Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What are the security gaps that you know about bayt.com site ?

user-image
Question ajoutée par Utilisateur supprimé
Date de publication: 2015/10/09
Utilisateur supprimé
par Utilisateur supprimé

I do know some of the security breaches on bayt.com, but I would rather not like to share in public. I am a cyber security researcher so if you really want to know some of them ping me or reach me by email.

my email is

 

Ibrahim Magdy
par Ibrahim Magdy , Senior Full Stack Software Developer , Trustwave

on top of my mind1- The website doesn't use SSL after authentication 'although it uses it during authentication' , so basically it is vulnerable to session hijacking and side jacking attacks2- The password characters are limited to specific characters which suggest that the passwords are stored plain in database I have never done a Vulnerability Scanning since to bayt.com but that's a few of the obvious things, I did look for XSS or CSRF or stuff like that in it

Hesham Hussain
par Hesham Hussain , Web Designer & Developer , Web Design & Develop

Basm allah alrahman alrahim

 

some attention to what I am doing there are a lot of bugs here and no one respond ??? !

Mustafa Mohamed
par Mustafa Mohamed , Project Manager , Saudi Alpha Co Ltd.

your code source is not encrypted so its kind of easy to locate strong characters and variables that may use in hijacking plus there are no SSL. 

 

hesham hussain
par hesham hussain , s , Web Design & Develop

Basm allah alrahman alrahim

 

Of course you will not say because you are a bayt.com Engineer , but others will do , and you must work hard to prevent your website from attackers , i am try to help by force

Max Meinhardt
par Max Meinhardt

If you want to improve the security of your site, here are some articles that I wrote. I haven't scanned your site, but there is always something that can be done to improve security.

http://MaxMeinhardt.com/category/software-engineering/web-security/

 

BTW, I am looking for employment in the UAE, Qatar, or Bahrain.

hesham hussain
par hesham hussain , asdf , Web Design & Develop

Basm allah alrahman alrahim

 

But with similar to danial [ DoSS ] , all the members will do and they will be forced to do , if there any , why ?

Muhammad Ahmed Raza
par Muhammad Ahmed Raza , Web Developer & Technical Support Head , Ninja Softs (Private) Limited

I think this is not a safe way to discuss such matters. Any way SSL absence is a security risk to your site.

 

Regards

More Questions Like This