Revealing the hidden vulnerabilities of an educational institution's ERP system: facing risk
Main Article Content
Abstract
Introduction: The inappropriate use of information and communication technology tools leads to serious consequences, such as information theft, identity theft, and the commission of cybercrimes, among others. One of the main concerns lies in the use of these tools in the educational field. The improper use of web applications can result in significant losses for companies, such as reputation damage, loss of market share, or lack of competitiveness. Objective: Conduct a vulnerability analysis to identify threats and exposures that the ERP system of a Higher Education Institution may be susceptible to. Methodology: A comprehensive vulnerability analysis was carried out concerning the ERP web platform using useful tools hosted on Kali Linux. These vulnerabilities were evaluated based on their degree of criticality, considering their potential impact on confidentiality, integrity, and availability (CIA), using an unauthenticated analysis topology. Results: A total of 36 identified vulnerabilities are presented, excluding "log" type vulnerabilities. Additionally, a thorough analysis of the web page's security configuration structure is conducted. Conclusion: The comprehensive enumeration of vulnerabilities and deficiencies in the configuration provides a solid foundation for enhancing the security of the ERP system. This information enables the implementation of corrective measures and the application of appropriate protective measures to mitigate the identified risks, these measures would be even more effective with an authenticated topology analysis.
Downloads
Article Details
References
FIRST, Inc. (2023). Common Vulnerability Scoring System v3.1: Specification Document. Common Vulnerability Scoring System v3.1: Specification Document
g0tmi1k. (2022, septiembre 9). KALI. KALI: https://www.kali.org/docs/introduction/what-is-kali-linux/
Greenbone. (2019). OpenVAS. Retrieved Mayo 9, 2023, from https://www.greenbone.net/en/community-edition/
Gupta, B., & Seghal, M. (2020). A methodology for vulnerability assessment of information systems. In In Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution (pp. 107-125). IGI Global.
Hidayatulloh, S., & Saptadiaji, D. (2021). Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP). Jurnal Algoritma, 19(1), 77-86. Retrieved Noviembre 18, 2022, from https://jurnal.itg.ac.id/index.php/index/article/view/827
Inzunza, P. C. (2018). Amenazas y oportunidades de la economía digital en el mercado laboral de México. Revista Facultad de Ciencias Económicas, XXVI(2), 45-60. https://doi.org/https://doi.org/10.18359/rfce.2926
Jiménez, E. (2022, septiembre 5). EasyChair. EasyChair: https://wwwww.easychair.org/publications/preprint_download/HlGGl
MITRE Corporation. (2022, julio 22). Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/index.html
NIST. (2020). Nist. https://www.nist.gov/
Noroña, J. C. (2019). Impacto de herramienta Open Source Odoo Erp en la Educación Superior. Caso Instituto Tecnológico Superior Guayaquil. Universidad y Sociedad, II(4). http://scielo.sld.cu/scielo.php?script=sci_arttext&pid=S2218-36202019000400200
OWASP. (2021). wiki.owasp.org. https://wiki.owasp.org/images/5/5e/OWASP-Top-10-2017-es.pdf
Rudho, M. (2022). Implementasi Hydra, FFUF Dan WFUZZ Dalam Brute Force DVWA. Journal of Network and Computer, 1(2), 25-33. https://jurnal.netplg.com/index.php/jnca/article/view/12