Implementación de controles de seguridad en sitios web contra ataques informáticos

Abstract

In the knowledge society, computer potentials are lent, in the gestation and development of professions, society, culture and integration of virtual processes in daily activities; highlighting the websites that, because they are online systems, present vulnerabilities and threats that could harm organizations, due to the constant theft of information, extortion, espionage, among others; because of this problem, the relevant documentation presents the simulation of attacks and computer controls that mitigate the impact of these threats, following the recommendations imposed by the Open Web Application Security Project (OWASP), in which scenarios of the attacks of entities were raised. External XML, loss of access control and incorrect security settings, using the computer audit tools solved in Kali Linux as Nmap for port scanning, Ettercap with respect to connection interceptions and Burpsuite to intermediate data traffic in navigation. The results show the interaction between the system and the execution of the attacks, after implementing the controls through the use of libraries, the Address Resolution Protocol (ARP) table and the Fail2ban tool; Affecting the website to improve security.