Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What are the security gaps that you know about bayt.com site ?

user-image
Question added by Deleted user
Date Posted: 2015/10/09
Deleted user
by Deleted user

I do know some of the security breaches on bayt.com, but I would rather not like to share in public. I am a cyber security researcher so if you really want to know some of them ping me or reach me by email.

my email is

 

Ibrahim Magdy
by Ibrahim Magdy , Advanced Senior Software Engineer , Honeywell

on top of my mind1- The website doesn't use SSL after authentication 'although it uses it during authentication' , so basically it is vulnerable to session hijacking and side jacking attacks2- The password characters are limited to specific characters which suggest that the passwords are stored plain in database I have never done a Vulnerability Scanning since to bayt.com but that's a few of the obvious things, I did look for XSS or CSRF or stuff like that in it

Hesham Hussain
by Hesham Hussain , Web Designer & Developer , Web Design & Develop

Basm allah alrahman alrahim

 

some attention to what I am doing there are a lot of bugs here and no one respond ??? !

Mustafa Mohamed
by Mustafa Mohamed , IT Project Manager , Modern Power Marine Services co

your code source is not encrypted so its kind of easy to locate strong characters and variables that may use in hijacking plus there are no SSL. 

 

hesham hussain
by hesham hussain , s , Web Design & Develop

Basm allah alrahman alrahim

 

Of course you will not say because you are a bayt.com Engineer , but others will do , and you must work hard to prevent your website from attackers , i am try to help by force

Max Meinhardt
by Max Meinhardt

If you want to improve the security of your site, here are some articles that I wrote. I haven't scanned your site, but there is always something that can be done to improve security.

http://MaxMeinhardt.com/category/software-engineering/web-security/

 

BTW, I am looking for employment in the UAE, Qatar, or Bahrain.

hesham hussain
by hesham hussain , asdf , Web Design & Develop

Basm allah alrahman alrahim

 

But with similar to danial [ DoSS ] , all the members will do and they will be forced to do , if there any , why ?

Muhammad Ahmed Raza
by Muhammad Ahmed Raza , Web Developer & Technical Support Head , Ninja Softs (Private) Limited

I think this is not a safe way to discuss such matters. Any way SSL absence is a security risk to your site.

 

Regards

More Questions Like This