Conceptual foundation for an automated pentester based on a single board computer
Introduction: This article is the product of the research entitled "Automated Concept Tests on Web Applications Based on OWASP", carried out during 2017 and 2018 in the city of Popayan, capital of the Department of Cauca.
Problem: Establish and identify a theoretical support for the research topic that will help to solve the problem question of the research work. Is it necessary to develop scripts that automate the concept testing process for the detection of vulnerabilities corresponding to the Top 10 of OWASP 2017.
Objective: Propose a conceptual and background component, through the study of primary and secondary sources along with inclusion and exclusion factors, which helps determine the relevance to the proposed problem which in turn will assist in the construction of a solution.
Methodology: The methodology used was documentary, so several sources of databases were consulted, in order to determine the conceptual, theoretical and relevant background information that will support this research work.
Results: As a result, a very significant analysis was obtained, given that it was possible to obtain relevant conceptual bases that contributed to the solution of the problem.
Conclusion: Despite the existence of tools designed to perform web pentesting, none solve the problems posed in this article, however, the articles did contribute towards the solution of the objective.
Originality: Automation of the pentesting process, under the OWASP methodology, in an SBC, using free software, to reduce costs to entrepreneurs when testing the security of web applications.
Limitations: Access to databases in the institution, time and money used to perform tests on other SBC devices.