I’m going to make a free security guide for Bubble apps with a particular focus on security in practice. It’s designed to help people asking the questions ‘how did my app get hacked’ or ‘how do I check my app is secure’.
I wanted to see if anyone had any questions/topics in particular they think are worth covering. Just let me know and I’ll see what I can do 
Demonstrations of all the ways in which a motivated person can alter values via the developer console that can create security issues. It will help people debug any potential security concerns.
Definitely bring in more from outside of Bubble, meaning speak true to ‘web security’ and not solely on ‘bubble security’ as there are lots of concepts that nocode developers may be unaware of, but are known to web security.
Ensure you cover all the ways to ‘skin a cat’, meaning if there is more than one valid approach, discuss them all so that users can select the best approach in their specific use case.
Highlight the WU costs and implications of certain security measures so that people can asses if they can approach something in a different manner without sacrificing security; kind of related to all the ways to skin a cat.
Highlight all the known bugs in bubble related to security. And highlight all the known features that need to be expanded upon to make security more robust in Bubble.
Lastly, a great introduction to you, your educational background and work experience in the world of online security so as to demonstrate the expertise you’ve gained through longevity or deep research in the field.
I think I’ll be explaining the concepts of how it works but not going to do a step-by-step of how to hack a Bubble app as, well, I feel it would be mis-used more than used for good.
Yes
Yes
Yes
Well, Bubble security falls into three main pillars - ‘common’ knowledge (e.g privacy rules, workflow conditions), ‘rare knowledge/undocumented’ (e.g workflow exploits, bypassing server-side redirects), and bugs. The bug category is pretty small and those that have impact are patched pretty quickly, so I’m not going to dwell on that.
I strongly disagree. I highly doubt anybody watching a free course on Bubble security will stumble upon a ‘hacking’ method that encourages them to go against their own moral code and ethical beliefs and become a hacker of bubble apps because they saw how to do it. Most people with intentions to hack and moral/ethical standards that allow them to believe it ‘okay’ to hack those apps, likely has numerous ways to figure out how to do it already, and may even have the experience necessary to do it without instruction. But, that is just me thinking logically, and my logic may differ from other peoples.
