Overview

Flusk offers a comprehensive suite of tools to audit and monitor your app. In this article, we’ll go over the available features, and link to more in-depth content for each section.

Security

Testing

Flusk equips you with two different tools for performing tests on demand.

Issues explorer

The Issues explorer runs a test across a range of different categories and ranks them by criticality. Each of the categories are explained in-depth in the sub-articles in this series.

  • Data Leak

  • Page access protection

  • Clear data in login workflow

  • Temporary password vulnerability

  • Public editor

  • Unapproved collaborator

  • Swagger file

  • Password policy

  • API Workflow protection

  • Privacy rules definition

  • Public sensitive fields

  • Bubble API Token

  • Visible URL in API call

  • Public sensitive parameter in API call

  • Test version protection

  • Default username / password combination

  • Unsafe Google Maps API token

  • Public picture uploader

  • Public file uploader

  • Frame restriction

Article: The issues explorer

Privacy rules checker

The Privacy Rules Checker analyzes your data types and privacy rules, identifying any data types or fields that may be publicly accessible.

Article section: Privacy rules checker

Tools

Automated tests

Automated tests enable you to run security tests automatically, with two different trigger options:

  • Automatic test on deploy: this will automatically perform a test whenever your app is deployed to live.

  • Scheduled tests: this option lets you set up automated tests on a set schedule (such as daily/weekly/monthly). You can create up to five test schedules.

Article section: Automated tests

Advanced

The advanced section contains records, tools and settings for experienced users and larger apps:

  • Test history: The test history shows a list of completed tests, along with key information about each one.

  • Versions: This setting allows you to configure which versions will be included in security tests.

  • Page rating: The page rating setting allows you to tell Flusk which pages should be classified as Safe (publicly accessible to non-logged in users) or Sensitive (restricted to logged-in users/containing sensitive information). This helps Flusk provide more accurate and relevant security test results based on the nature of each page. Article: Pages rating

  • Database field rating: Similarly, the database field rating allows you to specify which fields in your data types are classified as Safe (accessible to non-logged-in users or through API calls) and Sensitive (restricted to logged-in users or containing private information). This helps Flusk ensure that your data fields are secured appropriately, providing more accurate insights into potential vulnerabilities. Article: Database rating

Last updated

#829: Flusk: more detailed Issue Descriptions

Change request updated