[New Security Plugin 🛡 ] nocode:nohack - Hack your own Bubble app (and fix it!) + Free Security ebook

Hey Bubblers ! Today we are really excited to introduce a Security Plugin to the Bubble Community :slight_smile: . For 3 years I’ve been bubbling for several apps and i learnt a lot about Bubble Security (thanks to tinkso ex-ideable and their tool apicheck). But today I saw a lot of vulnerabilities in the majority of Bubble apps! It’s so important for the no-code future to take security seriously and keep it confident.

That’s why we worked for several months with my co-founder Kevin on a Security Plugin to let you check your own app and see if there are any security breaches (Token/Secret/Bearer, webhooks, Users emails, Business Data and more…).

We check Data API, Plugin & API Connector, Option Sets content, Pages List, Database Default Value, Static Content (premium) and Privacy Rules (premium).


How it’s works:

1/ Enter the URL of your Bubble app on https://nocodenohack.com and authenticate it by adding the nocode:nohack plugin.

2/ Wait for the test end (less than 10min)

3/ Upgrade if you want to see more vulnerabilities (30 days money back)

4/ Review vulnerabilities (ignore all false-positive) and learn how to fix them

5/ If you need help, contact us by using our live chat :slight_smile:


After your sign up, you will receive our ebook “Guide to Secure your Bubble app

We are adding more and more features to our security engine to help you to secure your Bubble app better and better. Contact us if you have some ideas :slight_smile:

ps : yes, it’s a Bubble app too :innocent: !


Congrats @b.demontecler ! I am impressed by what you did about this important topic !

Such a great idea and well designed too :wink:



Well done Benoit! Great to see you’ve come so far!


Great Plugin !

Security is becoming more and more essential on Bubble and this application is a must have


Thank you very much for innovating in this way. Very useful.

This topic is going to become more and more essential in the coming months/years and we need solutions like yours to keep our data safe.

Thank you very much


Congratulations! Already signed up and thank you for the PDF. Will read carefully. Security rules is a TOP priority in every app. Specially for the Bubble ecosystem. Great contribution! Thank you!

1 Like

Great job !!

1 Like

Fantastic! Thank you, and congratulations!

1 Like

Great tool. I tried to create the same thing myself but gave up, so I know how much effort this took. Really well done.


You nailed it ! The one and only plugin to secure your bubble apps, i definitly recommand it.


Hi all !
We are very happy to announce a major update to our security tool nocode:nohack! Thanks a lot to all your feedbacks ! We have worked a lot on them last 4 weeks :slight_smile:

New features :

New Pricing :
All the test features are now free except the Privacy Rules Check.

  • Free (Data API Test, Workflow API Test, Plugin & API Connector, Option Sets content, Private Pages List, Database Default Value, Static Content)

  • Paid, from 39€/month (Privacy Rules Check + Test Scheduling + Team Management for Agency).

Build safely !


Is this tool designed to scan only Bubble apps you own, or to scan any 3rd party Bubble apps once I link one Bubble app?

Using your tool, I was able to scan 3rd party Bubble application by timing attack. You’d better fix it if it’s not your design.

1 Like

Hello @michitomo , you can run a test on any application, but only the owner can see the details of the vulnerabilities to prevent bad people from using our tool :slight_smile:

1 Like

This is example result of the app not owned by me. Is this expected?

I saw that you added the plugin on your app with the correct ID, i don’t understand why you said that you are not the owner. Do i miss something? Can you answer to my PM and plan a call to help me to understand? Thanks a lot for your help!

This is not the app I have control. I’ll contact you anyways.

1 Like

Thanks a lot @michitomo, we fixed the issue with your help :hugs: . Now, even with the workaround used, a user cannot scan an application that he doesn’t own. We haven’t seen other users using this workaround, thank you very much for your help :slight_smile:

1 Like

Thanks a lot.
Even before the fix, being able to scan the app you don’t own is not actually a security concern anyways.

1 Like

@b.demontecler thanks so much for you help and offering such an excellent service. I couldn’t recommend this service any higher. Happy to know our app is protected!


@b.demontecler Thanks for the thorough security audit and advice. Everyone using Bubble should be using this plugin and application, its the best way to secure your app.