Análisis de vulnerabilidades y pruebas de estrés al sistema académico de la Escuela Superior Politécnica de Chimborazo

Abstract

The objective of this curricular integration work was to carry out vulnerability analysis and execute stress tests to the academic system of the Escuela Superior Politécnica de Chimborazo (ESPOCH) to improve security and performance. The descriptive method was used and several reliable documents were reviewed to know the characteristics of the Open Web Application Security Project (OWASP) methodology, which allowed defining the phases of vulnerability analysis and the stages of stress tests. The OWASP ZAP tool was used to detect vulnerabilities, while Apache JMeter was used to execute the stress tests. Finally, an exhaustive review of reliable documentation was carried out to propose the best practices that allow mitigating the vulnerabilities found and improving the security of the academic system. Likewise, an analysis of the results of the stress tests was carried out, which showed that the academic system responds adequately despite the number of requests sent, however, not all the requests that are generated in the enrollment process were considered. otherwise the system would collapse. Furthermore, it is recommended to increase a backup node for each module of the academic system. It is concluded that it is important to apply the best practices and strategies proposed in this paper to improve the security and performance of the institutional academic system. It is recommended to perform vulnerability scans periodically to verify the security of the system.