| dc.description.abstract | Web applications have been universally accepted by a high number of modern society, in the same way has increased the risks and with it computer attacks, one way to prevent this situation is to detect vulnerabilities that can be exploited by cyber attackers. This is the basis for the present project, which consists of detecting vulnerabilities and establishing controls on the Machala Restaurantes website, which was based on the risks of injection, broken authentication and exposure to sensitive data contained in the OWASP project. The scenario simulation was performed in the GNS3 tool, in which two networks are represented, in the first one the attacker is located and, in the other the server, both are connected by a router. The tools used to exploit vulnerabilities were those of the Kali Linux operating system; sqlmap for sql injection, Burp suite for the broken authentication by brute force, and Wireshark for the capture of sensitive data. Once the attacks were executed, the vulnerabilities of the web site were identified, so controls were established to mitigate risks, in the SQL injection attack the form of access to the database was changed through the use of the ORM of the Django Framework, the broken authentication and exposure of sensitive data were controlled through the implementation of an SSL certificate. Thus, the controls made it possible to provide security for the web application. | |
