All Collections
Flusk Vault
General questions
Overview of Flusk Vault Security Features
Overview of Flusk Vault Security Features
What security points are covered by Flusk Vault?
Victor Nihoul avatar
Written by Victor Nihoul
Updated over a week ago

Flusk Vault offers a range of security verifications to ensure your app remains safe and secure. Below are some of the key security points covered by our tool:




Required Permissions

Privacy Rules Definition

Check if Privacy Rules are properly defined for each datatype

🟒 None

Public Sensitive Fields

Check if any sensitive field (eg. user personal data) is not properly protected through Privacy Rules

🟒 None

Database Leaks

Identify database leaks from misconfigured searches on pages, reusable elements and Data API.

🟒 None

Page Access Protection

Check if sensitive pages (admin dashboards,...) have proper redirection.

🟒 None

Bubble API Tokens

Managing internal API token granting full admin permissions.

🟠 Collaborator

Bubble Collaborators

Check for any unauthorized collaborators

🟠 Collaborator

Unsafe Google Maps API token

Check if your public Google Maps key has proper HTTP referrers

🟒 None

API Connector Sensitive Parameter

Check for sensitive parameters in API call (eg. API key, a private unique ID, an endpoint...)

🟒 None

Visible URL in API call

Check for sensitive URLs in API calls.

🟒 None

Backend Workflows Protection

Check if your back-end workflow is publicly exposed.

🟒 None

Sensitive clear data in workflows

Check if you have clear data in a login action.

🟒 None

Assign temp password vulnerability

Check for Temporary password vulnerability to prevent their use in unintended contexts.

🟒 None

Editor Privacy

Check if your app's editor is public to avoid displaying your app's structure (databases, tokens,...)

🟒 None

Password Policy

Make sure your password policy is strong enough to protect your user data.

🟒 None

Swagger Privacy

Check if your Swagger file leaks sensitive information on endpoints, parameters, or the structure of your API response.

🟒 None

Test version protection

Check if your test version is protected by a username/password combination.

🟒 None

Default username/password combination

Check if your username/password combination is not the default combination.

🟠 Collaborator

Did this answer your question?