masterThesis
Metodología de hacking ético para instituciones financieras, aplicación de un caso práctico
Fecha
2017Autor
Mora Ortega, Andrés Santiago
Institución
Resumen
Ethical hacking methodologies represent a photography of the state of cybersecurity of an organization at a given time. This paper examines the most used current methodologies such as Open Web Application Security Project Testing Guide, Open Source Security Testing Methodology Manual and Certified Ethical Hacking certification. Within the regulations established in the control entities in Ecuador by resolution of the Banking Board JB-3066 that a vulnerability scan should be carried out at least once a year on different systems like: Core Banking, Online Banking, Mobile Banking, Automated Teller Machines, Points of Sales and Credit Cards as main systems. Focus in their primary systems on the financial institutions, a practical methodology is proposed, in which four main phases are defined: i) Recognition, ii) Discovery, iii) Access, and iv) Maintain Access, emphasizing tests regarding authorization, identification, authentication, cryptography, session management and input validations. In this way, an optimal security examination is carried out, providing an objective view of the vulnerability of the systems.