Especialización en Seguridad de la Información
URI permanente para esta colección
Examinar
Examinando Especialización en Seguridad de la Información por Materia "Análisis de vulnerabilidades"
Mostrando 1 - 1 de 1
Resultados por página
Opciones de ordenación
- ÍtemAnálisis de vulnerabilidades en el sistema de inventarios Phoenix en una IPS nivel 1.(Fundación Universitaria Los Libertadores. Sede Bogotá., ) Ruíz Cortés, Ricardo Alfonso; Ruíz Cortés, Jhon Carlos; Herrera Herrera, Hector ManuelThis article summarizes the pentesting techniques used in the Phoenix inventory system of a first-level IPS, which is a company's own development based on PHP and Mysql. For this, 3 stages were contemplated: 1. The analysis and identification of the inventory system was carried out using a penetration testing methodology, which included a review of the system documentation, interviews and visits, to determine the impact that could be generated. If a threat materializes, it is based on the ISO 27001:2022 standard, 2. Pentesting and security testing of the web application. The study was carried out using a risk analysis methodology, which included the identification, evaluation and treatment of the identified vulnerabilities. 3. The results of the study showed that the system presented a series of vulnerabilities that could be exploited by attackers to obtain access to confidential information or cause damage to the system. Subsequently, a proposal is generated in which best practices are suggested to mitigate these risks. . It is concluded that preventive and corrective actions must be applied through policies and procedures that must be constantly verified by those responsible for IT and management, making the pertinent updates in each of them, applying the concepts of the PHVA and good practices of ITIL.