What the book teaches
The Ultimate Guide to Bubble Security approaches security and privacy from three sides:
Bubble's security frameworkYour Bubble application is the end result of a mind-blowing chain of security measures that you mostly know nothing about: the physical security of the servers against hackers, physical intrusion, natural disasters and undersea, iron-clad cables, database encryption, password hashing and salting, user management and server-side actions. Your app is covered by the same security setup and protocols that protects huge companies like Adobe, Netflix and AirBnB and organizations like Harvard Medical School, the European Space Agency and recently the NSA. And there's nothing you need to do to maintain that - it's simply set up for you, monitored 24/7 to maintain your uptime and security every day and night of the year. This section explores how your application data is protected from both a hardware and software perspective - so that you can no what you are investing in and/or speak to clients about security with confidence.
How to think about security and privacySecurity and privacy is all about decisions. Thousands of them. We'll explore how you approach thinking about the policy that guides these decisions as you build, maintain and update your app. Security is not just a result of technical proficiency, but about using sound judgement and respecting Users. Many of the biggest data leaks in the recent decade have happened not as a result of technical glitches or weak security, but because a decision to keep the data private had never been made in the first place, and the data was simply there for the taking. Setting up a security and privacy policy is not just a dry legal document - it's a promise to your Users and a strategy to build a brand that radiates trust and predictability.
Building secure applicationsFinally, we'll dive deep into the technical side of security. Bubble offers strong security, but doesn’t enforce it - you’re free to expose most data as you please. What this book will attempt to do is to fill the knowledge gap on the things you didn’t know that you didn’t know - so that every decision you make from there on regarding security is a conscious choice and not an oversight. We'll look into how to secure your account, how to think about on-page security, what data Bubble reveals in its source code, securing API data and workflows, securely redirecting Users, securing data with Privacy Rules and many other details that together make up the totality of your app's security.
