Forum Academy Marketplace Showcase Pricing Features

๐Ÿš€ [Open Alpha] Finally a Tool for Bubble Security - Introducing Flusk Vault

Hi everyone :wave:
At Flusk, we are working on the security of Bubble applications.
We did a lot of security audits, and we finally managed to automate 90% of them internally. So we will soon release a security tool to do automated audits on Bubble applications.

Here are some of the points we cover:

  • Privacy rules checker
  • Swagger / Editor privacy
  • Bad redirections / Compromised page access
  • Admin injections
  • URL parameter brute-forcing
  • Cookie exploit
  • XHR requests crawler / Misconfigured do a search
  • Sensitive URL parameters, headers and URLs in APIs
    โ€ฆ

And some of the already integrated features:

  • Automated test when pushing a version live
  • Multi-branch/version support
  • Unlimited tests
  • Complete explanations about issues and solutions
  • Full support through chat and video call

We need beta testers (agencies, freelancers and developers) to help us build the product hand in hand with our users and to know how we can best integrate into their app production processes.

:point_right: If you want to help us make the Bubble ecosystem more secure, feel free to reply and weโ€™ll invite you to our private Alpha so you can test and give us your feedback.

Otherwise, weโ€™re planning on releasing the tool for an open beta by March 2023!

Weโ€™ll post updates here as we move forward with the tool.
See you soon!


Victor from Flusk

Black_512x512 Flusk - a hub of tools and services for Bubble makers and businesses

16 Likes

:rocket: :rocket: :rocket: :rocket: :rocket:

Interested

I think bubble should just buy this right away and implement it as part of the editor. Flutterflow
already have a similar thing going.

But at this priceโ€ฆ they probably canโ€™t afford it, and no one else either for that matter hehe.

### Pricing
### Flusk Membership
Starting from 3 500โ‚ฌ / month
2 Likes

Agree! Especially as Bubble knows well which data is used where and how its setup!

I reassure you this is the pricing for another service. Weโ€™re planning on releasing this tool 30-80$ :yum:
All beta testers will get a free discount by the way.

3 Likes

Love this service - something a little tangential that caught my eye - you say youโ€™re able to automatically audit when an app is updated - how do you detect that an app has updated? Are you polling a site to check if its deploy id has changed or do you have another system in place that doesnโ€™t require constantly pinging an app?

1 Like

At this stage, we ping apps on a regular basis (every 30 minutes) to detect any updates on their versions/branches.

We do that by fetching the โ€œlast_changeโ€ UNIX timestamp that every app exposes and comparing it with our internal record/save of your app!

3 Likes

That makes sense :slight_smile: Thanks for sharing

1 Like

Youโ€™re welcome!

Iโ€™d love to take part in the Alpha

Sure! Just sent you a link! :rocket:

Happy to sign up for the alpha :slightly_smiling_face:

Just signed you in, you should have received the invitation :yum:

Please sign me up for the alpha

interesed in the alpha!

Just invited you @c.wittelsberger & @danibrario :yum:

We received a few messages from our current beta testers about privacy, so for those who also share this concern, here is an article about how we process data:
https://help.flusk.eu/en/articles/6933917-how-does-flusk-vault-process-your-application-data-and-privacy

Good on you folks for writing that article because my first thought when you posted about your tool (and no offense, of course, because it was the same thought I had when at least two similar tools were posted over the past year or two) was something along the lines of, โ€œCoolโ€ฆ but why should I trust you guys with my app?โ€ Donโ€™t take that personally, please, because I am probably one of the most paranoid people youโ€™d ever meet. Hell, itโ€™s hard for me to trust Bubble sometimes, and they built the damn platform.

Again, though, kudos on hitting the trust thing head on because I believe itโ€™s an uphill battle, and I wish you the best of luck with it because security is such an important piece of the puzzle.

Thanks! Yes, I totally agree with you, weโ€™re trying to offer a security tool whichโ€ฆ in itself could be a security vulnerability.

Thanks for your comment though :slight_smile:

1 Like

Invite me please