Resumen

GONZALEZ BRITO, Henry Raúl  y  MONTESINO PERURENA, Raydel. Capabilities of penetration test methodologies to detect frequent vulnerabilities of web applications. Rev cuba cienc informat [online]. 2018, vol.12, n.4, pp. 52-65. ISSN 2227-1899.

The study analyzes the capabilities for vulnerability detection in web applications that propose the main methodologies of intrusion tests. The objective was to determine the validity of the procedures, tools and tests proposed in the ISSAF, OSSTMM, OWASP, PTES and NIST SP 800-115 methodologies to address the current challenges of cybersecurity in the development and maintenance of Web applications. The OWASP vulnerability reports issued between 2003 and 2017 and the documentation of each intrusion methodology were taken as a base for comparison. A qualitative comparison scale was developed and its application showed that the most complete is OWASP Test Guide followed by the ISSAF methodology. However, no methodology proved to be able to provide security methods, tools or tests to detect all current vulnerabilities. The results show the need for a process of adaptation and complementation of existing methodologies.

Palabras clave : computer security; OWASP; penetration test; vulnerability analysis; web application.

        · resumen en Español     · texto en Español     · Español ( pdf )