We hack your software

We’re an IT security company. We do information security testing, pen-testing, and ethical hacking. What we do is identify and report back to you all security risks that exist within your information technology system. So, we actually show you how hackers can get into your computer systems and commit fraud, compromise your clients’ and your data, steal sensitive information, and generally cause lots of trouble.

Our experts have the highest industry-recognized certifications and we couple their manual review of your applications and infrastructure security with our custom-designed by us specialist software. We operate world-wide with clients on 4 continents.

 
$10,000+
 
Undisclosed
 
10 - 49
 Founded
2001
Show all +
San Francisco, CA
headquarters
  • 795 Folsom Street, 1st floor
    San Francisco, CA 94107
    United States
other locations
  • Calle 7 Sur # 42-70, Forum Building, office 2003
    Medellín, ANT 050022
    Colombia
  • Carrera 11 # 71 – 41 Avenida Chile Building, Office 602
    Bogota 110231
    Colombia

Portfolio

Continuous Hacking

Continuous hacking service aims to detect and report all vulnerabilities and security issues during all software development cycle, our participation during all development period allow us to detect security issues continuously as software version evolve during development cycle, the rigorous inspection carried out by our team allows us to detect all security issues with no false positives and check if issues were properly repaired before system goes into production phase.

One-Shot Hacking

The One Shot Hacking service aims to detect and report all vulnerabilities and security issues within one specific version of your application. The rigorous inspection carried out by our team allows us to detect all existing security issues with no false positives.

Reviews

Sort by

Application QA Service for Tech Solutions Company

“They are always available and ready to work on anything we need.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Less than $10,000
 
Mar. 2018 - Ongoing
Project summary: 

Fluid Attacks provides QA services, checking two Android mobile applications. They analyzed code and the Android application package.

The Reviewer
 
11-50 Employees
 
Bogotá, Colombia
Juan Carlos Restrepo
Technology Analyst, ETN Colombia
 
Verified
The Review
Feedback summary: 

The services provided by Fluid Attacks are excellent, producing effective results. They manage the work smoothly, tracking the developments carefully, and always ensuring that the team is available when required.

BACKGROUND

Introduce your business and what you do there.

I’m communications and security analyst at a tech solutions company.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We’d developed mobile applications and we needed to double check security matters before the launch. 

SOLUTION

What was the scope of their involvement?

We had two apps that they worked on. First, they performed a code analysis, examining the static and dynamic codes of the apps. Then, they analyzed the Android application package.

What is the team composition?

I’m not sure how many developers were involved. We were in contact with a project manager.

How did you come to work with Fluid Attacks?

We were searching for companies that could provide us this service. Some were recommended to us, so we evaluated them according to different variables. Our purchase department chose Fluid Attacks after this analysis, as they were the best ranked.

How much have you invested in them?

We’ve spent about 4 million Colombian pesos (approximately $1,300 USD) per month per app, or around 10 million Colombian pesos (approximately $3,200 USD) per month in total.

What is the status of this engagement?

We started working with them in February 2018 and the engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They deliver very effective and professional work, while they are always available and ready to work on anything we need. They’re a very good company to work with.

How did Fluid Attacks perform from a project management standpoint?

They use a project management platform through which we can see the work and any follow up that’s required. We use a measure called Delta, which tracks the amount of code that has been checked.

What did you find most impressive about them?

They have great professionals working with them, and particularly excel at project management and customer service.

Are there any areas they could improve?

We don’t have anything negative to say about them so far.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Penetration Testing for Financial Services Company

"Fluid assigned smart engineers with the expertise, knowledge, and skills to provide excellent, personalized services."

Quality: 
5.0
Schedule: 
4.5
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
Nov. 2016 - Feb. 2017
Project summary: 

Fluid Attacks conducted extensive in-depth penetration and vulnerability testing on all external and internal systems to identify potential weaknesses and develop future hardening procedures.

The Reviewer
 
5,001-10,000 Employees
 
Bogotá, Colombia
Ricardo Herrera Hernández
IT Risk & Cybersecurity Manager, Colpatria Multibanca
 
Verified
The Review
Feedback summary: 

Proficient and experienced in a range of challenging security technologies, Fluid identified deep internal vulnerabilities overlooked by previous vendors. Their proactive, conscientious approach and detailed, articulate reporting were instrumental in developing effective corrective actions.

BACKGROUND

Please describe your company and your position there.

I am the IT risk and cybersecurity manager at Colpatria Bank, a Scotiabank Group affiliate offering financial services. 

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire Fluid Attacks?

We needed to evaluate the state of our IT infrastructure regarding vulnerabilities and configuration and determine necessary hardening procedures. Local regulators also required us to conduct various vulnerability and penetration tests in both black- and white-box scenarios. We engaged Fluid to assess our IT infrastructure, servers, databases, applications, web services, and communication devices.

What were your goals for this project?

After thorough testing, we wanted to present executive and technical reports to our stakeholders and technical leaders in order to discuss all findings and address doubts or observations.

SOLUTION

How did you select this vendor?

Our formal vendor selection process included a comparison of multiple competencies, such as report quality; team certifications as certified ethical hackers (CEH), offensive security certified professionals (OSCP), and certified information systems security professionals; and expertise regarding the project scope, specifically for companies in the financial sector. Fluid's top score on our “capture the flag” test scenario, however, was the most important deciding factor.  

Describe the project in detail.

We immediately established project stages. The first, conducted over the course of about four weeks, was to evaluate the external IT infrastructure and communication services and both mobile and internet-facing applications. The second stage focused on the internal IT infrastructure, applications, and databases. For six weeks, Fluid tested under a variety of scenarios, such as without permissions or users. They also analyzed our wireless networks and several facets of our integration platform, including web services and our communication bus. The last stage consisted of formal report development and summary meetings to explain the findings. 

What was the team composition?

A project manager was responsible for managing the requirements and monitoring potential testing issues. Three engineers experienced and skilled in OSCP and CEH performed all of the testing. 

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Fluid’s tests exposed issues that had gone undiscovered by previous vendors. The vulnerability matrix they produced provided us with a new way to classify weaknesses using the common vulnerability scoring system and allowed us to define and prioritize remediation plans. 

How effective was the workflow between your team and theirs?

Our project manager was attuned to occasional snags throughout the process regarding permissions and incorrect information and maintained fluid communication. We had short weekly progress status meetings to review the process, completed milestones, and any setbacks. 

What did you find most impressive about this company?

Fluid assigned very smart engineers with the expertise, knowledge, and skills to provide excellent, personalized services. They also clearly presented both their findings and their recommendations for remediating the identified vulnerabilities. 

Are there any areas for improvement?

They could have notified us of critical vulnerabilities immediately, rather than waiting to include them in the report. Overall, however, the quality was awesome and we achieved all of our goals. 

5.0
Overall Score Fluid Attacks is one of the preeminent companies in Colombia for penetration testing services.
  • 4.5 Scheduling
    ON TIME / DEADLINES
    Their management is an asset to any project.
  • 4.5 Cost
    Value / within estimates
    Quality and experience are always priority, but Fluid is reasonably priced among local companies.
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer
    Fluid’s experience, quality, skills, and knowledge are absolutely worth referring.

Penetration Testing for Floral Service Platform

"Fluid Attacks has done an amazing job identifying holes in our security that we never knew about."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
July 2017 - Ongoing
Project summary: 

Fluid Attacks performs black-box and white-box testing for a SaaS platform, attempting to penetrate the system externally and identify holes internally.

The Reviewer
 
11-50 Employees
 
Miami, Florida
Alejandro Pérez
CEO, Komet Sales
 
Verified
The Review
Feedback summary: 

Fluid Attacks has already reviewed 10% of the platform's source code and identified 40 vulnerabilities in the system. When communication was being stifled by technical difficulties, the team worked hard to fix the problem. Their expertise and responsiveness make them a valuable partner.

BACKGROUND

Introduce your business and what you do there.

I'm the CEO of Komet Sales, a service platform that focuses on the flower industry.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We're not experts at security. As the platform grew, we decided to take a proactive approach and hire specialists to identify any holes.

SOLUTION

What was the scope of their involvement?

Fluid Attacks provides us with two services: black-box testing and white-box testing. For the black-box testing, they have a team of hackers try to penetrate our system. They try to hack it from the outside to see if they can penetrate the infrastructure within the actual application. We will give them a username and password to go in and find any vulnerabilities. For the white box-testing, we gave them access to our source code. They look to see if there are security risks or vulnerabilities that are open in the source code. Per our contract, they check for 10,000–15,000 deltas in the source code on a monthly basis.

They also occasionally invite us to attend a breakfast meeting. They allow us to bring 10 people from our team to listen to them talk about various security hazards or best practices. We’ve attended talks on topics such as continuous integration and continuous deployment.

What is the team composition?

I have no idea. It's all remote, so I've only met a handful of people in the company. Most of the time I don't know if we're interacting with one person or multiple people.

How did you come to work with Fluid Attacks?

I started by doing some online research. I went to their website and filled out the contact form. It turns out that they’re based in Medellín, Colombia, which is where I live. I decided to go with them because I felt they had a strong value proposition.

How much have you invested with them?

We spend $1,700 per month.

What is the status of this engagement?

We started working together just over a year ago, and the engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We have 1.2 million lines of code. They’ve only checked about 10% of the code to date, partly because we continue to add new code. So they’re making good progress, but it's going to take us a while to catch up. They’ve found 40 vulnerabilities in the system, and we've fixed 12% of those. We currently have 552 open vulnerabilities in a total of 36 findings.

How did Fluid Attacks perform from a project management standpoint?

Most of our interactions take place through their client portal. When they find a vulnerability, I'll get an email from the portal letting me know. We create a ticket on our internal system just to keep track of the work that needs to be done. Once we finalize the fix and roll it out to production, we go into the portal to let them know. Then they change the status in the portal to pending review. They'll look at our code and test it again to see if we actually fixed the vulnerability. Once they test it and it's okay, they'll mark the issue as closed in the portal.

What's cool is that if my team has a question, we can also post a question to their team in the portal. They provide us with really good advice and suggestions for solutions we hadn’t thought of yet. Their response times are pretty fast, which is really important to me.

What did you find most impressive about them?

Fluid Attacks has done an amazing job of identifying holes in our security that we never knew about. We just weren't aware of so many potential issues. They're able to come in and tell us what we need to do in order to protect our platform. They add a lot of value by making sure that we have everything in place. I plan to engage with for as long they continue adding value.

Historically, penetration testing used to be expensive. I really like that Fluid Attacks charges a monthly fee based on the volume of your source code. Security is one of those things you have to pay no matter what, and with them we have an expert vendor that really takes care of us.

Are there any areas they could improve?

The portal was our biggest area of concern when we first started working together. I regularly called the owner to complain, but to also offer suggestions of how they could make it better. At one point I said, “If you really want us to work with you, you need to make it efficient.” I gave them a lot of feedback on features we wanted to see in the portal. They ended up putting a lot of resources into it, and now it’s great.

Any advice for potential customers?

My advice is to be very straightforward. If you know that there’s an existing issue, it's better to tell them upfront. Likewise, let them know if you’d like them to focus on a particular area. We’d put a lot of resources into our API but we figured there was probably a lot of holes in it. We let them know so that they could work on fixing that part first.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer
    I’ve already recommended them.

Ethical Hacking & Testing for Food Production & Energy Company

"[They] always delivered what we asked for."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
2015 - 2017
Project summary: 

Fluid Attacks provides ethical hacking and security testing services, working on a variety of projects for different companies within a group.

The Reviewer
 
5,000-10,000 Employees
 
Bogotá, Colombia
 
Verified
The Review
Feedback summary: 

Their services always produced excellent results, with the team meeting the need and expectation. They communicated effectively at all times and were flexible throughout the project, ensuring the met deadlines promptly.

BACKGROUND

Introduce your business and what you do there.

I'm the manager of IT auditing at Grupo Manuelita.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We needed ethical hacking and security testing.

SOLUTION

What was the scope of their involvement?

We've had different projects with them—about eight to 10— among the seven companies in our group. I know they use their own tools but I'm not aware of the exact technologies they used for the ethical hacking and security testing.

What is the team composition?

Every project has a different team, but there are normally around three people involved.

How did you come to work with Fluid Attacks?

They were recommended to us by someone from a large bank who had previously worked with them. We contacted them and after comparing them with other companies, we chose them mainly for their credentials and expertise.

How much have you invested in them?

Around 30 million Colombian Pesos (approximately $10,000 USD) per project.

What is the status of this engagement?

We started working with them in 2015 and had our final project with them last year.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They provided very good results and always delivered what we asked for.

How did Fluid Attack perform from a project management standpoint?

I communicated with them with email—they always deliver the progress of the projects by email. We also spoke by phone and there was never any problem. It was always fluid and they were always available.

What did you find most impressive about them?

They were always very flexible and available, which is something I found valuable. Often things don't go as expected, but they never had a problem adapting for us.

Are there any areas they could improve?

I don’t have any complaints.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Ethical Hacking for Leading Insurance Company

"They've always delivered."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Confidential
 
2012 - 2018
Project summary: 

Fluid Attacks provides ethical hacking services, working to find and expose gaps in security systems so that they can be fixed.

The Reviewer
 
5,000+
 
Medellin, Colombia
Cybersecurity Analyst, Insurance Company
 
Verified
The Review
Feedback summary: 

Their work always produces results, often finding important issues with the security systems and therefore ensuring that the problem is addressed. They manage the projects very effectively using an in-house platform, while communicating smoothly and reliably.

BACKGROUND

Introduce your business and what you do there.

I'm a security analyst at an insurance company.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We've been working with them for about six years now. They do ethical hacking, which is to attack software in order to validate the security of multiple systems we have internally.

SOLUTION

What was the scope of their involvement?

It’s ethical hacking, which involves a variety of things. Normally they use Linux's operating system and multiple tools for the process, though they also have platforms that they developed themselves.

What is the team composition?

We hire them per service, so it depends on the goals and requirements of each project. For the last one, there were four people working with us.

How did you come to work with Fluid Attacks?

They are the best at what we are looking for where we're based. We have a suppliers evaluation methodology and, depending on our goals, we define which is the best provider for each project.

What is the status of this engagement?

I’ve been working with them since I started with the company six years ago, but the collaboration was already established.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

For every project, they've had findings, some which were very important. That demands that our internal team make improvements to the software.

How did Fluid Attack perform from a project management standpoint?

They've always delivered. Last year they launched their web platform that allows us to see their progress on the project in real time. That means that as they find something we can see it immediately. It's a very user-friendly app, with all the security controls we could ask for. We also have direct communication with them all the time.

What did you find most impressive about them?

Compared to other providers, they are the only ones who have their own platform that allows us to be in direct contact and see the progress of the project. No other company has offered us this service.

Are there any areas they could improve?

We've asked them before to provide us with the solutions to the vulnerabilities they find. We'd like to have a special team for that, but they have said it is not their field; they are just devoted to ethical hacking.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Testing for Major Retail Company

“Their work is valuable because it improves the perception our clients have of our systems.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
2013 - Ongoing
Project summary: 

Fluid Attacks provides ongoing security testing for internal and customer-facing systems and apps using proprietary methods.

The Reviewer
 
1001-10,000 Employees
 
Bogotá, Colombia
Security Analyst, Retail Company
 
Verified
The Review
Feedback summary: 

Fluid Attacks’ efforts strengthened overall data security and boosted customer confidence. Their expertise, reliability, and smooth workflow have led to a long-term engagement.

BACKGROUND

Introduce your business and what you do there.

I work for one of the biggest retail companies in Colombia.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We hired them to check the security of our tools and infrastructure.

SOLUTION

What was the scope of their involvement?

The Fluid Attacks team helps us with hacker ethics requests and cyber vulnerabilities analysis. They have worked with us on development and mobile projects, checking the codes and verifying the security for each of them. Using their methodology, Fluid Attacks found vulnerabilities in our systems that we were not aware of.

What is the team composition?

We’ve worked with 1–5 persons from Fluid Attacks.

How did you come to work with Fluid Attacks?

They are well-known in Colombia for security. We also compared them with other companies through a request for proposals.

How much have you invested in them?

The project cost 100–150 million Colombian pesos (approximately $50,000–$70,000 USD).

What is the status of this engagement?

We’ve been working with them since 2013.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Their work is valuable because it improves the perception our clients have of our systems.

How did Fluid Attacks perform from a project management standpoint?

Their engineers use project management tools to check progress constantly. If anything is missing, they quickly control the quality of the attributes.

What did you find most impressive about them?

They’ve been excellent at delivering everything we have requested.

Are there any areas they could improve?

They could advertise themselves better.

4.5
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 4.5 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Service for IT Security Products Company

"They’re knowledgeable and willing to help the client understand what’s going on."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$200,000 to $999,999
 
2014 - Ongoing
Project summary: 

Chosen for being in the same country as the client, Fluid Attacks provides implementation and other services for a renowned IT security product vendor.

The Reviewer
 
50-100 Employees
 
Medellin, Colombia
Anti-fraud Intelligence Services Lead, Security Products Company
 
Verified
The Review
Feedback summary: 

The end client is so happy with Fluid Attack’s work, that they’ve continued the use of the product and are moving onto the next steps of implementation. Their insight into local industry regulations, punctuality, and proactive approach produce valuable results for everyone involved.

BACKGROUND

Introduce your business and what you do there.

I work at a multinational company that provides IT security products for the financial and retail sectors. We’re part of Dell and have a presence in many countries. I head the team of project managers for the anti-fraud intelligence line in America.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

Part of what we do is sell the products and the services associated with the implementation and operation of these products. We don’t have professional services in every country and have clients that prefer something local. For these situations, we outsource to local providers so that they can serve our clients on our behalf.

SOLUTION

What was the scope of their involvement?

They’ve helped us implement the product on the client’s environment, using several databases and apps to accomplish the task. They also provided consulting services.

We used to have another engineer working with this client, but he was in another country. Since outsourcing the work to Fluid Attacks, our client has been happy and has asked us to continue working this way.

What is the team composition?

We’ve only had two engineers involved in this project.

How did you come to work with Fluid Attacks?

Our client asked for a change, so we started looking for service providers in their country that had experience with IT security. We made an open call and interviewed two companies, evaluating their personnel, experience, and market positioning. Fluid Attacks had the best results.

How much have you invested in them?

I would say we’ve spent around $200,000 to date.

What is the status of this engagement?

We started working with them at the end of 2014 or beginning of 2015. The collaboration is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

The project is made up different phases. The client was satisfied with the first one and asked us to continue with the second phase, mainly due to the quality services Fluid Attacks provided. Being a local vendor, they know the client’s reality and the regulations that apply to them and can offer the best advice in terms of their technology and business needs regarding anti-fraud issues.

Thanks to Fluid Attacks, we’ve been able to tackle both second and third phases with the client. Everything has been delivered on time and with high quality. The results are great.

How did Fluid Attacks perform from a project management standpoint?

We work together in this aspect. Their team handles the tasks and we have someone assigned keeping track of the project, who’s also in touch with the client. Fluid Attack’s engineers are proactive, self-sufficient, and keep us informed on their progress. They’ll also let us know whenever they need something from our side.

What did you find most impressive about them?

They’re knowledgeable and willing to help the client understand what’s going on. Our client is learning a lot and spending less on us, which makes them happier, as clients that depend too much on their providers tend to get frustrated easily. Fluid Attacks has changed that, which is very valuable to us and to the client as well, I believe.

The speed at which they handle all the client’s requirements is also noteworthy. They’re very concerned with delivering everything on time.

Are there any areas they could improve?

The client is slow, which is why we've had to implement the project in different stages. Fluid Attacks and we could’ve been more proactive in motivating the client to work a bit faster.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Testing for Software Solutions Company

“They were extremely thorough about what they were doing.”

Quality: 
5.0
Schedule: 
4.5
Cost: 
4.5
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
2016 - 2017
Project summary: 

Using proprietary tools, Fluid Attacks analyzed the cybersecurity of commercial software and provided detailed reports of their findings and recommendations.

The Reviewer
 
1-10 Employees
 
Dallas, Texas
IT Consultant, cre8software
 
Verified
The Review
Feedback summary: 

Fluid Attacks’ technical expertise and meticulous approach inspired confidence in the final product. They were easy to work with and sent regular updates that helped keep the project on track.

BACKGROUND

Introduce your business and what you do there.

I am an IT consultant.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We were developing a new application for manufacturing and retail companies. As it was commercial software that would be sold to third parties, security was extremely important. We wanted to make sure that it had a low risk for hacking.

SOLUTION

What was the scope of their involvement?

They gave us a full report of the critical issues that had to be corrected to prevent cyber attackers from getting into the software. They used a combination of proprietary and standard methodology to discover retail and non-retail security issues.

What is the team composition?

I was in contact with at least two members of their team.

How did you come to work with Fluid Attacks?

They were recommended to me. Initially, I did some research and checked a couple of references in Colombia. After I visited them, I liked what they had to offer and decided to hire them.

How much have you invested in them?

We spent around $30,000.

What is the status of this engagement?

We worked with them from 2016 until 2017. The work took around nine months.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Their report was beneficial to the company and the software we produced. It gave us more confidence that we could sell the software without having to worry about potential cybersecurity attacks. All those critical discoveries and issues were corrected. On top of that, they also discovered some non-critical issues and gave additional recommendations.

How did Fluid Attacks perform from a project management standpoint?

I found it easy to work with them. After I understood the process, I let them do their job. We used email to communicate and had conference calls to discuss the progress of two or three milestones. Aside from the final technical and managerial report, they also sent weekly reports of their findings.

What did you find most impressive about them?

They were extremely thorough about what they were doing.

Are there any areas they could improve?

They could produce reports that aren’t as technical. It took me a while to understand the technical language, but I got used to it eventually.

5.0
Overall Score Their work made me feel confident that they properly tested the code.
  • 4.5 Scheduling
    ON TIME / DEADLINES
    While they did not meet all of the deadlines, that was sometimes due to my availability. Otherwise, the work progressed normally.
  • 4.5 Cost
    Value / within estimates
    I made some comparisons and found their cost to be adequate.
  • 5.0 Quality
    Service & deliverables
    I really enjoyed working with them and the work they produced.
  • 5.0 NPS
    Willing to refer
    I have already recommended them.

Cybersecurity Consulting for Hospital

"Their team was responsive to our requests and followed up quickly to any issues."

Quality: 
4.5
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Confidential
 
Jan.–Dec. 2016
Project summary: 

Fluid Attacks developed an information security diagnosis and implemented improvement plans for a health management system. As part of this, they provided IT guidance and security training.

The Reviewer
 
1,000 - 2,000 Employees
 
Medellin, Colombia
CTO, Hospital General Medellin
 
Verified
The Review
Feedback summary: 

Thanks to Fluid Attacks efforts, the hospital's management system is now 60% compliant with ISO standards. The team was insightful,  providing clear guidance through dense texts. Their professional demeanor and ability to pinpoint problematic areas were impressive.

BACKGROUND

Introduce your business and what you do there.

I am the technologies manager of a hospital that services the Antioquia and northern Colombia area. We are well known for our excellent client security and quality/risk control. We employee 1,400 care providers and have a systems, applications & products (SAP) platform, for administrative tasks and for health follow up.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We needed help configuring our management system to our government's health security standards.

 

SOLUTION

What was the scope of their involvement?

Fluid Attacks developed an information security diagnosis by comparing our management system with the International Organization for Standardization's (ISO) 27,000 requirements. Their team reviewed all our documents and health records to check for any information-security violations. They evaluated all our violations and developed a report. This resulted in the implementation of ten improvement plans to strive towards our new standards. This included training our IT team on security practices and establishing an information security committee for the hospital. Throughout the project, their specialists gave additional recommendations and consulted us on how to meet our goals.

What is the team composition?

We worked directly with two of their employees.

How did you come to work with Fluid Attacks?

We worked with Fluid Attacks before on a previous project with another service provider. We were comfortable with their work and 

What is the status of this engagement?

We started the project in early 2016 and finished end of that year.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We improved all our IT processes on information security, manual implementation, and security incidents. We developed a better understanding of information security at the hospital. Our compliance with ISO 27,000 went from only 30% to 60%.

How did Fluid Attacks perform from a project management standpoint?

They executed the project well and met all the established deadlines. Their team was responsive to our requests and followed up quickly to any issues.

What did you find most impressive about them?

Their knowledge of information security was excellent. They were experts in their field. During our follow up conversions, they were professional and regimented. Thanks to their organization and aptitude, we were able to meet our goals.

 

4.5
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 4.5 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer

Cybersecurity Testing & App Dev for Latin American Banking Group

"Their work allows us to go into production without any vulnerabilities."

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$50,000 to $199,999
 
2004 - Ongoing
Project summary: 

Fluid performs security testing for company products and it has been for the past 12 years. Their team also developed an app and its infrastructure.

The Reviewer
 
40,000+
 
Medellin, Colombia
Specialized Test Analyst, Regional Banking Group
 
Verified
The Review
Feedback summary: 

Fluid minimizes any errors in the products and can manage several tasks at the same time. They are the best provider compared to their competition and always finish their projects on time.

BACKGROUND

I work at Bancolombia on the certification directorate team as an analyst doing specialized test management, where a part of the team is in charge of the security testing.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid attacks?

They give us a security testing service for source codes, apps, and infrastructure. We execute them in two ways, through specific tests or through a continuous backing.

SOLUTION

What was the scope of their involvement?

Fluid performs mainly manual security tests. They also developed an app for us.

What is the team composition?

I worked with about 12 and 15 testers.

How did you come to work with Fluid attacks?
I started working at the bank eight years ago, and since I started Fluid was already working with us. I am not certain of how they found them, but I did notice that they are the best compared to other providers that offered us the same services, precisely for their methodology and order.

How much have you invested in them?

Every year we invest about 150 to 180 thousand dollars.

What is the status of this engagement?

They started working with the bank around 12 years ago.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Their work allows us to go into production without any vulnerabilities. At the moment I am executing 12 simultaneous tests for different projects with them. They do very important work for us.

How did Fluid attacks perform from a project management standpoint?


They always start and finish on time. If there are any delays, sometimes it is on our end, but on their side their project management is great.

What did you find most impressive about them?


They just developed an app that allows us to have a continuous integration. we have a portal called fluid assert where we constantly see the results of what they do. From the app, we can generate reports and have all the metrics and statistics online. This is a great asset to our team.

Are there any areas they could improve?


I can’t think of anything, they are very good at what they do.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
  • 5.0 Cost
    Value / within estimates
  • 5.0 Quality
    Service & deliverables
  • 5.0 NPS
    Willing to refer