviewed this client over the phone. Below is an edited transcript.

BACKGROUND

Introduce your business and what you do there.

I’m communications and security analyst at a tech solutions company.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We’d developed mobile applications and we needed to double check security matters before the launch. 

SOLUTION

What was the scope of their involvement?

We had two apps that they worked on. First, they performed a code analysis, examining the static and dynamic codes of the apps. Then, they analyzed the Android application package.

What is the team composition?

I’m not sure how many developers were involved. We were in contact with a project manager.

How did you come to work with Fluid Attacks?

We were searching for companies that could provide us this service. Some were recommended to us, so we evaluated them according to different variables. Our purchase department chose Fluid Attacks after this analysis, as they were the best ranked.

How much have you invested in them?

We’ve spent about 4 million Colombian pesos (approximately $1,300 USD) per month per app, or around 10 million Colombian pesos (approximately $3,200 USD) per month in total.

What is the status of this engagement?

We started working with them in February 2018 and the engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They deliver very effective and professional work, while they are always available and ready to work on anything we need. They’re a very good company to work with.

How did Fluid Attacks perform from a project management standpoint?

They use a project management platform through which we can see the work and any follow up that’s required. We use a measure called Delta, which tracks the amount of code that has been checked.

What did you find most impressive about them?

They have great professionals working with them, and particularly excel at project management and customer service.

Are there any areas they could improve?

We don’t have anything negative to say about them so far.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Penetration Testing for Financial Services Company

"Fluid assigned smart engineers with the expertise, knowledge, and skills to provide excellent, personalized services."

Quality: 
5.0
Schedule: 
4.5
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
Nov. 2016 - Feb. 2017
Project summary: 

Fluid Attacks conducted extensive in-depth penetration and vulnerability testing on all external and internal systems to identify potential weaknesses and develop future hardening procedures.

The Reviewer
 
5,001-10,000 Employees
 
Bogotá, Colombia
Ricardo Herrera Hernández
IT Risk & Cybersecurity Manager, Colpatria Multibanca
 
Verified
The Review
Feedback summary: 

Proficient and experienced in a range of challenging security technologies, Fluid identified deep internal vulnerabilities overlooked by previous vendors. Their proactive, conscientious approach and detailed, articulate reporting were instrumental in developing effective corrective actions.

The client submitted this review online.

BACKGROUND

Please describe your company and your position there.

I am the IT risk and cybersecurity manager at Colpatria Bank, a Scotiabank Group affiliate offering financial services. 

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Fluid Attacks?

We needed to evaluate the state of our IT infrastructure regarding vulnerabilities and configuration and determine necessary hardening procedures. Local regulators also required us to conduct various vulnerability and penetration tests in both black- and white-box scenarios. We engaged Fluid to assess our IT infrastructure, servers, databases, applications, web services, and communication devices.

What were your goals for this project?

After thorough testing, we wanted to present executive and technical reports to our stakeholders and technical leaders in order to discuss all findings and address doubts or observations.

SOLUTION

How did you select this vendor?

Our formal vendor selection process included a comparison of multiple competencies, such as report quality; team certifications as certified ethical hackers (CEH), offensive security certified professionals (OSCP), and certified information systems security professionals; and expertise regarding the project scope, specifically for companies in the financial sector. Fluid's top score on our “capture the flag” test scenario, however, was the most important deciding factor.  

Describe the project in detail.

We immediately established project stages. The first, conducted over the course of about four weeks, was to evaluate the external IT infrastructure and communication services and both mobile and internet-facing applications. The second stage focused on the internal IT infrastructure, applications, and databases. For six weeks, Fluid tested under a variety of scenarios, such as without permissions or users. They also analyzed our wireless networks and several facets of our integration platform, including web services and our communication bus. The last stage consisted of formal report development and summary meetings to explain the findings. 

What was the team composition?

A project manager was responsible for managing the requirements and monitoring potential testing issues. Three engineers experienced and skilled in OSCP and CEH performed all of the testing. 

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Fluid’s tests exposed issues that had gone undiscovered by previous vendors. The vulnerability matrix they produced provided us with a new way to classify weaknesses using the common vulnerability scoring system and allowed us to define and prioritize remediation plans. 

How effective was the workflow between your team and theirs?

Our project manager was attuned to occasional snags throughout the process regarding permissions and incorrect information and maintained fluid communication. We had short weekly progress status meetings to review the process, completed milestones, and any setbacks. 

What did you find most impressive about this company?

Fluid assigned very smart engineers with the expertise, knowledge, and skills to provide excellent, personalized services. They also clearly presented both their findings and their recommendations for remediating the identified vulnerabilities. 

Are there any areas for improvement?

They could have notified us of critical vulnerabilities immediately, rather than waiting to include them in the report. Overall, however, the quality was awesome and we achieved all of our goals. 

5.0
Overall Score Fluid Attacks is one of the preeminent companies in Colombia for penetration testing services.
  • 4.5 Scheduling
    ON TIME / DEADLINES
    Their management is an asset to any project.
  • 4.5 Cost
    Value / within estimates
    Quality and experience are always priority, but Fluid is reasonably priced among local companies.
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer
    Fluid’s experience, quality, skills, and knowledge are absolutely worth referring.
Verification

Clutch verification provides an additional layer of data to help you make the right purchasing decsion of business services. Learn more

Verification Level
Bronze
VERIFIED
Business Entity
Status
Active
Jurisdiction of Formation
Delaware
ID
6390916
Date of Formation
Apr 24, 2017
Last Updated
Apr 18, 2019
Client Reviews
VERIFIED CLIENT REVIEWS
18
OVERALL REVIEW RATING
4.8
Source
Clutch
LAST UPDATED
August 9, 2019