Skip to main content
Noah provides built-in security tools to help you build and deploy secure applications — from smart contract auditing to code review and API key protection. These tools are designed to catch common security issues during development, before your app goes live.

How Noah Keeps Your Apps Secure

Noah helps secure your applications across multiple layers:

Smart Contract Auditing

Generate security audit reports for your smart contracts before deploying to Mainnet

Code Security Review

Analyze your application code for vulnerabilities, insecure patterns, and dependency risks

API Key & Secrets Protection

Keep API keys and credentials secure with proper secret management

Data & Privacy

Understand how Noah handles your data, code, and privacy

Security Across the Stack

Noah applications typically span frontend code, backend logic, database access, and smart contracts. Each layer has its own security considerations.

Smart Contracts

Smart contract vulnerabilities can lead to irreversible loss of funds. Noah provides:
  • Automated audit reports — Generate a downloadable PDF security assessment before deployment
  • Common vulnerability detection — Catches issues like reentrancy, unchecked math, missing access controls, and improper PDA validation
  • Devnet-first testing — Always test on Devnet before deploying to Mainnet

Application Code

Web applications introduce risks through insecure input handling, broken authentication, and exposed secrets. Noah helps by:
  • Conversational security reviews — Ask Noah to review your app’s security at any time in chat
  • Secure code generation — Noah follows security best practices when generating code
  • Edge function support — Keep sensitive logic server-side with Supabase Edge Functions

Database Security

When connected to Supabase, your database needs proper access controls:
  • Row-Level Security (RLS) — Noah can help you configure RLS policies so users only access their own data
  • Secure schema design — Ask Noah to review your database structure for security gaps

API Keys & Secrets

Exposed API keys are one of the most common security mistakes:
  • Secret management — Store credentials securely, not in client-side code
  • Server-side API calls — Use Edge Functions to keep sensitive operations server-side

Security Best Practices

Always test smart contract interactions, wallet connections, and token operations on Devnet first. This prevents real fund loss while you debug.
Generate an audit report for smart contracts and request a security review for application code before going live.
If your app uses Supabase, configure Row-Level Security policies to control data access at the database level.
Never hardcode API keys in frontend code. Use Supabase Edge Functions or environment variables for sensitive credentials.
Regularly update npm packages to patch known vulnerabilities. Ask Noah to check your dependencies for security issues.
Security is not a one-time check. Re-run audits and reviews after major changes, especially to authentication, permissions, or token flows.

Conversational Security Reviews

You can ask Noah to perform a security review at any time by prompting in chat. For example:
“Review my app’s security”
“Check if my smart contract has any vulnerabilities”
“Are my RLS policies configured correctly?”
“Review the authentication flow in my app”
Noah will analyze your project and respond with findings, recommendations, and specific fixes you can apply.

FAQ

Noah’s automated tools provide a strong baseline for identifying common issues. For Mainnet deployments handling significant funds, consider a full manual review from a professional auditor as an additional layer of assurance.
Generating smart contract audit reports and using built-in security tools does not consume extra credits beyond normal usage. Conversational security reviews in chat consume credits like regular messages.
Yes. When Noah identifies security issues, it can apply fixes directly to your code. Always review and test the changes before deploying.