Offensive Security: Ethical Hacking Methodology on the Web

Abstract

The implementation of security measures in IT directorates within Higher Education Institutions (IES) have increased in recent years due to a high rate of cyber attacks aimed at finding vulnerabilities in their Web services and communication networks, with an emphasis on government segments and strategic institutions such as HEIs. The objective of this research is to generate policies, protocols and an information assurance plan based on methodologies controlled in terms of security; As well as standards aimed at compliance with information security such as ISO 27001. For this purpose, a controlled scheme of attacks was established for the web server of the Universidad Técnica del Norte (UTN) in which the Offensive Security Methodology) For the execution of a Pentesting establishing improvements in the performance of the web service, as well as the assurance of the same web portal UTN managing to generate processes, policies insurance plans based on the norm ISO 27001 and the migration.