Fluid Attacks

Last updated
Fluid Attacks
Company type Private
Industry Application security
Founded2001
Founders
  • Mauricio Gómez (Chief Revenue Officer)
  • Rafael Álvarez (Executive Advisor)
  • David Cardona (former Capacity Manager)
  • Luis Bustamante (former Research and Development Director)
Key people
Vladimir Villa (CEO)
Website fluidattacks.com

Fluid Attacks is an application security (AppSec) company founded in 2001 in Colombia. [1] [2] It specializes in security testing for software development companies through automated tools (SaaS) and penetration testing (PTaaS). [3] [4] [5]

Contents

History

Fluid Attacks was founded in 2001 by Mauricio Gómez, Rafael Álvarez, David Cardona, and Luis Bustamante, initially under the name Fluidsignal. The company began by providing the setup of secure networks, mainly based on Linux. In 2003, they decided to merge with another firm working with Linux, owned by entrepreneur Juan Guillermo Olarte, and changed their name to Fluidsignal Group. [2]

At first, Fluidsignal Group designed, installed, and customized systems. However, in 2008, the team narrowed its offering and focused on providing IT security, including penetration testing and consulting. Shortly thereafter, Fluidsignal Group achieved ISO 9001 and 27001 certifications. Between 2011 and 2012, the group decided to limit its portfolio to penetration testing or ethical hacking only. [2]

In 2014, the company participated in Ruta N's internationalization program. It started developing software for automated security tests and a vulnerability management platform. In 2016, recognizing itself as an offensive security team, the company changed its name to Fluid Attacks. [2] In 2021, Fluid Attacks became an authorized company to assign unique CVE codes to the vulnerabilities it detected (i.e., CVE Numbering Authority, CNA, under the Researcher category). [6]

In 2022, Fluid Attacks's open-source CLI for SAST-type scans [7] was approved as a free tool for validating tier 2 requirements of the Alliance's Cloud Application Security Assessment (CASA) framework. [8] That same year, at Black Hat USA, Fluid Attacks unveiled its open-source tool Makes, which was used to create isolated application environments for continuous integration/continuous deployment (CI/CD). [9] This project, along with Fluid Attacks's core software repository, obtained a gold badge from the Open Source Security Foundation (OpenSSF). [10]

Operations and strategy

Fluid Attacks has been a self-funded company since its inception. [11] It develops tools (e.g., a scanner for SAST, SCA, and DAST) [12] and cybersecurity solutions primarily for industries such as banking, finance, technology, healthcare, and transportation. [1] Fluid Attacks follows the DevSecOps approach, [13] carrying out automatic and manual security tests—the latter to overcome the limitations of automated tools [4] [14] [15] [16] throughout the software development lifecycle. [5]

In 2019, Fluid Attacks began incorporating artificial intelligence into its products and operations. [1] At that time, it developed technology to evaluate repositories and identify which files were most likely to have vulnerabilities, allowing its pentesters to prioritize them for assessment. [17] In 2023, Fluid Attacks started to increase the use of generative AI in its products, especially for the automatic remediation of vulnerable code. [11] [18]

Research and training

Since becoming a CNA, Fluid Attacks submits to the US National Vulnerability Database (NVD). [6]

According to a 2021 article in Business Empresarial, the company has one of the largest red teams in the Americas. [19] It has sponsored members of its team to participate in international hacking contests (e.g., CTF) and cybersecurity events. Since 2023, Fluid Attacks has been one of the sponsors of the Latin American team in the International Cybersecurity Challenge. [20] [21]

See also

References

  1. 1 2 3 "Fluid Attacks expone beneficios de las pruebas de seguridad en las empresas". Valora Analitik. 2022-09-19. Retrieved 2025-07-24.
  2. 1 2 3 4 Raventós, J. I. (2022-06-01). Colombia Origen de Software (in Spanish). Fedesoft. pp. 100–107. ISBN   978-628-95029-2-3.
  3. "Pentesting as a service: Analizar la seguridad desde la postura del atacante". Gerencia. 2022-10-20. Retrieved 2025-08-08.
  4. 1 2 "Cómo el PTaaS (pruebas de penetración) está transformando la ciberseguridad en España". Revista Ciberseguridad. 2025-06-09. Retrieved 2025-07-24.
  5. 1 2 "State of Attacks: Fluid Attacks publica su reporte anual de ciberseguridad". Business Empresarial. 2022-08-09. Retrieved 2025-08-04.
  6. 1 2 Pérez, L. B. (2021-06-17). "Fluid Attacks recibe autorización de Mitre para asignar códigos a vulnerabilidades encontradas en AL". ComputerWeekly.es. Retrieved 2025-08-05.
  7. "Source Code Analysis Tools". OWASP. Retrieved 2025-08-11.
  8. "Tier 2 - Recommended Tools". App Defense Alliance. Retrieved 2025-08-11.
  9. Osores, M. (2022-08-16). "Fluid Attacks presentó Makes en Black Hat USA 2022". ComputerWeekly.es. Retrieved 2025-08-11.
  10. "Universe". OpenSSF Best Practices. Retrieved 2025-08-11.
  11. 1 2 "Fluid Attacks, la colombiana que llevó su headquarter a San Francisco, entrega sus claves". Startups Latam. 2023-10-10. Retrieved 2025-07-25.
  12. "Source Code Analysis Tools". OWASP. Retrieved 2025-11-11.
  13. "Seis buenas prácticas de ciberseguridad para implementar en las empresas en el 2023". Business Empresarial. 2023-02-12. Retrieved 2025-08-02.
  14. Pantaleón, I. (2022-11-22). "Fluid Attacks: Seis tendencias de ciberseguridad para el 2023". Forbes Centroamérica. Retrieved 2025-07-29.
  15. "5 recomendaciones para elegir un equipo de pentesting". Business Empresarial. 2021-07-04. Retrieved 2025-08-05.
  16. "5 tendencias que se impondrán en la ciberseguridad empresarial para el 2021". Business Empresarial. 2020-12-25. Retrieved 2025-08-06.
  17. "Uso de machine learning en ciberseguridad identifica archivos con vulnerabilidades de manera eficiente". Business empresarial. 2021-01-14. Retrieved 2025-08-06.
  18. "Siete tendencias en ciberseguridad y ciberataques para el 2024". Business Empresarial. 2024-01-09. Retrieved 2025-07-29.
  19. "Fluid Attacks primera y única compañía en Latinoamérica autorizada para asignar códigos a las vulnerabilidades encontradas". Business Empresarial. 2021-07-09. Retrieved 2025-08-05.
  20. "17 jóvenes hackers representarán a Latinoamérica en el International Cybersecurity Challenge". Business Empresarial. 2023-07-11. Retrieved 2025-07-31.
  21. "Bienvenidos III edición Chile 2024". icclatinoamerica.org. Retrieved 2025-11-10.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.