Palabras clave
vulnerability
sniffing
http
Cómo citar
Resumen
Este trabajo fue diseñado con la intención de analizar la vulnerabilidad de los sitios web de comercio electrónico. Vamos a describir la transmisión de datos en texto claro sin encriptación mediante el protocolo de transferencia de hipertexto (HTTP), por lo que argumentamos que mediante una técnica de sniffer se puede capturar esta información y así violar la información de privacidad del cliente.
Palabras Clave: Seguridad, vulnerabilidad, sniffing, http.
Citas
N. Ahmad y H. M. Kashif, “Analysis of Network Security Threats and Vulnerabilities by Development & Implementation
of a Security Network Monitoring Solution”, M.S. thesis Blekinge Institute of Technology, 2010.
E. Nsambu y D. Aziz, “Computer Engineering The Defense Against the latest Cyber Espionage both insider and
outsider attacks”, M.S. thesis Mid Sweden University, 2012.
N. Särökaari, “Identifying malicious HTTP Requests”, B.S. thesis Haaga-Helia University, 2012.
R. Fielding et al., “Hypertext Transfer Protocol -- HTTP/1.1”, ACM Digit. Libr., pp. 13–176, Jun. 1999, doi:
17487/rfc2616.
D. Stuttard y M. Pinto, The web application hacker’s handbook: finding and exploiting security flaws. Wiley, 2011.
D. Gourley, B. Totty, S. Marjorie, A. Aggarwal, y S. Reddy, “HTTP Guide”, Foreign Aff., vol. 91, núm. 5, p. 635,
, [En línea]. Disponible en: https://www.oreilly.com/library/view/http-the-definitive/1565925092/.
SANS Institute, “Web Application Penetration Testing Training | SANS SEC542”, 2010, [En línea]. Disponible en:
https://www.sans.org/cyber-security-courses/web-app-penetration-testing-ethical-hacking/.
Bigcommerce, “Ecommerce Data Breaches: Real Costs of Security Mismanagement”,2020. https://www.bigcommerce.com/articles/ecommerce/ecommerce-data-breaches/ (consulted abr. 21, 2021).
M. W. Holt, D. Zappala, K. Seamons, y P. Egbert, “After HTTPS: Indicating Risk Instead of Security”, M.S thesis
Brigham Young University, 2019.
C. Hoffman, “Why Does Google Chrome Say Websites Are ‘Not Secure’?”, howtogeek.com, 2018. https://www.howtogeek.com/359298/why-does-google-chrome-say-websites-are-“not-secure”/ (consultado abr. 16, 2021).
Z. Wilson, “Global Information Assurance Certification Paper Hacking: The Basics”, 2001. Consultado: abr. 15,
[En línea]. Disponible en: http://www.giac.org/registration/gsec.
I. A. Ibrahim Diyeb, A. Saif, y N. A. Al-Shaibany, “Ethical Network Surveillance using Packet Sniffing Tools:
A Comparative Study”, Int. J. Comput. Netw. Inf. Secur., vol. 10, núm. 7, pp. 12–22, jul. 2018, doi: 10.5815/ijcnis.
07.02.
V. Network, “Cyber Security Attacks Network Sniffing”. https://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html (consulted abr. 15, 2021).
O. N. Henry y M. A. Agana, “Intranet Security Using A LAN Packet Sniffer to Monitor Traffic”, en 9th International Conference on Computer Science and Information Technology (CCSIT 2019), Jun. 2019, pp. 57–68, doi: 10.5121/csit.2019.90806.
K. Uchino, Global Crisis, and Sustainability Technologies. WORLD SCIENTIFIC, 2017.
F. M. S. Carreno, O. C. F. Unda, C. L. C. Naranjo, y L. D. Rosales, “Security For Applications With Multiple Users”, en 2020. 15th Iberian Conference on Information Systems and Technologies (CISTI), Jun. 2020, vol. 2020-June, núm. June, pp. 1–6, doi: 10.23919/CISTI49556.2020.9141157.
