Hi community! I’m having this client, which is asking me if I have in place a WAF (Web Application Firewall), in order to protect the app on the higher layers (5-7) from attacks such HTTP Flood, Slowloris, and/or risk threats contained in OWASP Top 10. I already checked the forum and reviewed @josh “Security Q&A Guide" and found that Bubble already use a Network Firewall, however this is supposed to protect the app on mid layers (3-4) for IP, port, ACL.
Has anyone had to deal with this WAF matter before, or can you shed some light on how I should answer this properly regarding apps built on Bubble?
Did you check Cloudflare? Maybe check out their products list or their dashboard as they offer a lot of security features you can just turn on. It would require you to move your DNS management to them but they are the best!
Hey guys, I know it’s been a while since this topic was addressed, but I have a client who is requiring us to complete a HECVAT. I have managed to fill out almost all of the sections, however the one section that I can’t seem to get any info on is the " Firewalls, IDS, IPS, and Networking" section.
I have asked bubble’s support team for help but that was 2 weeks ago and I have a deadline to send back the assessment by tomorrow. Does anyone know where I can find the answers to these questions? Maybe @josh can chime in?
(screenshot below - I selected Yes for all in order to see what additional information is needed in the next column):
