Skip to main content
Firebase Security Guide
Q&AFirebase

How can I test Firebase Security Rules?

Firebase provides the Rules Playground in the Firebase Console where you can simulate read and write operations against your security rules with different authentication states. The Firebase Emulator Suite lets you test rules locally with unit tests using the @firebase/rules-unit-testing library. You should test that unauthenticated requests are denied, that users cannot access other users data, and that write validation rules reject malformed data. The Firebase CLI also supports deploying rules independently for testing before production rollout. UNPWNED performs automated external testing of your Firebase security rules to catch misconfigurations that local testing might miss.

Check your Firebase app now

Run free security scan

Last reviewed: 2026-04-07. Based on publicly available security research and UNPWNED scan telemetry.

Related Questions

How do I secure Firestore properly?What are the security best practices for Firebase?

More Firebase Security Questions

Are Firebase Security Rules secure by default?Is the Firebase API key a secret?How do I secure Firestore properly?How do Firebase Storage Security Rules work?Can Firebase apps be hacked?How secure is Firebase Authentication?