Skip to main content
All CollectionsGeneralGeneral questions
Overview of Flusk Vault Security Features
Overview of Flusk Vault Security Features

What security points are covered by Flusk Vault?

Updated over 8 months ago

Flusk Vault offers a range of security verifications to ensure your app remains safe and secure. Below are some of the key security points covered by our tool:

Issue

Description

Doc

Required Permissions

Privacy Rules Definition

Check if Privacy Rules are properly defined for each datatype

🟠 Collaborator

Public Sensitive Fields

Check if any sensitive field (eg. user personal data) is not properly protected through Privacy Rules

🟒 None

Database Leaks

Identify database leaks from misconfigured searches on pages, reusable elements and Data API.

🟒 None

Page Access Protection

Check if sensitive pages (admin dashboards,...) have proper redirection.

🟒 None

Bubble API Tokens

Managing internal API token granting full admin permissions.

🟠 Collaborator

Bubble Collaborators

Check for any unauthorized collaborators

🟠 Collaborator

Unsafe Google Maps API token

Check if your public Google Maps key has proper HTTP referrers

🟒 None

API Connector Sensitive Parameter

Check for sensitive parameters in API call (eg. API key, a private unique ID, an endpoint...)

🟒 None

Visible URL in API call

Check for sensitive URLs in API calls.

🟒 None

Backend Workflows Protection

Check if your back-end workflow is publicly exposed.

🟒 None

Sensitive clear data in workflows

Check if you have clear data in a login action.

🟒 None

Assign temp password vulnerability

Check for Temporary password vulnerability to prevent their use in unintended contexts.

🟒 None

Editor Privacy

Check if your app's editor is public to avoid displaying your app's structure (databases, tokens,...)

🟒 None

Password Policy

Make sure your password policy is strong enough to protect your user data.

🟒 None

Swagger Privacy

Check if your Swagger file leaks sensitive information on endpoints, parameters, or the structure of your API response.

🟒 None

Test version protection

Check if your test version is protected by a username/password combination.

🟒 None

Default username/password combination

Check if your username/password combination is not the default combination.

🟠 Collaborator

Public file uploader

Make sure your file uploaders are uploading private files

🟒 None

Public picture uploader

Make sure your picture uploaders are uploading private pictures

🟒 None

iFrame restriction

Make sure your app doesn't allow to be rendered as an iFrame

🟠 Collaborator

Did this answer your question?