NASA needs to put in urgent efforts on its patching process to get rid of vulnerabilities.

Indian Firm, Secfence Technologies highlighted that even though NASA has been working on patching weaknesses on its website, there are still ways attackers are using its public websites to send malicious code to unsuspecting users.

The global IT security has been seeing a fast-paced growth over the years, given the changing circumstances. With new players emerging, like the Indian start-up “Secfence Technologies,” headed by Atul Agarwal, its main focus is on concealing attacks and hiding tracks to counter cyber-attacks.

Experts at the Information Security company based out of New Delhi, India, “Secfence,” provided a few examples, where they identified NASA’s vulnerability as their public websites contained XSS weaknesses. These Cross-Site Scripting (XSS) attacks are the ones in which malicious scripts are injected into otherwise trusted websites. This malicious script can access cookies, session, or even sensitive information retained by browsers and used with that site.

The first XSS weakness was identified on the PDS domain which hosts The Planetary Data System, where attackers can perform various JavaScript-based attacks by cleverly designing URL links and webpages that look similar to the legitimate NASA website, but in reality, can host phishing forms and even acquire user passwords and other information.

The Goddard Space Flight Center was the second domain found to be vulnerable. In this case, with little social engineering, attackers can alter portions of the webpage to display random content.

Secfence hopes to approach this as a means for NASA to rush the patching process and make their websites safer for users.