Tesis
Análisis, desarrollo e implementación de un sistema de seguridad para el fortalecimiento de vulnerabilidades e integridad de aplicaciones web académicas.
Fecha
2022-03-15Registro en:
Ramírez Márquez, Jimmy Fernando. (2022). Análisis, desarrollo e implementación de un sistema de seguridad para el fortalecimiento de vulnerabilidades e integridad de aplicaciones web académicas. Escuela Superior Politécnica de Chimborazo. Riobamba.
Autor
Ramírez Márquez, Jimmy Fernando
Resumen
The objective was to design a system to strengthen the security and integrity of academic web applications for the Luis Vargas Torres Technical University (UTELVT). There is no one hundred percent secure web application, it can be said that they all have vulnerabilities and are at risk of attacks that threaten the security and integrity of their information, which is why this quasi-experimental, cross-sectional, descriptive study was carried out in where it seeks to strengthen the security and integrity of academic web applications of the UTELVT. Two (2) were developed different scenarios; in the first, academic web applications in production were analyzed in their current situation, and in the second, a controlled test scenario was used. For the vulnerability scanning in both scenarios, the OWASP methodology was chosen, because it is oriented to web application environments of any type of organization. In addition, the software used for the UTELVT academic web application penetration test was OWASP ZAP. The vulnerabilities found in the first scenario that present a greater risk to the security and integrity of academic web applications of the UTELVT during the scanning using the application OWASP ZAP were of three categories: cryptographic flaws, insecure design, components vulnerable and obsolete according to OWASP 2021. Therefore, in the second scenario, it was designed and implemented a system to strengthen the security and integrity of web applications UTELVT academic institutions, based on safeguards designed from the solutions already established in the OWASP methodology, in addition to the security policies that the safeguards suggest are implemented. It was possible to reduce the probability of occurrence of risks to the web applications of the UTELVT.