Diseño de una herramienta automatizada para las pruebas de penetración informática del riesgo de inyecciones SQL inferenciales existente en aplicaciones empresariales bajo ambiente web

De los riesgos de seguridad en ambientes web, el riesgo de inyecciones SQL es catalogado como el más importante, y, de los siete tipos existentes de inyecciones SQL, las inyecciones SQL inferenciales son las que presentan una mayor complejidad en sus pruebas de penetración, debido a que es necesario extraer la información no de manera determinística sino infiriendo los datos al observar cambios de comportamiento en el ambiente web. La presente tesis de maestría tiene como objetivo la reducción de tiempo empleado en las pruebas de penetración usadas para la evaluación del riesgo de inyecciones SQL inferenciales presente en ambientes web. Para esto se usó una metodología mixta: cuantitativa para el análisis de los algoritmos usados en la evaluación de dicho riesgo y cualitativa al analizar las estrategias y herramientas utilizados actualmente en las pruebas de penetración sobre el riesgo mencionado. Como resultado de esta investigación, se pudo establecer que el algoritmo bit a bit es el más eficiente en la extracción de información y la herramienta SQLMAP la más completa para su evaluación. En términos de tiempos, la herramienta SQLBrute - SQL Injection Brute Forcer es la mejor para el caso de las inyecciones SQL inferenciales basadas en tiempo y The Mole para el caso de las no basadas en tiempo. Además, se realizó una herramienta usando el algoritmo bit a bit optimizado, y se comparó los tiempos empleados por ella con las herramientas más eficientes disponibles. Al comparar los tiempos de la herramienta desarrollada, se comprobó que esta investigación disminuyo los tiempos empleados en la evaluación del riesgo tratado y que la herramienta desarrollada realiza la extracción de datos de manera más eficienteAbstract: There are many security risks in a web environment. However, SQL injections is the most important risk. This risk has seven sub-types and inferential SQL Injection is the most complex sub-type: It is necessary extract the information not in a deterministic way but inferring the data by means of observing behavior changes in the web environment. This thesis is a research process on time reduction of inferential SQL injections present in web environments. With that purpose, a mixed methodology was used (quantitative and qualitative) for analyze the strategies, algorithms and tools that penetration testers current use in evaluation of the aforementioned risk. According to the study conducted, bit-to-bit is the faster algorithm for extracting information and SQLMAP tool is the most complete. In time terms, the SQLBrute - SQL Injection Brute Forcer tool is the best tool for based on time inferential SQL injections and The Mole for non-time based injections. After this identification, a tool was made using optimized algorithm bit-to-bit. That tool was compared with the aforementioned tools and verifying that it is effectively more efficient. Finally, the tool was used in a real environment. In this way, it was found that it is possible to decrease the time in the evaluation of the treated riskMaestrí

Managing Inventory: A Study of Databases and Database Management Systems

Databases play an important role in the storage and manipulation of data. Databases and database management systems allow for fast and efficient data querying that has recently become increasingly important in most companies and organizations. This paper introduces a few of the different types of database management systems that are in widespread use today. It introduces some important terminology related to databases and database management systems. This paper also briefly discusses web user interfaces, highlighting important user interface design principles. Finally, an inventory management system is implemented for a local stationery store and is integrated with a web application to serve as the front end

Design and Democracy: Transformative Agency within Indigenous Structure

South African democracy is perceived and evidenced to be under duress. This research questions how design, when underpinned by transdisciplinarity and abduction, can articulate and address this problem. The literature is reviewed to map how designed objects, processes, and philosophy enable and hamper notions of democracy. Within this literature, two concepts are identified as key to a South African context, and require further research - Indigenous Knowledge Systems (IKS) and cosmopolitanism. The African concept of Ubuntu, a subset of IKS, is argued to function as an authentic context, however, its ability to influence urban and diverse environments is questioned. Cosmopolitan theory, and Dewey's focus on experimentation, is argued to promote normative organisation, and its application to facilitate urban and dynamic participation is questioned. The Cape Town precinct - Long Street - provides a case study with which to unpack these two key concepts, and obtain empirical data to answer the research questions. Qualitative data is firstly obtained, from key informants who have the authority to influence the case study delineation. Based on this data, an Abductive instrument (Ai), based on Experience Design (XD) and Designing For Participation (DFP) methods, obtains quantitative data from public actors. Findings from the research include: political philosophy is increasingly enabled and countered by design; design is required to deconstruct and not fortify South African democracy; design is capable of operationalising decolonisation as a constructive, and not reductive, act; indigeneity is being reclaimed in urban contexts, and reinterpreted by design; reflective participation, and not historical assimilation, is a fundamental challenge for political studies; publics experiment with, and not on, themselves. The key implication of the research is designing critical representation, which is at the intersection of design, IKS, and cosmopolitanism. Here, empowerment is an indigenous imperative, design synthesises direct and representative democracy, and design intent is hyper-transparent