For the past few months, I’ve been noticing a pattern on LinkedIn: people celebrating their success in obtaining our Code Review Badge. And one company kept coming up again and again: Fluid Attacks!
I decided to reach out to learn more about their usage of PentesterLab by contacting Camilo Vera, and here are his answers to a few questions I asked:
Fluid Attacks is an AppSec company focused on securing our clients’ software. Our solution combines automated tools, AI, and a team of expert pentesters. We provide deep source code review, continuous security testing, and research-driven vulnerability discovery. Our mission is to identify and help remediate vulnerabilities during the development lifecycle, uncovering issues that automated tools or surface-level assessments often miss.
Because code review is at the core of what we do, we wanted to make sure everyone on the team had a strong foundation. That’s why every new tester at Fluid Attacks is required to complete the Code Review badge before starting onboarding mentorships. Over time, it became a standard, now every tester in the company has it, and many have completed additional badges as well. It’s highly valued internally, because it builds skills directly applicable to our daily work.
The biggest change is in how testers approach code. Instead of seeing code as something overwhelming, they now know how to dive in, spot entry points, and follow the logic with an attacker’s mindset. It’s not just about recognizing individual vulnerabilities, it’s about developing a structured methodology for analyzing applications and libraries. This mindset shift has been extremely valuable.
Definitely. Many vulnerabilities we find simply don’t appear in black-box testing and won’t be flagged by automated tools. Thanks to the training, our team is better equipped to detect subtle issues, things that look harmless on the surface but can be chained with others into something critical.
What testers enjoyed most was the hands-on, realistic nature of the exercises. They’re not abstract or theoretical, they mirror the kinds of vulnerabilities and patterns we encounter in real-world projects. The challenges give you the feeling of solving a real case, which keeps motivation high.
Honestly, motivation wasn’t difficult. Because the badge directly reflects the type of work we do every day, testers immediately saw the value. For new joiners, completing the badge became a milestone, they knew it would prepare them to handle real client codebases more effectively.
If your team does application security, especially code review, PentesterLab is absolutely worth it. The exercises don’t just teach vulnerabilities, they build the skills and habits needed to approach code like an attacker. That’s what makes the difference between a decent assessment and one that uncovers the issues no one else has seen.
PentesterLab’s Code Review badge has become the foundation of the testers’ training, it turns reading code from a challenge into a strength, enabling us to find vulnerabilities others miss.