Extensión Cañar - Ingeniería de Sistemas
URI permanente para esta colecciónhttps://dspace.ucacue.edu.ec/handle/ucacue/12706
Examinar
Examinando Extensión Cañar - Ingeniería de Sistemas por Materia "Análisis de técnicas para pruebas de ethical hacking-pentesting en sitios web"
Mostrando 1 - 1 de 1
- Resultados por página
- Opciones de ordenación
Ítem Acceso Abierto Análisis de técnicas para pruebas de ethical hacking-pentesting en sitios web(Universidad Catolica de Cuenca extension Cañar, 2021-11-06) Ortiz Padilla, Gerardo Antonio; Flores Urgiles, Cristian Humberto; 030291381-9ABSTRACT The present work analyzes the techniques for the ethical hacking test, pen testing in a website, thus, it is essential to rely on the informatics system safety that uses the instructions to avoid vulnerability in the confidentiality, integrity, and availability of data, blocking out the unauthorized access. The main objective is to analyze the Ethical Hacking-Pen testing. The methodology was based on the different phases of the OWASP Ethical Hacking, which includes the planning, gathering of information, numbering and exploration of vulnerabilities, privilege lifting, and report. The population included a website that was created (DIGI shop). The developing methodology was implemented in the results, starting from the identification of the scope, resources, and metrics. Then, the architecture and the UML diagram of the security were designed. Later, the vulnerabilities were scanned in Kali Linux, where five threats were identified and the exploitation was carried out with the Metasploitable program. Finally, the comparison of ethical hacking techniques according to CVSS parameters was presented and in the last phase, an indicator was established as a measure to measure the level of solution to vulnerabilities. Concluding that the most suitable ethical hacking technique to identify vulnerabilities in the store's website is pentesting SQL injection. Keywords: ethical hacking, pen-testing, website, owasp
