Skip to main content
SpringerLink
Log in

Offensive Security: Ethical Hacking Methodology on the Web

  • Conference paper
  • First Online:
Information and Communication Technologies of Ecuador (TIC.EC) (TICEC 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 884))

Included in the following conference series:

Abstract

The implementation of security measures in IT directorates within Higher Education Institutions (IES) have increased in recent years due to a high rate of cyber attacks aimed at finding vulnerabilities in their Web services and communication networks, with an emphasis on government segments and strategic institutions such as HEIs. The objective of this research is to generate policies, protocols and an information assurance plan based on methodologies controlled in terms of security; As well as standards aimed at compliance with information security such as ISO 27001. For this purpose, a controlled scheme of attacks was established for the web server of the Universidad Técnica del Norte (UTN) in which the Offensive Security Methodology) For the execution of a Pentesting establishing improvements in the performance of the web service, as well as the assurance of the same web portal UTN managing to generate processes, policies insurance plans based on the norm ISO 27001 and the migration.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. del Estado FG (2015) Los delitos informáticos van desde el fraude hasta el espionaje - Fiscalía General del Estado, 13 May 2015. https://www.fiscalia.gob.ec/los-delitos-informaticos-van-desde-el-fraude-hasta-el-espionaje/. Accessed 09 Mar 2018

  2. Bracho-Ortega C, Cuzme-Rodríguez F, Pupiales-Yepez C, Suárez-Zambrano L, Peluffo-Ordoñez D, Moreira-Zambrano C (2017) Auditoría de seguridad informática siguiendo la metodología OSSTMMv3 : caso de estudio, Maskana, vol. 8, pp 307–319

    Google Scholar 

  3. Cuzme-Rodríguez F, Suárez-Zambrano L, Bracho-Ortega C, Pupiales-Yepez C (2017) DISEÑO DE POLÍTICAS DE SEGURIDAD DE LA INFORMACIÓN BASADO EN EL MARCO DE REFERENCIA COBIT 5. In: Innovando Tecnología, UTN, Ibaquingo D, Guevara C, Arciniega S, Pusdá M, Granda P (eds) Ibarra, pp 129–137

    Google Scholar 

  4. Rocha Haro CA (2011) La Seguridad Informática. Rev Cienc Unemi 4(5):26–33

    Google Scholar 

  5. Valdez Alvarado A (2013) OSSTMM 3. Rev Boliv 8:29–30

    Google Scholar 

  6. Valencia Blanco LS (2013) Metodologías Ethical Hacking. Rev Boliv 8:27–28

    Google Scholar 

  7. López Neira A, Ruiz Spohr J (2013) ISO27000.es - El portal de ISO 27001 en español. Gestión de Seguridad de la Información. http://www.iso27000.es/iso27000.html. Accessed 9 Mar 2018

  8. Rojas D (2014) HACKEO ETICO EN EL ECUADOR “El Hacking Ético en el Ecuador, es legalmente posible”

    Google Scholar 

  9. Isaza Villar MA (2013) La Seguridad Informática Hoy, 19 February 2013. https://seguridadinformaticahoy.blogspot.com/2013/02/metodologias-y-herramientas-de-ethical.html. Accessed 12 Mar 2018

  10. Domínguez HM, Maya EA, Peluffo DH, Crisanto CM (2016) Vulnerar servicios con métodos de autenticación simple ‘Contraseñas’, pruebas de concepto con software libre y su remediación, Maskana, vol. 6, pp 87–95

    Google Scholar 

  11. Kali Tools (2014) Fierce|Penetration testing tools. https://tools.kali.org/information-gathering/hping3. Accessed 25 Aug 2018

  12. López de Jimenez RE (2016) Pentesting on web applications using ethical – hacking. In: 2016 IEEE 36th central American and Panama convention (CONCAPAN XXXVI), pp 1–6

    Google Scholar 

  13. Elhacker.net, Introducción a los Web Application Firewalls (WAF) - wiki de elhacker.net. http://wiki.elhacker.net/seguridad/web/introduccion-a-los-web-application-firewalls-waf. Accessed 9 Mar 2018

Download references

Acknowledgment

To the Department of Technological and Computer Development of the Universidad Técnica del Norte for the trust of its leaders in allowing the development and implementation of research through Ethical Hacking.

Author information

Authors and Affiliations

  1. Carrera de Ingeniería en Telecomunicaciones, Universidad Técnica del Norte, Av. 17 de Julio 5-21 y Gral. José María Córdova, 100105, Ibarra, Ecuador

    Fabián Cuzme-Rodríguez, Luis Suárez-Zambrano & Mauricio Domínguez-Limaico

  2. Carrera de Ingeniería en Electrónica y Redes de Comunicación, Universidad Técnica del Norte, Av. 17 de Julio 5-21 y Gral. José María Córdova, 100105, Ibarra, Ecuador

    Marcelo León-Gudiño

Authors
  1. Fabián Cuzme-Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marcelo León-Gudiño
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luis Suárez-Zambrano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mauricio Domínguez-Limaico
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fabián Cuzme-Rodríguez .

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, Eindhoven University of Technology, Eindhoven, Noord-Brabant, The Netherlands

    Miguel Botto-Tobar

  2. Facultad de Ingeniería, Universidad Nacional de Chimborazo, Riobamba, Ecuador

    Lida Barba-Maggi

  3. Department of Software Engineering, Blekinge Tekniska Högskola, Karlskrona, Blekinge Län, Sweden

    Javier González-Huerta

  4. Facultad de Ingeniería, Universidad Nacional de Chimborazo, Riobamba, Ecuador

    Patricio Villacrés-Cevallos

  5. Escuela Superior Politécnica de Chimborazo, Riobamba, Ecuador

    Omar S. Gómez

  6. Facultad de Ingeniería, Universidad Nacional de Chimborazo, Riobamba, Ecuador

    María I. Uvidia-Fassler

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cuzme-Rodríguez, F., León-Gudiño, M., Suárez-Zambrano, L., Domínguez-Limaico, M. (2019). Offensive Security: Ethical Hacking Methodology on the Web. In: Botto-Tobar, M., Barba-Maggi, L., González-Huerta, J., Villacrés-Cevallos, P., S. Gómez, O., Uvidia-Fassler, M. (eds) Information and Communication Technologies of Ecuador (TIC.EC). TICEC 2018. Advances in Intelligent Systems and Computing, vol 884. Springer, Cham. https://doi.org/10.1007/978-3-030-02828-2_10

Download citation

Publish with us

Policies and ethics

Search

Navigation