Flusk Vault offers a range of security verifications to ensure your app remains safe and secure. Below are some of the key security points covered by our tool:
Issue | Description | Doc | Required Permissions |
Privacy Rules Definition | Check if Privacy Rules are properly defined for each datatype |
| |
Public Sensitive Fields | Check if any sensitive field (eg. user personal data) is not properly protected through Privacy Rules | | |
Database Leaks | Identify database leaks from misconfigured searches on pages, reusable elements and Data API. | | |
Page Access Protection | Check if sensitive pages (admin dashboards,...) have proper redirection. | | |
Bubble API Tokens | Managing internal API token granting full admin permissions. | | |
Bubble Collaborators | Check for any unauthorized collaborators | | |
Unsafe Google Maps API token | Check if your public Google Maps key has proper HTTP referrers | | |
API Connector Sensitive Parameter | Check for sensitive parameters in API call (eg. API key, a private unique ID, an endpoint...) | | |
Visible URL in API call | Check for sensitive URLs in API calls. | | |
Backend Workflows Protection | Check if your back-end workflow is publicly exposed. | | |
Sensitive clear data in workflows | Check if you have clear data in a login action. | | |
Assign temp password vulnerability | Check for Temporary password vulnerability to prevent their use in unintended contexts. | | |
Editor Privacy | Check if your app's editor is public to avoid displaying your app's structure (databases, tokens,...) | | |
Password Policy | Make sure your password policy is strong enough to protect your user data. | | |
Swagger Privacy | Check if your Swagger file leaks sensitive information on endpoints, parameters, or the structure of your API response. | | |
Test version protection | Check if your test version is protected by a username/password combination. | | |
Default username/password combination | Check if your username/password combination is not the default combination. | |