Abstract
The implementation of security measures in IT directorates within Higher Education Institutions (IES) have increased in recent years due to a high rate of cyber attacks aimed at finding vulnerabilities in their Web services and communication networks, with an emphasis on government segments and strategic institutions such as HEIs. The objective of this research is to generate policies, protocols and an information assurance plan based on methodologies controlled in terms of security; As well as standards aimed at compliance with information security such as ISO 27001. For this purpose, a controlled scheme of attacks was established for the web server of the Universidad Técnica del Norte (UTN) in which the Offensive Security Methodology) For the execution of a Pentesting establishing improvements in the performance of the web service, as well as the assurance of the same web portal UTN managing to generate processes, policies insurance plans based on the norm ISO 27001 and the migration.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
del Estado FG (2015) Los delitos informáticos van desde el fraude hasta el espionaje - Fiscalía General del Estado, 13 May 2015. https://www.fiscalia.gob.ec/los-delitos-informaticos-van-desde-el-fraude-hasta-el-espionaje/. Accessed 09 Mar 2018
Bracho-Ortega C, Cuzme-Rodríguez F, Pupiales-Yepez C, Suárez-Zambrano L, Peluffo-Ordoñez D, Moreira-Zambrano C (2017) Auditoría de seguridad informática siguiendo la metodología OSSTMMv3 : caso de estudio, Maskana, vol. 8, pp 307–319
Cuzme-Rodríguez F, Suárez-Zambrano L, Bracho-Ortega C, Pupiales-Yepez C (2017) DISEÑO DE POLÍTICAS DE SEGURIDAD DE LA INFORMACIÓN BASADO EN EL MARCO DE REFERENCIA COBIT 5. In: Innovando Tecnología, UTN, Ibaquingo D, Guevara C, Arciniega S, Pusdá M, Granda P (eds) Ibarra, pp 129–137
Rocha Haro CA (2011) La Seguridad Informática. Rev Cienc Unemi 4(5):26–33
Valdez Alvarado A (2013) OSSTMM 3. Rev Boliv 8:29–30
Valencia Blanco LS (2013) Metodologías Ethical Hacking. Rev Boliv 8:27–28
López Neira A, Ruiz Spohr J (2013) ISO27000.es - El portal de ISO 27001 en español. Gestión de Seguridad de la Información. http://www.iso27000.es/iso27000.html. Accessed 9 Mar 2018
Rojas D (2014) HACKEO ETICO EN EL ECUADOR “El Hacking Ético en el Ecuador, es legalmente posible”
Isaza Villar MA (2013) La Seguridad Informática Hoy, 19 February 2013. https://seguridadinformaticahoy.blogspot.com/2013/02/metodologias-y-herramientas-de-ethical.html. Accessed 12 Mar 2018
Domínguez HM, Maya EA, Peluffo DH, Crisanto CM (2016) Vulnerar servicios con métodos de autenticación simple ‘Contraseñas’, pruebas de concepto con software libre y su remediación, Maskana, vol. 6, pp 87–95
Kali Tools (2014) Fierce|Penetration testing tools. https://tools.kali.org/information-gathering/hping3. Accessed 25 Aug 2018
López de Jimenez RE (2016) Pentesting on web applications using ethical – hacking. In: 2016 IEEE 36th central American and Panama convention (CONCAPAN XXXVI), pp 1–6
Elhacker.net, Introducción a los Web Application Firewalls (WAF) - wiki de elhacker.net. http://wiki.elhacker.net/seguridad/web/introduccion-a-los-web-application-firewalls-waf. Accessed 9 Mar 2018
Acknowledgment
To the Department of Technological and Computer Development of the Universidad Técnica del Norte for the trust of its leaders in allowing the development and implementation of research through Ethical Hacking.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Cuzme-Rodríguez, F., León-Gudiño, M., Suárez-Zambrano, L., Domínguez-Limaico, M. (2019). Offensive Security: Ethical Hacking Methodology on the Web. In: Botto-Tobar, M., Barba-Maggi, L., González-Huerta, J., Villacrés-Cevallos, P., S. Gómez, O., Uvidia-Fassler, M. (eds) Information and Communication Technologies of Ecuador (TIC.EC). TICEC 2018. Advances in Intelligent Systems and Computing, vol 884. Springer, Cham. https://doi.org/10.1007/978-3-030-02828-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-02828-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02827-5
Online ISBN: 978-3-030-02828-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)