What are the security gaps that you know about bayt.com site ?

I do know some of the security breaches on bayt.com, but I would rather not like to share in public. I am a cyber security researcher so if you really want to know some of them ping me or reach me by email.

my email is

 

be sure ,If there is gap, I will not tell that for public ;)

 

And I think you just find one

on top of my mind1- The website doesn't use SSL after authentication 'although it uses it during authentication' , so basically it is vulnerable to session hijacking and side jacking attacks2- The password characters are limited to specific characters which suggest that the passwords are stored plain in database I have never done a Vulnerability Scanning since to bayt.com but that's a few of the obvious things, I did look for XSS or CSRF or stuff like that in it

I think this is not a safe way to discuss such matters. Any way SSL absence is a security risk to your site.

 

Regards

Basm allah alrahman alrahim

 

But with similar to danial [ DoSS ] , all the members will do and they will be forced to do , if there any , why ?

Basm allah alrahman alrahim

 

some attention to what I am doing there are a lot of bugs here and no one respond ??? !

your code source is not encrypted so its kind of easy to locate strong characters and variables that may use in hijacking plus there are no SSL. 

 

Basm allah alrahman alrahim

 

Of course you will not say because you are a bayt.com Engineer , but others will do , and you must work hard to prevent your website from attackers , i am try to help by force

If you want to improve the security of your site, here are some articles that I wrote. I haven't scanned your site, but there is always something that can be done to improve security.

http://MaxMeinhardt.com/category/software-engineering/web-security/

 

BTW, I am looking for employment in the UAE, Qatar, or Bahrain.