Recent projects

Projects in progress

Reporting Security Issues

iPay and its employees take security very seriously. To make our products as secure as they can be, we invite anyone that finds a potential security risk or data leak to disclose it in a responsible way to the e-dheba Security Team. We ask everyone that finds an issue to follow the guidelines below:
  • Only access or expose your own data.
  • If you happen to access or expose other data, report it to us as soon as possible. Do not attempt any further exploits at this point.
  • Avoid tools or techniques that can degrade the service for other customers.
  • Don’t disclose vulnerabilities to anyone but E-dheba.

What We Are Looking For

While we take every submission seriously, a lot of submissions are trivial and have very little effect on the security of e-dheba and our customers. Below we list things that we are specifically interested in:
  • Remote code execution in any of our client applications or in our cloud infrastructure
  • Privilege escalation attacks against our cloud infrastructure
  • Authentication attacks
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)

Examples of non-qualifying submissions:

  • Denial of Service vulnerabilities (DoS)
  • Possibilities to send malicious links to people you know
  • Security bugs in third-party sites and software that integrate with E-dheba (this includes WordPress issues, unless related to account creation or authentication)
  • Insecure cookie handling
  • Spam or social engineering techniques

Reproducibility

In order to qualify for any kind of reward, our engineers have to be able to reproduce the problem. So, please be explicit in your report, since this will save everyone’s time.

How to Submit Your Report

Please use the information here to report a potential security issue to e-dheba:
1. Write to our Security team at mail@edheba.com.
2. Be sure to include relevant details in the report, such as platform, app/server version, necessary conditions for the exploit to work, a description with proof of concept or exploit code, the impact of the issue if exploited, etc.
3. Do not contact individual e-dheba employee directly.
4. Report only one vulnerability per email.
5. Only submissions to this email address directly will be eligible for rewards.
If we have any questions related to the report, we’ll be sure to let you know. Thanks for helping us make e-dheba SuperApp more secure for everyone!