Flusk features now available across all Bubble paid plans

What does this Flusk thing do ? With basic more concrete examples. I don’t get it

@emir.ozgun

It tells you, ‘All of your users emails and private data is exposed to the internet’. Or ‘your API Connection is leaking your Private tokens’. Things like that. :blush:

5 Likes

Basically monitors your app and tells you which pages are public, which are covered with a redirect, which APIs are public, checks all of your data types and tells you what’s private and what’s not so you can fix it before somebody exploits your app

Where do we reach for support? Flusk status page “get in touch” is broken and I can’t access flusk dashboard since i’m stuck on “waiting for collaborator invitation” while it was done an it even completed the scan with success.

2 Likes

for anyone running into flusk issues, the team is keeping an eye out for tickets about this in particular through our ticket process.
So just go to Bubble Support Center and submit it with the bot

3 Likes

I am so tired of doing bug reports. :cry:

10 Likes

That looks very good, does it tell me how to fix it ?

2 Likes

@emir.ozgun I believe they do give you some sort of description that explains why it’s bad. I can’t remember if they actually tell you what to do to fix it or not. :man_shrugging: I am still waiting in the queue to get my app tested. :sweat_smile:

4 Likes

I’m a little disappointed…

Bubble is apparently concerned with ensuring that only the apps that pay more became more secure, leaving apps that are on the Starter plan without much information about their vulnerabilities.

I have a huge application on the Starter plan and several vulnerability points are detected by Flusk. But they all appear as “blocked” and I can’t see what they are.

When I click to upgrade, a Bubble screen appears informing me that in order to see the vulnerabilities of my project I need to migrate to a higher plan.

This makes it clear that the vulnerability of small applications, although it exists and is identified, will not be shown to the developer.

I am genuinely frustrated because I thought this was the start of a movement to make Bubble ecosystem apps more secure, but ultimately it’s just another way to get you to upgrade your plan using fear as a trigger…

27 Likes

Thank you for bringing this up. I’lll be sharing with the team so they can review

2 Likes

Honestly, it’s true that acquisitions aren’t free, just like the acquisition of Flusk. But considering that, most part of the security problems in Bubble apps are caused by bad structuring and configuration of the app by the devs themselves, Bubble itself is still partly to blame, whether due to security problems inherent to the platform or the lack of specific training for its users.

So, I believe it would be more than fair to help these people, through new acquisitions like Flusk, providing the necessary features so that these users can be helped to improve the security of their apps.

After all, Bubble’s goal is to democratize software development for non-technical people, right? By non-technical people, it is assumed that they will need help mainly in terms of security. Many of us have been on this journey for years, and many still make mistakes, imagine those who are just starting out and have barely read all the dozens of posts and discussions about security and things like that. Just my opinion.

5 Likes

Its the apps on Starter plans that needs the most assistance with vulnerabilities as they are usually new to Bubble and app making in general.

I hope this is reviewed and adjusted by Bubble

3 Likes

You’d be surprised actually - there are apps paying Bubble thousands a month with data public (or their entire editor). I’ve found that the app’s plan doesn’t really have any predictive value of an app’s security.

4 Likes

I have to say that this topic title is misleading “Flusk features now available across all Bubble paid plans” → to my understanding Flusk features are included at no extra cost.

I understand that some may be extra, but the vast majority should be included… according to my understanding of this topic title. :man_shrugging:

4 Likes

From what I understand, a useful security tool was acquired by Bubble, and now it’s being used to push upgrades on plans.

Could just be me, but why? Why can’t the basic security features be included anyways? I get some security features will be exclusive to the plan but others like not showing full vulnerabilities for Starter plan is just dumb. The issues are caused by Bubble’s outdated editor & especially so privacy rule configurator.

I have noted earlier too that since Bubble is charging for the usage, they shouldn’t have charges for features in addition to that.

If charging for both, then charges for usage (WUs) should be much much lower than what they are now. They should be almost at cost on what Bubble gets it at. All other platforms like Google, AWS charge much lower for using their APIs etc., So much so that for typical use case of small companies they are practically free.

With Bubble after we pay $300 for the WUs because of usage (a lot of which is because of Bubble not supporting various functionalities or overcharging because of bugs) , now we have to pay $100 per month extra to get:

  • Logs for 12 more days
  • One extra editor on the app
  • Information about security holes
  • Version Control
  • 75K WUs

Can’t rant enough about this pricing philosophy!

2 Likes

It seems that there are still many users from the past where Bubble was driven by community members and Bubble focused on tools for starting to build whatever for a single or many users.

Reality is that Bubble made clear and acts accordingly that it wants to move up in the chain and serve corporate customers with corporate budgets. For corporates it does not matter if they loose $10.000, $100.000 or even a million a month as long as they have the idea to be nailing it. At least in their eyes.

That’s the bet at this stage. And that’s why you see less and less care for customer who are paying hundreds of dollars. Bubble wants thousands of dollars per month.

So agencies will handle the “small” projects that brings in recurring revenue for Bubble with the potential for Bubble to improve margins by simply increasing prices and reshuffle features that push customers to higher price tiers. The bigger agencies and customers will get all the attention of Bubble HQ to make sure it can grow in that department.

This is simply a strategy decision. So let’s help each other to increase the revenue we earn with our products such that Bubble prices are less of a concern or the resources are available to move away to something else. Either way, let’s scale!

Welcome to sweet capitalism. Haha.

I believe you are right in this. I don’t think they should prevent others from utilizing security perks just because they are paying a little less. Ultimately, if they do that, most of the “starter” apps will be unsecure / left in the dust while those who pay more will ultimately have more security. That could result in the loss of customers or create churn within the ecosystem. We’ve already seen that happen a year or two ago after the pricing switch.

Although – no offense to Flusk, it’s not the best tool to use, in my opinion anyway, for “auditing” your app. You won’t see me complaining.

1 Like

image
After a day of waiting as 690th in the queue, my test never ran. I restarted the test an hour ago and was 370th in the queue and have somehow lost a place and now I’m 371st. How does that happen? Clearly there are some queue jumpers who outrank me. My guess is that the plan to utilize Flusk had the same enterprise rigor to it as the Bubble platform. Funny how they release something like this to everyone at once, yet we are all still here waiting for mobile to get released to anyone but a small handful of people. Bubble can look to go “up the food chain” but I’m not sure anyone in the organization has lived there to know what it takes to succeed.

I’ll recommend you submit a report with the support team. It helps them dig into issues and also consolidate efforts if your report is similar to others

2 Likes