The Importance of Bubble App Security
Bubble app security is an afterthought for many people but it's essential that you get things right when building your Bubble app in order to protect your users data and protect content in your Bubble app. That's why I'm excited to show you around today the Flusk Vault dashboard and we're going to dive right in and go and look at their checklists.
Understanding Flusk's Security Features
So they know Bubble this is built for Bubble apps and that comes through very strongly. For example we go through onto page sensitivity ratings and in the setup process I've connected in a Bubble app and here are all of my pages imported in and I have to mark in order to check them off whether they are safe, whether they contain sensitive data or they contain sensitive UI elements and they have a large knowledge base to tell you exactly how to make a sensitive page properly secure in Bubble doing it the right way.
Securing Your Bubble Database
Flusk has the same checklist in place for your data types in your Bubble database. So here are all the data types that come across and this is using an app demo which is intentionally set up to be insecure. For example you would never store card details, credit card details, payment information, that sort of thing in a Bubble database but you get an idea here they build it all around the checklist. So I can simply say this is sensitive, sensitive, sensitive, sensitive and then I can yeah this box is complete and I can save it and the whole point of the Flusk app is that it makes it really easy for you not to miss a thing.
Comprehensive Security Checks
The headaches, the worries, the concerns, the endless testing, Flusk takes care of it for you. You've got your pages, you've got your data types all taken care of and it makes you meticulously go through and check to see whether they should be public or they should be protected or sensitive in this case.
Identifying Security Issues
Let's move on to issues and see what we have here. So again Flusk knows Bubble. They know where it's easy to make mistakes where bits that you want to keep secure such as API keys leak through. So we've got a public sensitive parameter in API called it's just asking you to check it and you can if you know that you've got it right you can ignore it but you can also view how to resolve the issue.
Extensive Knowledge Base
They've got a really in-depth knowledge base going on. In fact I would say that the knowledge base alone is worth the purchase because they've just put the time into really simply step-by-step creating instructions to help you ensure that your app is secure.
Version Control and Security
You'll notice that Flusk imports the different versions of your app. In this case we just have a test version and a live version. So not only does it give you a checklist but it also splits out and it makes sure that your live version is just as secure as your dev version and vice versa.
Resolving Security Issues
So let's have a look at resolve here. What's the advice? Okay yeah there may be a data leak based on a particular data type. Okay look screenshots all really help information and additional resources as well provided in there.
Implementing Strong Password Policies
So the Flusk app has detected that I don't have a strong password policy in place and that is just so vital because you can trust Bubble that their infrastructure is secure. You can build your app and tick off everything in the Flusk dashboard to ensure that you've not made a mistake but then the weakest link in your app is your user password so you can insist that your users have a stronger password and Flusk is going to guide you through the process on how to do that.
Ongoing Security Monitoring
So if you're building a Bubble app this is an essential tool to go through and check off everything that Flusk highlights you could be a security issue. Once you've got Flusk connected to your Bubble app you can schedule Flusk to do additional scans in the future. You can even download an iOS app to ensure that you get notifications as soon as Flusk identifies any issues with your app.
Privacy Rule Checker
The final tool I want to show you in the Flusk dashboard is the privacy rule checker. This itself is worth its weight in gold because if I just click on it it's going to highlight if I've made any potential issues within my privacy rules. So it's going to scan through my app it's checking all the data types I've got and it's going to come up with a list of where it thinks I could make improvements or at least should check and be conscious about the privacy rules I've set up.
Identifying Data Leaks
So we're seeing here that both the credit card and user data types are set up to be secure but I've actually run this automatically on my live version and I'm going to now run it on my test version because I think this is going to show up more issues. Remember I'm intentionally using an app that has not got any best practices in terms of security in order to illustrate how easily the Flusk app picks up these issues.
Addressing Security Vulnerabilities
So yeah we're seeing here that there is it's pulling data out of the database it's showing me made-up card numbers it's showing me email addresses. So that's a pretty big warning it's all in red that I need to head back into my Bubble app and before I deploy this leaky development version to live I need to set up the appropriate privacy rules with my data.
The Value of Flusk for Bubble App Creators
There's not a single Bubble app creator I know who wouldn't benefit from becoming a Flusk user and being able to go through the checklist that Flusk generates in order to ensure that your app is secure and so to get started with Flusk we've got a link down in the description you can sign up today and within five minutes you can have Flusk scanning your Bubble app and identifying any potential issues and ultimately giving you that peace of mind that you have done the right things with setting up your Bubble app for both security and privacy.