Undertaking an ERP: Evaluating the security of apex 5 developed software

Abstract:

Actually, information security is an increasing concern in organizations and enterprises, higher even in financial platforms, where resides a big amount of sensible data. In this paper, we contemplate the different techniques used in the pentesting performed into the server that hosts the software and the ERP software, developed by Universidad del Azuay, using APEX 5 as development platform, including the six penetration test stages: I) conceptualization, stage that allows defining the scope of the tests to be performed. II) Preparation of the laboratory, which defines some of the tools that we used to initiate security tests. (III) Obtaining information, that refers to the stages of recognition and scanning, in which possible objectives will be identified and then to explore in greater depth some intrinsic characteristics that can be exploited. (IV) Analysis of the vulnerabilities encountered in the previous stage. (V) Exploitation of those vulnerabilities through the selection of appropriate tools to achieve this purpose. And vi) The post-exploitation stage, where the destruction of evidence of attack, the conservation of the connection and the accesses obtained to extract information are contemplated; tests explained here were carried out within the facilities of the Universidad del Azuay, considering the development environment in which the ERP project is currently located.

Año de publicación:

2018

Keywords:

• HACKING
• information security
• APEX
• Erp
• Pentesting

Fuente:

google

scopus