Detección automatizada de desfiguraciones en un sitio web mediante una solución basada en Software Libre
Abstract
RESUMEN
La desfiguración de sitios web es uno de los ataques más populares hoy en día y se basan en realizar un cambio en el código HTML de una página web, que se presenta como un cambio visual en la imagen del mismo. En el presente trabajo se propone desarrollar un sistema mediante el cual se puedan detectar y/o reportar dichos cambios de una forma temprana y automatizada. El Software Libre (SL) ofrece la posibilidad de crear soluciones y es el marco sobre el cual se propone una solución.
Palabras clave: Software libre, desfiguración, Linux, seguridad, CSIRT, desarrollo, sitio web.
ABSTRACT
Web site defacements are one of the most popular attacks nowadays and rely on making a change in a web site's HTML code, which is presented as a visual change on the site. In this paper it is proposed to develop a system for detecting and/or reporting such changes in an early and automated way. Free Libre Open Source Software (FLOSS) offers the ability to create solutions and is the framework on which a solution is proposed.
Keywords: Free software, defacement, Linux, security, CSIRT, develop, website.
Downloads
Metrics
References
Bartoli, A, G Davanzo, E. Medvet, 2009. The reaction time to Web site defacements. IEEE Internet Computing.
cURL. A utility for getting files from remote servers. s.f. Disponible en http://curl.haxx.se/.
CutyCapt. A Qt WebKit Web Page Rendering Capture Utility. s.f. Disponible en http://cutycapt.sourceforge.net/.
GNU. 7.4 comm: Compare two sorted files line by line. s.f. Disponible en http://www.gnu.org/ software/coreutils/manual/html_node/comm-invocation.html.
Haxx. Compare cURL Features with Other Download Tools. s.f. Disponible en http://curl.haxx.se/docs/comparison-table.html.
HTTrack. Website Copier. s.f. Disponible en http://www.httrack.com/.
ImageMagick. Convert, Edit, And Compose Images. s.f. Disponible en http://www.imagemagick.org/.
khtml2png. Make screenshots from webpages. s.f. Disponible en http://khtml2png.sourceforge.net/.
Kovacs, E. Over 665,000 Defacements Submitted to Zone-H.org in 2013. s.f. Disponible en http://news.softpedia.com/news/Over-665-000-Defacements-Submitted-to-Zone-H-org-in-2013-358614.shtml.
LFTP. Sophisticated file transfer program. s.f. Disponible en http://lftp.yar.ru/.
Pérez, E., 2013. Sistema de procesamiento y reporte de alertas de seguridad para el CSIRT-CEDIA. Convención Internacional de Ciencias Técnicas, Santiago de Cuba, 111-222.
PhantomJS. Headless WebKit scriptable with a JavaScript API. s.f. Disponible en http://phantomjs.org.
Python-webkit2png. Python script that takes screenshots (browsershots) using webkit. s.f. Disponible en https://github.com/AdamN/python-webkit2png/.
PyWebShot. Command line webpage screenshot and thubnail generator. s.f. Disponible en https://github.com/coderholic/PyWebShot.
uGet. Open Source Download Manager. s.f. Disponible en http://ugetdm.com/.
Wget. A utility for retrieving files using the HTTP or FTP protocols. s.f. Disponible en http://www.gnu.org/software/wget/.
Zone-H.com. Yearly & Monthly & Daily attacks Stats. s.f. Disponible enhttp://www.zone-h.org/stats/ymd.
Downloads
Published
How to Cite
Issue
Section
License
Copyright © Autors. Creative Commons Attribution 4.0 License. for any article submitted from 6 June 2017 onwards. For manuscripts submitted before, the CC BY 3.0 License was used.
You are free to:
 |
Share — copy and redistribute the material in any medium or format |
 |
Adapt — remix, transform, and build upon the material for any purpose, even commercially. |
Under the following conditions:
 |
Attribution — You must give appropriate credit, provide a link to the licence, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licenser endorses you or your use. |
| No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the licence permits. |
