How Fluid Attacks Trains Every Tester with PentesterLab’s Code Review Badge

Published: 27 Aug 2025

For the past few months, I’ve been noticing a pattern on LinkedIn: people celebrating their success in obtaining our Code Review Badge. And one company kept coming up again and again: Fluid Attacks!

I decided to reach out to learn more about their usage of PentesterLab by contacting Camilo Vera, and here are his answers to a few questions I asked:

Can you tell us a bit about your company and the kind of services you provide?

Fluid Attacks is an AppSec company focused on securing our clients’ software. Our solution combines automated tools, AI, and a team of expert pentesters. We provide deep source code review, continuous security testing, and research-driven vulnerability discovery. Our mission is to identify and help remediate vulnerabilities during the development lifecycle, uncovering issues that automated tools or surface-level assessments often miss.

From what I’ve seen, many people on your team went through our Code Review Badge. What made you decide to put the whole team through it?

Because code review is at the core of what we do, we wanted to make sure everyone on the team had a strong foundation. That’s why every new tester at Fluid Attacks is required to complete the Code Review badge before starting onboarding mentorships. Over time, it became a standard, now every tester in the company has it, and many have completed additional badges as well. It’s highly valued internally, because it builds skills directly applicable to our daily work.

How has completing the badge changed the way your team approaches code review and application security?

The biggest change is in how testers approach code. Instead of seeing code as something overwhelming, they now know how to dive in, spot entry points, and follow the logic with an attacker’s mindset. It’s not just about recognizing individual vulnerabilities, it’s about developing a structured methodology for analyzing applications and libraries. This mindset shift has been extremely valuable.

Do you feel your team is now better prepared to catch issues that automated tools or pentests might miss?

Definitely. Many vulnerabilities we find simply don’t appear in black-box testing and won’t be flagged by automated tools. Thanks to the training, our team is better equipped to detect subtle issues, things that look harmless on the surface but can be chained with others into something critical.

What did your team enjoy the most about the badge?

What testers enjoyed most was the hands-on, realistic nature of the exercises. They’re not abstract or theoretical, they mirror the kinds of vulnerabilities and patterns we encounter in real-world projects. The challenges give you the feeling of solving a real case, which keeps motivation high.

How did you keep the team motivated through the training?

Honestly, motivation wasn’t difficult. Because the badge directly reflects the type of work we do every day, testers immediately saw the value. For new joiners, completing the badge became a milestone, they knew it would prepare them to handle real client codebases more effectively.

What would you tell another team or company considering PentesterLab?

If your team does application security, especially code review, PentesterLab is absolutely worth it. The exercises don’t just teach vulnerabilities, they build the skills and habits needed to approach code like an attacker. That’s what makes the difference between a decent assessment and one that uncovers the issues no one else has seen.

If you had to sum up the experience in one sentence, what would it be?

PentesterLab’s Code Review badge has become the foundation of the testers’ training, it turns reading code from a challenge into a strength, enabling us to find vulnerabilities others miss.

Photo of Louis Nyffenegger
Written by Louis Nyffenegger
Founder and CEO @PentesterLab