Recommendations for Person To Do A Security Review of My App

Coffee Lounge
#1

I’d like to do a security review of my app to be sure it cannot easily be hacked… can anyone recommend an individual who is an expert in this area that I can work with on this?

#2

@Dave has a cyber-security background, he’s my suggestion

I’m also familiar with cybersecurity, but I only have 1 year experience of Wappler

I’d also trust JonL

2 Likes
#3

I usually build the image and push it to Docker hub then use snyk.io to scan all the code base and dependencies for vulnerabilities. For example here is a scan of an image I build on Wappler a year and a half ago.

image
image903×717 27.7 KB


Compare to another Image I build 6 months ago. As you can see the with each Wappler Version updates the code base is improving on patches.

image
image1187×725 42.3 KB


These images have not been updated since with the patches because I just use them as tracking tool to see what is really getting patch with each Wappler version updates. So far I can say a lot of patches has been done with each new Wappler Updates.

My next image that I plan to scan is the Wappler Dashboard that I am building out over here.

But all and all, that just scanning image code base and its dependencies for vulnerabilities and I am not sure of the level of hacking vulnerabilities you are trying to pin point.

1 Like
#4

As the Wappler code base is common for all projects, I believe he wants an analysis of the way he built the app in Wappler to see if there are any security-related logic issues - such kind of issues are unlikely to be picked by the tool you mentioned :slight_smile:

#5

I see. That’s always the nerve rocking part indeed, because Wappler gives you the power to build however you want, so much so that you often for sure always want that second option on what you have put together.

In that case I do not know of any team off the top of my head like that.

#6

You’re looking for a pen tester (penetration), that’s a proper skill that comes with some cost :wink:

If you don’t want to pay the monies (or not that much), I would at least start with the snyk report (recommended by @bradbrd992, or other services) and pin down the reported issues so you’re getting the basics done. I wouldnt ask a pen tester pushing your app to the limits if the doors are open anyways.

You might not be able to address some of the (perhaps major) issues, due to the nature of Wappler as a code generator and the used libraries. It’s just not under your control.

/heiko

2 Likes