Resumo

GONZALEZ BRITO, Henry Raúl; MONTESINO PERURENA, Raydel  e  GAINZA REYES, Dainys. Security Risks in Web Penetration Testing. Rev cuba cienc informat [online]. 2021, vol.15, n.4, suppl.1, pp. 225-243.  Epub 01-Dez-2021. ISSN 2227-1899.

This paper systematizes the main security risks that may be associated with penetration testing in web applications. Bibliographic sources and reports of a high scientific and technical level were consulted for the study. Thirty-one risks were identified and described, classified into two groups: those associated with direct damage to the confidentiality, integrity and availability of web application information and those related to the performance of a deficient penetration test and whose partial results also indirectly affect the security of web portals, the latter were divided into risks of scope and time, technological infrastructure and personnel. For the treatment of the described risks, a set of 14 basic recommendations is provided for the conformation of a mitigation strategy according to the existing test scenarios. It also focuses on how to apply automated vulnerability assessment tools to limit damage to web applications. The results achieved are highly relevant given the need for those involved in penetration testing processes to have a conceptual starting point that favors the treatment of risks and better contextualizes the decisions taken in order to solve the security vulnerabilities found through this type of security assessment.

Palavras-chave : penetration testing; risk mitigation; security risks; web applications; web security.

        · resumo em Espanhol     · texto em Espanhol     · Espanhol ( pdf )