Abstract

CORONEL SUAREZ, Iván Alberto  and  QUIRUMBAY YAGUAL, Daniel Ivan. Computer security, methodologies, standards, and management framework in an approach to web applications. RCTU [online]. 2022, vol.9, n.2, pp.97-109. ISSN 1390-7697.  https://doi.org/https://doi.org/10.26423/rctu.v9i2.672.

There are various methods for evaluating the security of Web applications, most of which rely on automated scanning technicians. The goal of this research is to address the fundamental concepts required to understand computer security issues in information systems and services, with a focus on penetration tests in web applications. Methodologies that can be applied and reference frameworks that must be taken into account in the application development life cycle are addressed; additionally, descriptive tables of the methodologies used in pen-testing tests are provided, finally reaching the ISO/IEC 27000 family, leaving a brief description of the same and the use it gives in ISMS implementations, information security evaluations and audits.

Keywords : cybersecurity; ISSAF; OWASP; OSSTMM.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )