Hi everyone
At Flusk, we are working on the security of Bubble applications.
We did a lot of security audits, and we finally managed to automate 90% of them internally. So we will soon release a security tool to do automated audits on Bubble applications.
Here are some of the points we cover:
Privacy rules checker
Swagger / Editor privacy
Bad redirections / Compromised page access
Admin injections
URL parameter brute-forcing
Cookie exploit
XHR requests crawler / Misconfigured do a search
Sensitive URL parameters, headers and URLs in APIs
…
We need beta testers (agencies, freelancers and developers) to help us build the product hand in hand with our users and to know how we can best integrate into their app production processes.
If you want to help us make the Bubble ecosystem more secure, feel free to reply and we’ll invite you to our private Alpha so you can test and give us your feedback.
Otherwise, we’re planning on releasing the tool for an open beta by March 2023!
We’ll post updates here as we move forward with the tool.
See you soon!
Agree! Especially as Bubble knows well which data is used where and how its setup!
I reassure you this is the pricing for another service. We’re planning on releasing this tool 30-80$
All beta testers will get a free discount by the way.
Love this service - something a little tangential that caught my eye - you say you’re able to automatically audit when an app is updated - how do you detect that an app has updated? Are you polling a site to check if its deploy id has changed or do you have another system in place that doesn’t require constantly pinging an app?
Good on you folks for writing that article because my first thought when you posted about your tool (and no offense, of course, because it was the same thought I had when at least two similar tools were posted over the past year or two) was something along the lines of, “Cool… but why should I trust you guys with my app?” Don’t take that personally, please, because I am probably one of the most paranoid people you’d ever meet. Hell, it’s hard for me to trust Bubble sometimes, and they built the damn platform.
Again, though, kudos on hitting the trust thing head on because I believe it’s an uphill battle, and I wish you the best of luck with it because security is such an important piece of the puzzle.