The Ultimate Guide to Bubble Security - How to Build Secure, Privacy Focused apps in Bubble
Bubble.io is the new way of building web applications, and your decision to learn how to use the platform may just end up being one of the most important choice you've made in your career.
Being an early adopter of a framework that is likely to power a big part of the internet in the coming years is a fantastic opportunity - but it comes with a caution.
Bubble developers need to be experts in a lot of things
By whom are web applications traditionally developed? By developers, you might think. Of course. But also by UX and UI Designers. Database Security Experts, QA engineers. Business Analysts - and one or more Project Managers to hold it all together.
With Bubble, you're often filling several or all of these roles. The amazing thing is that you can - Bubble makes that possible. The caution is that these roles come with a lot of know-how and experience that you may be unaware of.
Setting up apps that are secure, privacy-focused and compliant requires that you know the ins and out of Bubble technically, and that you have an understanding of what your Users expect from you. In short: it requires that you know things that you may not need to know that you need to know.
What the book teaches
The Ultimate Guide to Bubble Security approaches security and privacy from three sides:
Bubble's security framework
Your Bubble application is the end result of a mind-blowing chain of security measures that you mostly know nothing about: the physical security of the servers against hackers, physical intrusion, natural disasters and undersea, iron-clad cables, database encryption, password hashing and salting, user management and server-side actions. Your app is covered by the same security setup and protocols that protects huge companies like Adobe, Netflix and AirBnB and organizations like Harvard Medical School, the European Space Agency and recently the NSA. And there's nothing you need to do to maintain that - it's simply set up for you, monitored 24/7 to maintain your uptime and security every day and night of the year. This section explores how your application data is protected from both a hardware and software perspective - so that you can no what you are investing in and/or speak to clients about security with confidence.
How to think about security and privacy
Security and privacy is all about decisions. Thousands of them. We'll explore how you approach thinking about the policy that guides these decisions as you build, maintain and update your app. Security is not just a result of technical proficiency, but about using sound judgement and respecting Users. Many of the biggest data leaks in the recent decade have happened not as a result of technical glitches or weak security, but because a decision to keep the data private had never been made in the first place, and the data was simply there for the taking. Setting up a security and privacy policy is not just a dry legal document - it's a promise to your Users and a strategy to build a brand that radiates trust and predictability.
Building secure applications
Finally, we'll dive deep into the technical side of security. Bubble offers strong security, but doesn’t enforce it - you’re free to expose most data as you please. What this book will attempt to do is to fill the knowledge gap on the things you didn’t know that you didn’t know - so that every decision you make from there on regarding security is a conscious choice and not an oversight. We'll look into how to secure your account, how to think about on-page security, what data Bubble reveals in its source code, securing API data and workflows, securely redirecting Users, securing data with Privacy Rules and many other details that together make up the totality of your app's security.
How to Build Secure, Privacy Focused apps