Aplicación de herramientas de automatización robótica de procesos (RPA) en procesos de pentesting para MiPyMEs
DOI:
https://doi.org/10.22517/23447214.25743Keywords:
Automated pentesting, Cybersecurity, Pentesting methodologies, Penetration testing, Robotic Process Automation (RPA)Abstract
El hacking ético, también conocido como pentesting, es una práctica clave para identificar vulnerabilidades en sistemas de Tecnologías de la Información (TI) mediante simulaciones controladas de ataques cibernéticos, lo que permite mejorar la seguridad informática. Sin embargo, el enfoque tradicional, que depende de intervenciones manuales, se enfrenta a limitaciones debido al aumento exponencial de activos tecnológicos y la complejidad de las infraestructuras, lo que implica un alto consumo de tiempo, recursos y la necesidad de experiencia técnica especializada. Este artículo explora la integración de la Automatización Robótica de Procesos (RPA) en el pentesting como una solución para optimizar estos procesos. A través de un análisis
comparativo de metodologías documentadas y herramientas RPA disponibles, se propone una herramienta específica para automatizar el pentesting en un entorno controlado y seguro. Los resultados experimentales obtenidos indican que esta herramienta es una alternativa viable para mejorar la eficiencia, accesibilidad y escalabilidad de las auditorías de seguridad, lo que la convierte en una solución efectiva en el ámbito de la seguridad informática.
Downloads
References
I. B. Lahmar, Cybersecurity: Hacking and penetration testing techniques and methodologies, 2021.
I. A. Coronel and D. I. Quirumbay, "Seguridad informática, metodologías, estándares y marco de gestión en un enfoque hacia las aplicaciones web," 2022.
M. C. Ghanem, T. M. Chen, and E. G. Nepomuceno, "Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks," Journal of Intelligent Information Systems, vol. 60, 2022. [Online]. Available: https://doi.org/10.1007/s10844-022-00738-0
E. A. Altulaihan, A. Alismail, and M. Frikha, "A survey on web application penetration testing," Electronics, vol. 12, no. 5, 2023. [Online]. Available: https://doi.org/10.3390/electronics12051229
A. M. Ortiz, Introducción a las pruebas de penetración, 2020.
A. Arce Rendón, A. Samacá Burbano, and C. Urcuqui López, "Artificial intelligence model for the automation of information collection in the recognition phase of pentesting," 2023.
J. Calle Condori, "Fases de un ataque a un Sistema Informático," Revista PGI. Investigación, Ciencia y Tecnología en Informática, no. 7, pp. 52-55, 2020.
J. F. Caranqui Allaica, "Auditoría de la seguridad informática siguiendo la metodología Open Source Security Testing Methodology Manual (OSSTMM) para la empresa MEGAPROFER S.A.," 2020.
ISECOM, OSSTMM 3, 2010.
C. Núñez Alcalá, Penetration testing: Auditoría profesional, 2021.
OWASP, Web security testing guide. WSTG - Stable OWASP Foundation. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/. [Accessed: 2024].
A. Shanley and M. N. Johnstone, "Selection of penetration testing methodologies: A comparison and evaluation," in Australian Information Security Management Conference, 2015.
I. M. Raazia, M. Malahayati, B. Basrulb, R. Maliac, and M. Fadhli, "Analysis server security assessment of staffing management information system using the NIST SP 800-115 method at UIN Ar-Raniry Banda Aceh," Circuit: Jurnal Ilmiah Pendidikan Teknik Elektro, vol. 8, 2024. [Online]. Available: https://doi.org/10.22373/crc.v8i1.20808
C. A. Bermúdez Irreño, "RPA - Automatización robótica de procesos: Una revisión de la literatura," Rev. Ingeniería, Matemáticas y Ciencias de la Información, vol. 8, 2021. [Online]. Available: https://dx.doi.org/10.21017/rimci.2021.v8.n15.a97
E. K. Chiou and J. D. Lee, "Trusting automation: Designing for responsivity and resilience," Human Factors, vol. 65, no. 1, 2023. [Online]. Available: https://doi.org/10.1177/00187208211009995
J. G. Enríquez, A. Jímenez-Ramírez, F. J. Domínguez-Mayo, and J. A. García-García, "Robotic process automation: A scientific and industrial systematic mapping study," IEEE Access, vol. 8, 2020. [Online]. Available: https://doi.org/10.1109/ACCESS.2020.2974934
S. Maji, H. Jain, V. Pandey, and V. A. Siddiqui, "White hat security: An overview of penetration testing tools," in 2nd International Conference on Advancement in Electronics & Communication Engineering (AECE 2022), 2022.
Z. Asrak, Penetration testing tools: The use of penetration testing tools in Kali Linux, 2020.
I. U. Haq and T. A. Khan, "Penetration frameworks and development issues in secure mobile application development," 2021. [Online]. Available: https://doi.org/10.1109/ACCESS.2021.3088229
R. Mehta and R. Chaher, "Implementation of robotic process automation (RPA) in digital marketing," in 3rd International Conference for Emerging Technology (INCET), 2022.
J. I. Amador Escalera, "Propuesta metodológica para implementar RPA's," 2020.
J. Siderska, "Robotic process automation — A driver of digital transformation?," Engineering Management in Production and Services, vol. 12, no. 2, 2020. [Online]. Available: https://doi.org/10.2478/emj-2020-0009
S. Khan, "Comparative analysis of RPA tools - UiPath, Automation Anywhere and BluePrism," 2020. [Online]. Available: https://doi.org/10.47760/ijcsma.2020.v08i11.001
R. Sindhuja, P. T. Modugu, S. A. Goud, E. R. Kumar, G. S. Babu, and R. Reddy, "A comparative analysis of RPA tools: UiPath, Automation Anywhere and Robocorp," in 2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.0, Raigarh, India, 2024, pp. 1-6, doi: 10.1109/OTCON60325.2024.10688237.
J. Ribeiro, R. Lima, T. Eckhardt, and S. Paiva, "Robotic process automation and artificial intelligence in Industry 4.0 – A literature review," in CENTERIS - International Conference on ENTERprise Information System, 2021. [Online]. Available: https://doi.org/10.1016/j.procs.2021.01.104
B. Axmann and H. Harmoko, "Process & software selection for robotic process automation (RPA)," 2022. [Online]. Available: https://doi.org/10.31803/tg-20220417182552
P. Desai, S. Joshi, Y. Desai, N. Kothari, and D. Sawant, "Leading platforms in robotic process automation: Review," in Proceedings of the International Conference on Cognitive and Intelligent Computing, 2022. [Online]. Available: https://doi.org/10.1007/978-981-19-2350-0_62
D. Andrade, "Challenges of automated software testing with robotic process automation RPA - A comparative analysis of UiPath and Automation Anywhere," International Journal of Intelligent Computing Research, vol. 11, pp. 1066-1072, 2020. doi:10.20533/ijicr.2042.4655.2020.0129.
S. Baweja, "Exploring advanced process automation with Blue Prism," 2023.
N. Delilovic, Implementing Advanced Amazon AWS Authentication Capabilities for the Robot Test-Automation Framework, 2022.
R. Matzenberger, Exploring open-source robotic process automation: The Robocorp approach, 2022.
UiPath, "Integrations with enterprise applications - Automation partners." [Online]. Available: https://www.uipath.com/partners/technology-alliances. [Accessed: Nov. 21, 2024].
S. Mandvikar, "Indexing robotic process automation products," International Journal of Computer Trends and Technology, vol. 71, pp. 52-56, 2023. doi: 10.14445/22312803/IJCTT-V71I8P108.
Google Trends, "Explore Google Trends." [Online]. Available: https://trends.google.com. [Accessed: Nov. 5, 2024].
Blue Prism, "Blue Prism RPA software." [Online]. Available: https://www.blueprism.com. [Accessed: Nov. 5, 2024].
Robocorp, "Robocorp - Open source RPA for developers." [Online]. Available: https://robocorp.com. [Accessed: Nov. 21, 2024]
C. Correia, A. Silva, and V. Lobo, "Cybersecurity test automation: Experiences with RPA tools and ZAP technologies using ASL4RPA," in 2024 International Conference on Emerging Computing and Engineering Technologies (ICECET), 2024, pp. 1-6, doi: 10.1109/ICECET61485.2024.10698536.
I. B. Lahmar, Cybersecurity: Hacking and penetration testing techniques and methodologies, 2021.
I. A. Coronel and D. I. Quirumbay, "Seguridad informática, metodologías, estándares y marco de gestión en un enfoque hacia las aplicaciones web," 2022.
M. C. Ghanem, T. M. Chen, and E. G. Nepomuceno, "Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks," Journal of Intelligent Information Systems, vol. 60, 2022. [Online]. Available: https://doi.org/10.1007/s10844-022-00738-0
E. A. Altulaihan, A. Alismail, and M. Frikha, "A survey on web application penetration testing," Electronics, vol. 12, no. 5, 2023. [Online]. Available: https://doi.org/10.3390/electronics12051229
A. M. Ortiz, Introducción a las pruebas de penetración, 2020.
A. Arce Rendón, A. Samacá Burbano, and C. Urcuqui López, "Artificial intelligence model for the automation of information collection in the recognition phase of pentesting," 2023.
J. Calle Condori, "Fases de un ataque a un Sistema Informático," Revista PGI. Investigación, Ciencia y Tecnología en Informática, no. 7, pp. 52-55, 2020.
J. F. Caranqui Allaica, "Auditoría de la seguridad informática siguiendo la metodología Open Source Security Testing Methodology Manual (OSSTMM) para la empresa MEGAPROFER S.A.," 2020.
ISECOM, OSSTMM 3, 2010.
C. Núñez Alcalá, Penetration testing: Auditoría profesional, 2021.
OWASP, Web security testing guide. WSTG - Stable OWASP Foundation. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/. [Accessed: 2024].
A. Shanley and M. N. Johnstone, "Selection of penetration testing methodologies: A comparison and evaluation," in Australian Information Security Management Conference, 2015.
I. M. Raazia, M. Malahayati, B. Basrulb, R. Maliac, and M. Fadhli, "Analysis server security assessment of staffing management information system using the NIST SP 800-115 method at UIN Ar-Raniry Banda Aceh," Circuit: Jurnal Ilmiah Pendidikan Teknik Elektro, vol. 8, 2024. [Online]. Available: https://doi.org/10.22373/crc.v8i1.20808
C. A. Bermúdez Irreño, "RPA - Automatización robótica de procesos: Una revisión de la literatura," Rev. Ingeniería, Matemáticas y Ciencias de la Información, vol. 8, 2021. [Online]. Available: https://dx.doi.org/10.21017/rimci.2021.v8.n15.a97
E. K. Chiou and J. D. Lee, "Trusting automation: Designing for responsivity and resilience," Human Factors, vol. 65, no. 1, 2023. [Online]. Available: https://doi.org/10.1177/00187208211009995
J. G. Enríquez, A. Jímenez-Ramírez, F. J. Domínguez-Mayo, and J. A. García-García, "Robotic process automation: A scientific and industrial systematic mapping study," IEEE Access, vol. 8, 2020. [Online]. Available: https://doi.org/10.1109/ACCESS.2020.2974934
S. Maji, H. Jain, V. Pandey, and V. A. Siddiqui, "White hat security: An overview of penetration testing tools," in 2nd International Conference on Advancement in Electronics & Communication Engineering (AECE 2022), 2022.
Z. Asrak, Penetration testing tools: The use of penetration testing tools in Kali Linux, 2020.
I. U. Haq and T. A. Khan, "Penetration frameworks and development issues in secure mobile application development," 2021. [Online]. Available: https://doi.org/10.1109/ACCESS.2021.3088229
R. Mehta and R. Chaher, "Implementation of robotic process automation (RPA) in digital marketing," in 3rd International Conference for Emerging Technology (INCET), 2022.
J. I. Amador Escalera, "Propuesta metodológica para implementar RPA's," 2020.
J. Siderska, "Robotic process automation — A driver of digital transformation?," Engineering Management in Production and Services, vol. 12, no. 2, 2020. [Online]. Available: https://doi.org/10.2478/emj-2020-0009
S. Khan, "Comparative analysis of RPA tools - UiPath, Automation Anywhere and BluePrism," 2020. [Online]. Available: https://doi.org/10.47760/ijcsma.2020.v08i11.001
R. Sindhuja, P. T. Modugu, S. A. Goud, E. R. Kumar, G. S. Babu, and R. Reddy, "A comparative analysis of RPA tools: UiPath, Automation Anywhere and Robocorp," in 2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.0, Raigarh, India, 2024, pp. 1-6, doi: 10.1109/OTCON60325.2024.10688237.
J. Ribeiro, R. Lima, T. Eckhardt, and S. Paiva, "Robotic process automation and artificial intelligence in Industry 4.0 – A literature review," in CENTERIS - International Conference on ENTERprise Information System, 2021. [Online]. Available: https://doi.org/10.1016/j.procs.2021.01.104
B. Axmann and H. Harmoko, "Process & software selection for robotic process automation (RPA)," 2022. [Online]. Available: https://doi.org/10.31803/tg-20220417182552
P. Desai, S. Joshi, Y. Desai, N. Kothari, and D. Sawant, "Leading platforms in robotic process automation: Review," in Proceedings of the International Conference on Cognitive and Intelligent Computing, 2022. [Online]. Available: https://doi.org/10.1007/978-981-19-2350-0_62
D. Andrade, "Challenges of automated software testing with robotic process automation RPA - A comparative analysis of UiPath and Automation Anywhere," International Journal of Intelligent Computing Research, vol. 11, pp. 1066-1072, 2020. doi:10.20533/ijicr.2042.4655.2020.0129.
S. Baweja, "Exploring advanced process automation with Blue Prism," 2023.
N. Delilovic, Implementing Advanced Amazon AWS Authentication Capabilities for the Robot Test-Automation Framework, 2022.
R. Matzenberger, Exploring open-source robotic process automation: The Robocorp approach, 2022.
UiPath, "Integrations with enterprise applications - Automation partners." [Online]. Available: https://www.uipath.com/partners/technology-alliances. [Accessed: Nov. 21, 2024].
S. Mandvikar, "Indexing robotic process automation products," International Journal of Computer Trends and Technology, vol. 71, pp. 52-56, 2023. doi: 10.14445/22312803/IJCTT-V71I8P108.
Google Trends, "Explore Google Trends." [Online]. Available: https://trends.google.com. [Accessed: Nov. 5, 2024].
Blue Prism, "Blue Prism RPA software." [Online]. Available: https://www.blueprism.com. [Accessed: Nov. 5, 2024].
Robocorp, "Robocorp - Open source RPA for developers." [Online]. Available: https://robocorp.com. [Accessed: Nov. 21, 2024]
C. Correia, A. Silva, and V. Lobo, "Cybersecurity test automation: Experiences with RPA tools and ZAP technologies using ASL4RPA," in 2024 International Conference on Emerging Computing and Engineering Technologies (ICECET), 2024, pp. 1-6, doi: 10.1109/ICECET61485.2024.10698536.
Downloads
-
Vistas(Views): 578
- PDF (Español (España)) Descargas(Downloads): 274
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Scientia et Technica
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The undersigned authors declare that the article submitted to the journal Scientia et Technica is an original work and that all its content is free of third-party copyright restrictions or has the corresponding authorizations. Consequently, the authors assume responsibility for any litigation or claim related to intellectual property rights, releasing the Technological University of Pereira and the journal Scientia et Technica from any liability.
If the submitted work is accepted for publication, the authors retain copyright to the article and grant the journal Scientia et Technica the right of first publication, as well as a non-exclusive, perpetual license to reproduce, edit, distribute, display, and publicly communicate the article in any medium or format, including print, electronic, databases, repositories, the Internet, or other scientific dissemination systems. The authors agree that the article will be published in open access and distributed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).
The journal Scientia will respect in all cases the moral rights of the authors, in accordance with the provisions of article 30 of Law 23 of 1982 of the Republic of Colombia, recognizing the authorship of the work, the right to integrity and the right of disclosure, which are inalienable and non-waivable.