Overview

Flusk offers a comprehensive suite of tools to audit and monitor your app. In this article, we’ll go over the available features, and link to more in-depth content for each section.

Security

Testing

Flusk equips you with two different tools for performing tests on demand.

Issues explorer

The Issues explorer runs a test across a range of different categories and ranks them by criticality. Each of the categories are explained in-depth in the sub-articles in this series.

• Data Leak

• Page access protection

• Clear data in login workflow

• Temporary password vulnerability

• Public editor

• Unapproved collaborator

• Swagger file

• Password policy

• API Workflow protection

• Privacy rules definition

• Public sensitive fields

• Bubble API Token

• Visible URL in API call

• Public sensitive parameter in API call

• Test version protection

• Default username / password combination

• Unsafe Google Maps API token

• Public picture uploader

• Public file uploader

• Frame restriction

Privacy rules checker

The Privacy Rules Checker analyzes your data types and privacy rules, identifying any data types or fields that may be publicly accessible.

Tools

Automated tests

Automated tests enable you to run security tests automatically, with two different trigger options:

• Automatic test on deploy: this will automatically perform a test whenever your app is deployed to live.

• Scheduled tests: this option lets you set up automated tests on a set schedule (such as daily/weekly/monthly). You can create up to five test schedules.

Advanced

The advanced section contains records, tools and settings for experienced users and larger apps:

• Test history: The test history shows a list of completed tests, along with key information about each one.

• Versions: This setting allows you to configure which versions will be included in security tests.