Flusk Vault offers a range of security verifications to ensure your app remains safe and secure. Below are some of the key security points covered by our tool:
Privacy Rules Definition
Check if Privacy Rules are properly defined for each datatype
Public Sensitive Fields
Check if any sensitive field (eg. user personal data) is not properly protected through Privacy Rules
Identify database leaks from misconfigured searches on pages, reusable elements and Data API.
Page Access Protection
Check if sensitive pages (admin dashboards,...) have proper redirection.
Bubble API Tokens
Managing internal API token granting full admin permissions.
Check for any unauthorized collaborators
Unsafe Google Maps API token
Check if your public Google Maps key has proper HTTP referrers
API Connector Sensitive Parameter
Check for sensitive parameters in API call (eg. API key, a private unique ID, an endpoint...)
Visible URL in API call
Check for sensitive URLs in API calls.
Backend Workflows Protection
Check if your back-end workflow is publicly exposed.
Sensitive clear data in workflows
Check if you have clear data in a login action.
Assign temp password vulnerability
Check for Temporary password vulnerability to prevent their use in unintended contexts.
Check if your app's editor is public to avoid displaying your app's structure (databases, tokens,...)
Make sure your password policy is strong enough to protect your user data.
Check if your Swagger file leaks sensitive information on endpoints, parameters, or the structure of your API response.
Test version protection
Check if your test version is protected by a username/password combination.
Default username/password combination
Check if your username/password combination is not the default combination.
Public file uploader
Make sure your file uploaders are uploading private files
Public picture uploader
Make sure your picture uploaders are uploading private pictures
Make sure your app doesn't allow to be rendered as an iFrame