Browsing by Author "Martínez Núñez Bryan Eduardo"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • No Thumbnail Available
    Item
    Auditoría de seguridad web como herramienta de diagnóstico de vulnerabilidades de la página web del Centro de Transferencia de Tecnología - Talleres Tecnológicos de la Facultad de Ingeniería en Sistemas, Electrónica e Industrial
    (Universidad Técnica de Ambato. Facultad de Ingeniería en Sistemas, Electrónica e Industrial. Carrera de Software, 2025-02) Martínez Núñez Bryan Eduardo; Fernández Peña Félix Oscar
    This research aimed to conduct a web security audit using pentesting techniques to detect vulnerabilities in the CTT-TT page of FISEI during the 2024-2025 academic period, applying the CVSS scoring system based on which possible solutions will be proposed to improve computer security. The methodology combined bibliographic, field, and experimental research. Data collection was performed through interviews, direct observation, and specialized tools such as Nessus, ZAP, and OpenVAS. Among the results obtained, critical vulnerabilities were identified, such as the use of an unsupported PHP version (CVSS 10), and configuration issues, including accessible directories, absence of HSTS, insecure HTTP methods (TRACE/TRACK), and clickjacking vulnerabilities. Based on these findings, a proposal was developed to strengthen computer security, which included software updates, disabling HTTP TRACE and TRACK methods, blocking directory browsing, implementing Anti-CSRF Tokens, and data validation and SQL injection prevention. Finally, a new analysis with Nessus showed the elimination of all critical and high vulnerabilities, as well as the mitigation of medium and informational risks. The results highlight the importance of conducting periodic security audits and keeping the system updated to ensure continuous protection of the website