SciELO - Scientific Electronic Library Online

vol.9 número1Un modelo práctico para realizar auditorías exhaustivas de CiberseguridadArquitectura Flexible Basada en ISA-88 para el Diseño del Diagrama de Control de Ejecución en Aplicaciones Distribuidas mediante IEC-61499 índice de autoresíndice de materiabúsqueda de artículos
Home Pagelista alfabética de revistas  

Servicios Personalizados




Links relacionados

  • No hay articulos similaresSimilares en SciELO


Enfoque UTE

versión On-line ISSN 1390-6542versión impresa ISSN 1390-9363


ASTUDILLO, Catalina et al. Attacking an ERP with Open Source Software. Enfoque UTE [online]. 2018, vol.9, n.1, pp.138-148. ISSN 1390-6542.

Information security is a growing concern in companies and organizations, being even higher when linked to financial platforms where sensitive information exists. This article explains the techniques used in the pentesting performed on the ERP software developed in APEX 5 by the University of Azuay. To achieve this goal, six stages has been considered for perform a penetration test: I) Conceptualization, where is defined the scope of the tests to be performed. II) Preparation of the laboratory, which identifies some of the tools used to initiate the safety tests. III) Obtaining of information, where the possible objects are recognized and scanned in greater depth to identify intrinsic characteristics for subsequently exploit them. IV) Analysis of the vulnerabilities found in the previous stage. V) Exploitation of vulnerabilities; and VI) Post-exploitation, a stage that contemplates the destruction of evidence of the attack and the conservation of the connection and the accesses obtained to extract information. All these stages were carried out within the facilities of the “Universidad del Azuay”, considering the development environment in which this software is currently located.

Palabras clave : Pentesting; IT Security; Hacking; ERP; APEX..

        · resumen en Español     · texto en Español     · Español ( pdf )