Tool selection criteria for pentesting
Abstract
This essay highlights the importance of pentesting as a legal practice of exploiting vulnerabilities in the environments of a network, web, mobile or cloud applications and the user environment through social engineering. A review is made of the different authors who make their recommendations for the tools or consider them for their certification processes, some tools were left out, the main criterion was the coincidence of these through the different authors reviewed. Selecting the right pentesting tool can make the difference between an effective security assessment and an ineffective one.
Downloads
References
INEGI, «Censo Nacional de Seguridad Pública Feederal 2022,» 2022. [En línea]. Available: https://www.inegi.org.mx/contenidos/programas/cnspf/2022/doc/cnspf_2022_resultados.pdf.
National Cybersecurity Alliance, «National Cybersecurity Alliance,» 2016. [En línea]. Available: https://staysafeonline.org/cybersecurity-for-business/history-ethical-hacking/.
L. Herrero Pérez, Hacking Ético, Ra-Ma, 2022, p. 29.
J. M. Ortega Candel, Ciberseguridad, manual práctico, Parainfo, 2021, pp. 4-5.
P. Engebretson y D. Kennedy, The basics of hacking and penetration testing, Elsevier, 2013, pp. 1-3.
K. Malik, «GetAstra,» Types of Penetration Testing: A Comprehensive Guide, 2023. [En línea]. Available: https://www.getastra.com/blog/security-audit/types-of-penetration-testing/.
EC-Council, «Popular Penetration Testing Tools,» 2024. [En línea]. Available: https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/what-is-penetration-testing/.
Linkedin y D. Balroop, «Penetration Testing Tools: Nmap, Metasploit, Burp Suite, and Wireshark,» TechUnity, Inc, 2024. [En línea]. Available: https://www.linkedin.com/pulse/penetration-testing-tools-nmap-metasploit-burp-suite-dave-balroop/.
S. Bowcut, «Cibersecurity Guide,» A deep dive on the OSCP certification aka the Offensive Security Certified Professional, 2024. [En línea]. Available: https://cybersecurityguide.org/programs/cybersecurity-certifications/oscp/.
Hackingmexico, «Hackingmexico,» 2024. [En línea]. Available: https://www.hackingmexico.one/.
M. Vernon, «10 herramientas de pruebas de penetración que utilizan los profesionales,» CSOOnline, 2024. [En línea]. Available: https://www.csoonline.com/.
Rapid7's, «Metasploit,» 2024. [En línea]. Available: https://www.rapid7.com/products/metasploit/.
PortSwigger, «Burp Suite Community Edition,» 2024. [En línea]. Available: https://portswigger.net/burp/communitydownload.
Tenable Nessus, «Tenable Nessus,» 2024. [En línea]. Available: https://es-la.tenable.com/products/nessus.
OpenWall, «John the Ripper password cracker,» 2024. [En línea]. Available: https://www.openwall.com/john/.
Wireshark, «Wireshark,» 2024. [En línea]. Available: https://www.wireshark.org/download.html.
ZAP , «ZAP Proxy,» [En línea]. Available: https://www.zaproxy.org/.
SQLmap, «SQLmap,» 2024. [En línea]. Available: https://sqlmap.or.
Copyright (c) 2024 Ana Maria Felipe Redondo, Felipe de Jesús Núñez Cárdenas
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
