Containerization of a Pentesting platform

In today's technology-driven landscape, organizations increasingly store vast amounts of sensitive personal and confidential data, making them vulnerable targets for cybercriminals seeking to exploit system security weaknesses. Simply complying with security standards and regulations is not eno...

Descripción completa

Detalles Bibliográficos
Autor: Morales Muñoz, Erika Salome
Tipo de recurso: tesis de maestría
Fecha de publicación:2024
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/410522
Acceso en línea:https://hdl.handle.net/2117/410522
Access Level:acceso abierto
Palabra clave:Computer security
penetration testing
cybersecurity
HuntDown
vulnerability scanning tools
secure digital environment
Seguretat informàtica
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:In today's technology-driven landscape, organizations increasingly store vast amounts of sensitive personal and confidential data, making them vulnerable targets for cybercriminals seeking to exploit system security weaknesses. Simply complying with security standards and regulations is not enough, as we cannot guarantee absolute immunity from vulnerabilities in our systems. The growing demand for cybersecurity talent underscores the need for effective vulnerability scanning tools, which are often complex and require expert knowledge, limiting their accessibility. To address these challenges, HuntDown (HD) has emerged as an ethical hacking tool that provides an accessible solution for security auditing. Nonetheless, HuntDown still requires improvements to match the efficiency of existing vulnerability scanners. This thesis project aims to help refine the HuntDown application deployment process and streamline attack instantiation methods. This research focuses on key aspects such as automation, cloud deployment, and containerization methods to improve HuntDown's performance. To validate the effectiveness of these enhancements, a simple pentest is performed against a vulnerable web application that serves as a benchmark for evaluating HuntDown's performance. The methodologies employed, technologies used, and practical validation performed in this thesis highlight its success and relevance in the dynamic landscape of cybersecurity and penetration testing. The insights gained from this research pave the way for future innovation and advancement in the field, driving progress toward a more secure digital environment.