TopFlow
LearnBuildSecurity
DocsSecurityValidations

12 Security Validations

Every workflow is automatically analyzed against these 12 comprehensive security rules. Real-time validation helps you identify and fix issues before deployment.

Security score is calculated as: (Passed Rules / Total Rules) × 100. Critical failures may prevent deployment.
SSRF Prevention
critical
Blocks Server-Side Request Forgery attempts targeting internal networks and cloud metadata endpoints.

Validation Checks:

  • Private IP ranges (10.x, 172.16.x, 192.168.x)
  • Localhost and loopback addresses
  • Cloud metadata services (169.254.169.254)
  • Internal DNS resolution
PII Detection
critical
Identifies personally identifiable information in prompts and outputs.

Validation Checks:

  • Email addresses
  • Phone numbers
  • Social Security Numbers
  • Credit card numbers
  • IP addresses
Prompt Injection
high
Detects attempts to manipulate AI behavior through malicious prompts.

Validation Checks:

  • Ignore previous instructions patterns
  • System message override attempts
  • Jailbreak techniques
  • Role-playing exploits
API Key Security
critical
Validates proper API key storage and encryption.

Validation Checks:

  • No hardcoded keys in code
  • AES-256-GCM encryption at rest
  • Secure key rotation
  • Access control validation
Input Validation
high
Ensures all inputs are properly validated and sanitized.

Validation Checks:

  • Schema validation
  • Type checking
  • Size limits
  • Character encoding
Output Sanitization
medium
Prevents XSS and injection attacks in outputs.

Validation Checks:

  • HTML entity encoding
  • Script tag removal
  • SQL injection prevention
  • Command injection blocks
Rate Limiting
medium
Protects against abuse and DOS attacks.

Validation Checks:

  • Request throttling
  • Per-user limits
  • Burst protection
  • Cost management
Secure Connections
high
Enforces HTTPS for all external communications.

Validation Checks:

  • TLS 1.2+ required
  • Certificate validation
  • No mixed content
  • HSTS headers
Data Retention
medium
Manages data lifecycle and compliance.

Validation Checks:

  • Retention policies
  • Automatic purging
  • Audit logging
  • GDPR compliance
Safe Code Execution
critical
Sandboxes JavaScript execution in workflows.

Validation Checks:

  • No filesystem access
  • No network calls
  • Memory limits
  • Timeout enforcement
Third-Party Risk
medium
Assesses risks from external integrations.

Validation Checks:

  • Service reputation
  • SLA compliance
  • Data processing agreements
  • Security certifications
Audit Logging
high
Comprehensive logging for compliance and forensics.

Validation Checks:

  • All actions logged
  • Tamper-proof storage
  • Retention compliance
  • Search and export
Understanding Your Security Score
How validation results impact your score
0-59
Failed
Critical issues must be resolved
60-79
Warning
Review recommended before deployment
80-100
Passed
Ready for production