Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/132609
|Penetration testing: auditoría profesional
|Núñez Alcalá, Carlos
Esteban Grifoll, Juan Ramón
|The following document presents the required methodology to perform a professional penetration testing audit. Its goal is to find vulnerabilities within the information systems and solve them before they are found by third parties. Therefore, this type of audit should be considered by any company that wants to guarantee the integrity of their information systems. Due to this audit s intrusive nature, some legal aspects have been considered to make sure that all work is done within the law. At the same time, it is necessary that an adequate working contract is prepared containing the assignment´s scope. To ease the understanding of the audit, every required phase for the execution of the assignment has been explained in detail. Also, a list with the most used tools by penetration testers has been included. After the scope and working tools have been described, the project continues with the creation of a virtual lab. In the lab there are several vulnerable machines that will serve as an example to show all the phases from the audit and to experiment with some of the tools. With this approach, it is intended to simulate an audit within a small company. Lastly, the report is the final product that is delivered to the client. It includes the results of the audit together with some recommendations to solve the vulnerabilities that have been found.
|Appears in Collections:
|Trabajos finales de carrera, trabajos de investigación, etc.
Files in This Item:
|Presentación del TFG
|Memoria del TFG
|Anexo del TFG