Application of cybersecurity testing for institutional websites
Article Sidebar
Main Article Content
Abstract
As part of the institutional services provided by the Dirección General de Cómputo y de Tecnologías de Información y Comunicación to the university's IT community, a web penetration testing service is offered. These tests are part of the security measures that help strengthen the protection of websites, end users, and the information they handle. The methodology used for conducting the tests is an adaptation of existing industry methodologies, combining the execution of automated tools with manual review by the team. The results obtained are weighted according to the Common Vulnerability Scoring System calculator of the Forum of Incident Response and Security Teams to establish their level of criticality. As a result of providing this service, various university entities are supported in strengthening the security not only of their web applications but also of the environment in which they are deployed and the information they handle. The importance of conducting web security tests can be seen in the increase in reviews carried out in the 2024-2025 period, especially in follow-up reviews, highlighting the interest on the part of university entities in improving this aspect of the technological infrastructure they manage for the benefit of the university community.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Este trabajo tiene la licencia CC BY-NC-ND 4.0
References
Bertoglio, D. D., & Zorzo, A. F. (2017). Overview and open issues on penetration test. Journal of the Brazilian Computer Society, 23(1), 2. https://doi.org/10.1186/s13173-017-0051-1 DOI: https://doi.org/10.1186/s13173-017-0051-1
Forum of Incident Response and Security Teams. (2025). Common Vulnerability Scoring System Version 3.1 Calculator. Recuperado de https://www.first.org/cvss/calculator/3-1/
Khamdamov, R. K., & Ibrokhimov, A. (2021). Techniques and methods of black box identifying vulnerabilities in web servers. En 2021 International Conference on Information Science and Communications Technologies (ICISCT) (Vol. 00, pp. 1–4). IEEE. https://doi.org/10.1109/ICISCT52966.2021.9670263 DOI: https://doi.org/10.1109/ICISCT52966.2021.9670263
Moreno, A. C., Hernandez-Suarez, A., Sanchez-Perez, G., Toscano-Medina, L. K., Perez-Meana, H., Portillo-Portillo, J., Olivares-Mercado, J., & García Villalba, L. J. (2025). Analysis of Autonomous Penetration Testing Through Reinforcement Learning and Recommender Systems. Sensors, 25(1), 211. https://doi.org/10.3390/s25010211 DOI: https://doi.org/10.3390/s25010211
Open Web Application Security Project. (s. f.). OWASP Web Security Testing Guide. OWASP. https://owasp.org/www-project-web-security-testing-guide/
Penetration Testing Execution Standard. (s. f.). Penetration Testing Execution Standard (PTES). https://www.pentest-standard.org/index.php/Main_Page
Tudosi, A.-D., Graur, A., Balan, D. G., & Potorac, A. D. (2023). Research on Security Weakness Using Penetration Testing in a Distributed Firewall. Sensors, 23(5), 2683. https://doi.org/10.3390/s23052683 DOI: https://doi.org/10.3390/s23052683
Umeugo, W., Lowrey, K., & Pandya, S. Y. (2023). Factors affecting the adoption of secure software practices in small and medium enterprises that build software in-house. International Journal of Advanced Research in Computer Science, 14(2), 1–8. https://doi.org/10.26483/ijarcs.v14i2.6955 DOI: https://doi.org/10.26483/ijarcs.v14i2.6955
Universidad Nacional Autónoma de México, Dirección General de Cómputo y de Tecnologías de Información y Comunicación. (2022). Lineamientos de seguridad de la información en sitios web de la UNAM. Red de responsables TIC. https://www.red-tic.unam.mx/recursos/2022/2022_Lineamientos_DGTIC_02.pdf