Sarthak Arora identified and reported a critical security misconfiguration in NASA's web application through Bugcrowd. The vulnerability, caused by the absence of an X-Content-Type-Options HTTP header, increased the risk of Cross-Site Scripting (XSS) attacks.
Schools
Image
Unique URL
/student-achievements/sarthak-arora
Components
Banner Items
Title
Reported Vulnerability in NASA Web Application
Image
Tag
School of Computer Science
Mobile Image
Description
Sarthak Arora
Title
Sarthak Arora - Achievement
Html Type
Main Heading Content
HTML Content
As part of his participation in the Bugcrowd program, Sarthak Arora submitted a comprehensive security report for NASA's web application to NASA. The vulnerability was categorized as a "Server Security Misconfiguration" due to the absence of X-Content-Type-Options HTTP response header. This lack of the header significantly increased the web application’s exposure to MIME type sniffing, which could potentially lead to Cross-Site Scripting (XSS) attacks. Such attacks can undermine the integrity of web applications by injecting malicious scripts, potentially exposing sensitive user data.
To aid in the assessment of the vulnerability, Sarthak utilized industry-standard tools like Burp Suite. The report provided detailed steps to reproduce the issue, showing how the absence of the X-Content-Type-Options header in HTTP responses could compromise web security. The discovery of this vulnerability was crucial for enhancing the overall security posture of NASA’s web infrastructure.
Html Type
Detail Content
Canonical URL
https://www.upes.ac.in/student-achievements/sarthak-arora
SEO Description
Explore the achievement of Sarthak Arora at UPES School of Computer Science, who identified and reported a critical security misconfiguration in NASA's web application. Read More!
SEO Title
Sarthak Arora - Student Achievement | UPES
Weight
0
No Index
0