Buenas prácticas de seguridad en el sistema de estafetas de la Dirección de Desarrollo Académico en la Escuela Superior Politécnica de Chimborazo.

Abstract

In the present degree work, good security practices in the maintenance of the courier system, of the Direction of Development at Escuela Superior Politécnica de Chimborazo, were applied to influence in the level of vulnerability. In the first instance, the evaluation of the security of the system using the Pentesting technique was carried out, in accordance with the CIA (Confidentiality, integrity and availability) indicators defined by the ISO 27001. When verifying the need for a secure computer system, it was proceeded with its maintenance through the agile SCRUM methodology combined with the IEEE 1219 standard, performing the corresponding preliminary analysis, planning and maintenance. Once carried out the maintenance and to determine the influence of it, the Pentesting technique was applied, from the initial set of attacks, 6 were selected which were cross site scripting, SQL Injection, cross site request forgery, cross directory, buffer overflow and cryptographic interception and they were applied to 23 functionalities that represent the courier system and with the evaluation of the CIA indicators. The results obtained by applying the chi square statistical technique with 95% confidence and an error of 5% determined that the alternative hypothesis is accepted, which states that the use of good security practices in maintenance influences the vulnerability of the system of couriers; with an initial vulnerability value of 54% and a final value of 20%, it is concluded that the level of vulnerability of the courier system was positively influenced, since its security was improved by 34%. It is recommended the use of the manual of good security practices in the development or maintenance of computer systems to safeguard the stored data in a better way.