Análisis de las amenazas, riesgos y vulnerabilidades del portal web del colegio católico José Engling mediante hackeo ético para el diseño y desarrollo de un aplicativo web de monitoreo de incidencias.
The purpose of this degree project is to apply an ethical hacking to the portal web of José Engling Catholic High School, using the methodology of ISSAF (Information Systems Security Assessment System), which allows recognizing the possible threats, risks, and vulnerabilities of this portal web. Fur...
Autor Principal: | Bravo Sánchez, Marco Vinicio |
---|---|
Otros Autores: | Sánchez Prieto, David Alberto |
Formato: | bachelorThesis |
Idioma: | spa |
Publicado: |
2018
|
Materias: | |
Acceso en línea: |
http://dspace.ups.edu.ec/handle/123456789/15860 |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
Sumario: |
The purpose of this degree project is to apply an ethical hacking to the portal web of José Engling Catholic High School, using the methodology of ISSAF (Information Systems Security Assessment System), which allows recognizing the possible threats, risks, and vulnerabilities of this portal web. Furthermore, it helps to identify the security gaps that affect the confidentiality, integrity, and availability of information in the educational community, in order to present a mitigation recommendation plan for incidents in the security area of IT (Information Technology) in this institution.
This process was carried out employing tools to collect information, scan, enumerate, and exploit ethical hacking in controlled penetration tests. It contains a denial of service attacks, port scanning, SQL injection, and brute force for available services (web, database, and email).
Based on the tests, there are the following threats to the security of the web portal: brute force attacks, SQL injection and denial of service.
In addition, a web application was developed to monitor incidents, whose main function is to guarantee the administration and management of incidents, in an agile and adequate manner through a record control process and solution. |
---|