Análisis de vulnerabilidades de la aplicación Quipux mediante la herramienta OWASP ZAP aplicado al Gobierno Autónomo Descentralizado de la provincia del Carchi
Information security seeks to safeguard the integrity of data, prevent unauthorized access to systems and avoid disclosure or compromise. This research project seeks to mitigate vulnerabilities that exist in one of the internal applications that are being implemented in the Decentralized Autonomous...
Salvato in:
| Autore principale: | |
|---|---|
| Natura: | bachelorThesis |
| Pubblicazione: |
2023
|
| Soggetti: | |
| Accesso online: | https://repositorio.puce.edu.ec/handle/123456789/43006 |
| Tags: |
Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
|
Aggiungi Tag | Riassunto: | Information security seeks to safeguard the integrity of data, prevent unauthorized access to systems and avoid disclosure or compromise. This research project seeks to mitigate vulnerabilities that exist in one of the internal applications that are being implemented in the Decentralized Autonomous Government of the Province of Carchi (GADPC). The methodology adopted includes several stages. First, the security management in the environment of this governmental entity is analyzed to understand its approach and needs. Subsequently, an exhaustive analysis of the Quipux source code is carried out, using the techniques and standards established by OWASP. The synthesis of results is based on the review of the scan reports, which detail the vulnerabilities and errors identified in the management application. Through this evaluation, it is possible to determine that the execution of a pilot using the OWASP ZAP tool allows an accurate identification of the vulnerabilities present in Quipux, according to the critical security levels prevailing in the web application under analysis. In this sense, the proposed approach reveals areas for improvement in terms of security and offers concrete recommendations to mitigate the vulnerabilities discovered in the application used by GADPC. |
|---|