Website cybersecurity: security audit of an online platform

Authors

  • Juan Andres Jaramillo Barreiro Universidad Técnica de Machala, Facultad de Ingeniería Civil, Machala, El Oro, Ecuador. https://orcid.org/0009-0002-3928-0719
  • Joseph Camilo Reyes Sacaquirin Universidad Técnica de Machala, Facultad de Ingeniería Civil, Machala, El Oro, Ecuador. https://orcid.org/0009-0002-3557-7048
  • Nancy Magaly Loja Mora Universidad Técnica de Machala, Facultad de Ingeniería Civil, Machala, El Oro, Ecuador. https://orcid.org/0000-0002-5583-4278

DOI:

https://doi.org/10.33936/isrtic.v9i1.7466

Keywords:

Cybersecurity, OWASP, Security audit, Vulnerabilities

Abstract

We live in an increasingly digital world that is highly dependent on online platforms, where ensuring security has become one of the major challenges of daily life. This paper presents the results of a cybersecurity audit conducted on a web platform using the OWASP framework as a technical reference. The analysis focused on two distinct categories of issues: misconfigured security settings and errors in user authentication and identification. During the evaluation process, several vulnerabilities were identified, including insecure cookies, exposed open ports with sensitive services, and the absence of multi-factor authentication (MFA), among others. Although it was not possible to exploit all detected vulnerabilities due to the presence of active defensive mechanisms, the findings allowed for the proposal of practical and applicable mitigation measures. The study demonstrates that the OWASP framework is effective in real-world audits and emphasizes that while certain technical barriers may limit the success of specific attacks, they cannot replace the correction of insecure configurations. It also highlights the importance of understanding cybersecurity as a continuous and adaptive process. These results are particularly valuable for organizations with limited resources, as they provide actionable strategies to improve their cybersecurity posture through structured audits and defense-in-depth approaches.

Downloads

Download data is not yet available.

References

Altamirano, C. W. F., Freire, M., Yamba Yugsi, M., & Ureta Arreaga, L. A. (2024). Prevención de ataques ransomware en entidades públicas y privadas en el Ecuador. Polo del Conocimiento, 9(8), 2710–2723. https://doi.org/10.23857/pc.v9i8.7850102

Ávila Niño, F. Y. (2023). Ransomware, una amenaza latente en Latinoamérica. InterSedes, 24. https://doi.org/10.15517/isucr.v24i49

Bermúdez-Bermúdez, Y. A. (2024). El principio de proporcionalidad como límite de los ciberataques en los conflictos armados internacionales. En Problemas abiertos en torno al principio de proporcionalidad: un análisis desde el DIDH y el DIH (pp. 141–160). Escuela Militar de Cadetes General Jose María Córdova.

Broncano, M. P. E., & Ávila Pesantez, D. F. (2021). Ciberseguridad en los sistemas de gestión de aprendizaje (LMS). Ecuadorian Science Journal, 5(1), 46–54. https://doi.org/10.46480/ESJ.5.1.98

Escobar Ávila, M. E., & Rojas Amado, J. C. (2021). Beneficios del uso de tecnologías digitales en la auditoría externa: una revisión de la literatura. Revista Facultad de Ciencias Económicas, 29(2), 45–65. https://doi.org/10.18359/rfce.5170

García-Rojas, J., Vargas-Vega, T. J., Rodríguez-Aguilar, R., & Landeros-Valenzuela, K. (2023). Tecnología educativa de blockchain para prevenir ciberataques en ITSOEH. 593 Digital Publisher CEIT, 8(2–1), 136–152. https://doi.org/10.33386/593dp.2023.2-1.1702

Guaña-Moya, J., Sánchez-Zumba, A., Chérrez-Vintimilla, P., Chulde-Obando, L., Jaramillo-Flores, P., & Pillajo-Rea, C. (2022). Ataques informáticos más comunes en el mundo digitalizado. Iberian Journal of Information Systems and Technologies, 87–100.

He, Y., Zamani, E., Yevseyeva, I., & Luo, C. (2023). Artificial intelligence–based ethical hacking for health information systems: Simulation study. Journal of Medical Internet Research, 25, e41748. https://doi.org/10.2196/41748

Muñoz, A. B. (2024). Educar y proteger: análisis de la educación en ciberseguridad para combatir la ciberdelincuencia. Education & Law Review / Revista de Educación y Derecho, (30), 1–22. https://doi.org/10.1344/REYD2024.30.44082

Nagata Bolivar, T., Alemán Delgado, M. S., Toro Flores, Y. A., & Rivas Almonte, F. U. (2021). Análisis y optimización del proceso de validación de ataques de secuencia de comandos en sitios cruzados (XSS) empleando Burp Suite para evadir medidas de seguridad. Iberian Journal of Information Systems and Technologies, 414–432.

Ontiveros, J. M. B., Bailón Estrada, M., Flores Regalado, A., Benítez Guadarrama, J. P., & Cervantes Cardenas, S. A. (2024). Detecciones de vulnerabilidades web a través de la evaluación de pruebas de penetración. Revista NeyArt, 2(2), 46–63. https://doi.org/10.61273/NEYART.V2I2.49

Ospina Díaz, M. R., & Sanabria Rangel, P. E. (2024). Desafíos nacionales frente a la ciberseguridad en el escenario global: un análisis para Colombia. Revista Criminalidad, 62, 199–217.

Pérez, S. B. (2022). Moral hazard situations and misaligned incentives in cybersecurity. Revista Chilena de Derecho y Tecnología, 11(2), 103–120. https://doi.org/10.5354/0719-2584.2022.60821

Reyes, D. G., González Brito, H. R., Zulueta Veliz, Y., & Fernández Pérez, Y. (2023). Técnicas de aprendizaje automático para la detección y prevención de amenazas de ciberseguridad. Proyecciones futuras. Revista Cubana de Ciencias Informáticas, 17, 15–27.

Rivera, Y., Pinto Mangone, A. D., Castaño, S., Torres Tovio, J. M., Ibarra Hernández, F., & Guevara, P. (2022). Análisis bibliométrico sobre ciberseguridad: técnica de ataque de suplantación de identidad y evolución. Iberian Journal of Information Systems and Technologies, 21–35.

Supriadi, D., Suryadi, E., Muslim, R., Samsumar, L. D., & Universitas Teknologi Mataram. (2024). Implementasi vulnerability assessment OWASP (Open Web Application Security Project) pada website Universitas Teknologi Mataram. Journal of Data Analytics, Information, and Computer Science, 1(4), 232–240. https://doi.org/10.70248/JDAICS.V1I4.1368

Uceda, M. A. S., Varas Zurita, P. L., & Mendoza De Los Santos, A. C. (2024). Análisis de seguridad de bases de datos: Estrategias para la protección de datos. Ingeniería: Ciencia, Tecnología e Innovación, 11(1), 90–103. https://doi.org/10.26495/KZ3KYZ70

Vanegas Pineda, M., & Ávila Quiceno, A. M. (2023). Análisis de herramientas de ciberseguridad de código abierto para la prevención de ciberataques a pequeñas y medianas empresas en Colombia. Revista CIES, 14, 221–241.

Zambrano Rendón, A. D. (2024). Impacto de la inteligencia artificial en los ciberataques. Revista Científica Sinapsis, 24(1), 2024–2030. https://doi.org/10.37117/S.V24I1.895

Downloads

Published

2025-06-09

How to Cite

[1]
Jaramillo Barreiro, J.A., Reyes Sacaquirin, .J.C. and Loja Mora, .N.M. 2025. Website cybersecurity: security audit of an online platform. Informática y Sistemas. 9, 1 (Jun. 2025), 93–103. DOI:https://doi.org/10.33936/isrtic.v9i1.7466.

Issue

Vol. 9 No. 1: January - June (2025)

Section

Regular Papers

License

Copyright (c) 2025 Juan Andres Jaramillo Barreiro, Joseph Camilo Reyes Sacaquirin, Nancy Magaly Loja Mora

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Articles submitted to this journal for publication will be released for open access under a Creative Commons Attribution Non-Commercial No Derivative Works licence (http://creativecommons.org/licenses/by-nc-nd/4.0).

The authors retain copyright, and are therefore free to share, copy, distribute, perform and publicly communicate the work under the following conditions: Acknowledge credit for the work specified by the author and indicate if changes were made (you may do so in any reasonable way, but not in a way that suggests that the author endorses your use of his or her work. Do not use the work for commercial purposes. In case of remixing, transformation or development, the modified material may not be distributed.