Skip to main content
All CollectionsSecurity & ComplianceFlusk
What security points does Flusk check for?
What security points does Flusk check for?
Updated over a month ago

Flusk offers a range of security verifications to ensure your app remains safe and secure. Below are some of the key security points covered by the tool, though please note that the features available to you will depend on your app plan. See a full feature breakdown by plan here.

Issue

Description

Required Permissions

Privacy Rules Definition

Check if Privacy Rules are properly defined for each datatype

🟠 Collaborator

Public Sensitive Fields

Check if any sensitive field (eg. user personal data) is not properly protected through Privacy Rules

🟒 None

Database Leaks

Identify database leaks from misconfigured searches on pages, reusable elements and Data API.

🟒 None

Page Access Protection

Check if sensitive pages (admin dashboards,...) have proper redirection.

🟒 None

Bubble API Tokens

Managing internal API token granting full admin permissions.

🟠 Collaborator

Bubble Collaborators

Check for any unauthorized collaborators

🟠 Collaborator

Unsafe Google Maps API token

Check if your public Google Maps key has proper HTTP referrers

🟒 None

API Connector Sensitive Parameter

Check for sensitive parameters in API call (eg. API key, a private unique ID, an endpoint...)

🟒 None

Visible URL in API call

Check for sensitive URLs in API calls.

🟒 None

Backend Workflows Protection

Check if your back-end workflow is publicly exposed.

🟒 None

Sensitive clear data in workflows

Check if you have clear data in a login action.

🟒 None

Assign temp password vulnerability

Check for Temporary password vulnerability to prevent their use in unintended contexts.

🟒 None

Editor Privacy

Check if your app's editor is public to avoid displaying your app's structure (databases, tokens,...)

🟒 None

Password Policy

Make sure your password policy is strong enough to protect your user data.

🟒 None

Swagger Privacy

Check if your Swagger file leaks sensitive information on endpoints, parameters, or the structure of your API response.

🟒 None

Test version protection

Check if your test version is protected by a username/password combination.

🟒 None

Default username/password combination

Check if your username/password combination is not the default combination.

🟠 Collaborator

Public file uploader

Make sure your file uploaders are uploading private files

🟒 None

Public picture uploader

Make sure your picture uploaders are uploading private pictures

🟒 None

iFrame restriction

Make sure your app doesn't allow to be rendered as an iFrame

🟠 Collaborator

Did this answer your question?