Aplicación de herramientas de automatización robótica de procesos (RPA) en procesos de pentesting para MiPyMEs
DOI:
https://doi.org/10.22517/23447214.25743Keywords:
Automated pentesting, Cybersecurity, Pentesting methodologies, Penetration testing, Robotic Process Automation (RPA)Abstract
El hacking ético, también conocido como pentesting, es una práctica clave para identificar vulnerabilidades en sistemas de Tecnologías de la Información (TI) mediante simulaciones controladas de ataques cibernéticos, lo que permite mejorar la seguridad informática. Sin embargo, el enfoque tradicional, que depende de intervenciones manuales, se enfrenta a limitaciones debido al aumento exponencial de activos tecnológicos y la complejidad de las infraestructuras, lo que implica un alto consumo de tiempo, recursos y la necesidad de experiencia técnica especializada. Este artículo explora la integración de la Automatización Robótica de Procesos (RPA) en el pentesting como una solución para optimizar estos procesos. A través de un análisis
comparativo de metodologías documentadas y herramientas RPA disponibles, se propone una herramienta específica para automatizar el pentesting en un entorno controlado y seguro. Los resultados experimentales obtenidos indican que esta herramienta es una alternativa viable para mejorar la eficiencia, accesibilidad y escalabilidad de las auditorías de seguridad, lo que la convierte en una solución efectiva en el ámbito de la seguridad informática.
Downloads
References
I. B. Lahmar, Cybersecurity: Hacking and penetration testing techniques and methodologies, 2021.
I. A. Coronel and D. I. Quirumbay, "Seguridad informática, metodologías, estándares y marco de gestión en un enfoque hacia las aplicaciones web," 2022.
M. C. Ghanem, T. M. Chen, and E. G. Nepomuceno, "Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks," Journal of Intelligent Information Systems, vol. 60, 2022. [Online]. Available: https://doi.org/10.1007/s10844-022-00738-0
E. A. Altulaihan, A. Alismail, and M. Frikha, "A survey on web application penetration testing," Electronics, vol. 12, no. 5, 2023. [Online]. Available: https://doi.org/10.3390/electronics12051229
A. M. Ortiz, Introducción a las pruebas de penetración, 2020.
A. Arce Rendón, A. Samacá Burbano, and C. Urcuqui López, "Artificial intelligence model for the automation of information collection in the recognition phase of pentesting," 2023.
J. Calle Condori, "Fases de un ataque a un Sistema Informático," Revista PGI. Investigación, Ciencia y Tecnología en Informática, no. 7, pp. 52-55, 2020.
J. F. Caranqui Allaica, "Auditoría de la seguridad informática siguiendo la metodología Open Source Security Testing Methodology Manual (OSSTMM) para la empresa MEGAPROFER S.A.," 2020.
ISECOM, OSSTMM 3, 2010.
C. Núñez Alcalá, Penetration testing: Auditoría profesional, 2021.
OWASP, Web security testing guide. WSTG - Stable OWASP Foundation. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/. [Accessed: 2024].
A. Shanley and M. N. Johnstone, "Selection of penetration testing methodologies: A comparison and evaluation," in Australian Information Security Management Conference, 2015.
I. M. Raazia, M. Malahayati, B. Basrulb, R. Maliac, and M. Fadhli, "Analysis server security assessment of staffing management information system using the NIST SP 800-115 method at UIN Ar-Raniry Banda Aceh," Circuit: Jurnal Ilmiah Pendidikan Teknik Elektro, vol. 8, 2024. [Online]. Available: https://doi.org/10.22373/crc.v8i1.20808
C. A. Bermúdez Irreño, "RPA - Automatización robótica de procesos: Una revisión de la literatura," Rev. Ingeniería, Matemáticas y Ciencias de la Información, vol. 8, 2021. [Online]. Available: https://dx.doi.org/10.21017/rimci.2021.v8.n15.a97
E. K. Chiou and J. D. Lee, "Trusting automation: Designing for responsivity and resilience," Human Factors, vol. 65, no. 1, 2023. [Online]. Available: https://doi.org/10.1177/00187208211009995
J. G. Enríquez, A. Jímenez-Ramírez, F. J. Domínguez-Mayo, and J. A. García-García, "Robotic process automation: A scientific and industrial systematic mapping study," IEEE Access, vol. 8, 2020. [Online]. Available: https://doi.org/10.1109/ACCESS.2020.2974934
S. Maji, H. Jain, V. Pandey, and V. A. Siddiqui, "White hat security: An overview of penetration testing tools," in 2nd International Conference on Advancement in Electronics & Communication Engineering (AECE 2022), 2022.
Z. Asrak, Penetration testing tools: The use of penetration testing tools in Kali Linux, 2020.
I. U. Haq and T. A. Khan, "Penetration frameworks and development issues in secure mobile application development," 2021. [Online]. Available: https://doi.org/10.1109/ACCESS.2021.3088229
R. Mehta and R. Chaher, "Implementation of robotic process automation (RPA) in digital marketing," in 3rd International Conference for Emerging Technology (INCET), 2022.
J. I. Amador Escalera, "Propuesta metodológica para implementar RPA's," 2020.
J. Siderska, "Robotic process automation — A driver of digital transformation?," Engineering Management in Production and Services, vol. 12, no. 2, 2020. [Online]. Available: https://doi.org/10.2478/emj-2020-0009
S. Khan, "Comparative analysis of RPA tools - UiPath, Automation Anywhere and BluePrism," 2020. [Online]. Available: https://doi.org/10.47760/ijcsma.2020.v08i11.001
R. Sindhuja, P. T. Modugu, S. A. Goud, E. R. Kumar, G. S. Babu, and R. Reddy, "A comparative analysis of RPA tools: UiPath, Automation Anywhere and Robocorp," in 2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.0, Raigarh, India, 2024, pp. 1-6, doi: 10.1109/OTCON60325.2024.10688237.
J. Ribeiro, R. Lima, T. Eckhardt, and S. Paiva, "Robotic process automation and artificial intelligence in Industry 4.0 – A literature review," in CENTERIS - International Conference on ENTERprise Information System, 2021. [Online]. Available: https://doi.org/10.1016/j.procs.2021.01.104
B. Axmann and H. Harmoko, "Process & software selection for robotic process automation (RPA)," 2022. [Online]. Available: https://doi.org/10.31803/tg-20220417182552
P. Desai, S. Joshi, Y. Desai, N. Kothari, and D. Sawant, "Leading platforms in robotic process automation: Review," in Proceedings of the International Conference on Cognitive and Intelligent Computing, 2022. [Online]. Available: https://doi.org/10.1007/978-981-19-2350-0_62
D. Andrade, "Challenges of automated software testing with robotic process automation RPA - A comparative analysis of UiPath and Automation Anywhere," International Journal of Intelligent Computing Research, vol. 11, pp. 1066-1072, 2020. doi:10.20533/ijicr.2042.4655.2020.0129.
S. Baweja, "Exploring advanced process automation with Blue Prism," 2023.
N. Delilovic, Implementing Advanced Amazon AWS Authentication Capabilities for the Robot Test-Automation Framework, 2022.
R. Matzenberger, Exploring open-source robotic process automation: The Robocorp approach, 2022.
UiPath, "Integrations with enterprise applications - Automation partners." [Online]. Available: https://www.uipath.com/partners/technology-alliances. [Accessed: Nov. 21, 2024].
S. Mandvikar, "Indexing robotic process automation products," International Journal of Computer Trends and Technology, vol. 71, pp. 52-56, 2023. doi: 10.14445/22312803/IJCTT-V71I8P108.
Google Trends, "Explore Google Trends." [Online]. Available: https://trends.google.com. [Accessed: Nov. 5, 2024].
Blue Prism, "Blue Prism RPA software." [Online]. Available: https://www.blueprism.com. [Accessed: Nov. 5, 2024].
Robocorp, "Robocorp - Open source RPA for developers." [Online]. Available: https://robocorp.com. [Accessed: Nov. 21, 2024]
C. Correia, A. Silva, and V. Lobo, "Cybersecurity test automation: Experiences with RPA tools and ZAP technologies using ASL4RPA," in 2024 International Conference on Emerging Computing and Engineering Technologies (ICECET), 2024, pp. 1-6, doi: 10.1109/ICECET61485.2024.10698536.
I. B. Lahmar, Cybersecurity: Hacking and penetration testing techniques and methodologies, 2021.
I. A. Coronel and D. I. Quirumbay, "Seguridad informática, metodologías, estándares y marco de gestión en un enfoque hacia las aplicaciones web," 2022.
M. C. Ghanem, T. M. Chen, and E. G. Nepomuceno, "Hierarchical reinforcement learning for efficient and effective automated penetration testing of large networks," Journal of Intelligent Information Systems, vol. 60, 2022. [Online]. Available: https://doi.org/10.1007/s10844-022-00738-0
E. A. Altulaihan, A. Alismail, and M. Frikha, "A survey on web application penetration testing," Electronics, vol. 12, no. 5, 2023. [Online]. Available: https://doi.org/10.3390/electronics12051229
A. M. Ortiz, Introducción a las pruebas de penetración, 2020.
A. Arce Rendón, A. Samacá Burbano, and C. Urcuqui López, "Artificial intelligence model for the automation of information collection in the recognition phase of pentesting," 2023.
J. Calle Condori, "Fases de un ataque a un Sistema Informático," Revista PGI. Investigación, Ciencia y Tecnología en Informática, no. 7, pp. 52-55, 2020.
J. F. Caranqui Allaica, "Auditoría de la seguridad informática siguiendo la metodología Open Source Security Testing Methodology Manual (OSSTMM) para la empresa MEGAPROFER S.A.," 2020.
ISECOM, OSSTMM 3, 2010.
C. Núñez Alcalá, Penetration testing: Auditoría profesional, 2021.
OWASP, Web security testing guide. WSTG - Stable OWASP Foundation. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/. [Accessed: 2024].
A. Shanley and M. N. Johnstone, "Selection of penetration testing methodologies: A comparison and evaluation," in Australian Information Security Management Conference, 2015.
I. M. Raazia, M. Malahayati, B. Basrulb, R. Maliac, and M. Fadhli, "Analysis server security assessment of staffing management information system using the NIST SP 800-115 method at UIN Ar-Raniry Banda Aceh," Circuit: Jurnal Ilmiah Pendidikan Teknik Elektro, vol. 8, 2024. [Online]. Available: https://doi.org/10.22373/crc.v8i1.20808
C. A. Bermúdez Irreño, "RPA - Automatización robótica de procesos: Una revisión de la literatura," Rev. Ingeniería, Matemáticas y Ciencias de la Información, vol. 8, 2021. [Online]. Available: https://dx.doi.org/10.21017/rimci.2021.v8.n15.a97
E. K. Chiou and J. D. Lee, "Trusting automation: Designing for responsivity and resilience," Human Factors, vol. 65, no. 1, 2023. [Online]. Available: https://doi.org/10.1177/00187208211009995
J. G. Enríquez, A. Jímenez-Ramírez, F. J. Domínguez-Mayo, and J. A. García-García, "Robotic process automation: A scientific and industrial systematic mapping study," IEEE Access, vol. 8, 2020. [Online]. Available: https://doi.org/10.1109/ACCESS.2020.2974934
S. Maji, H. Jain, V. Pandey, and V. A. Siddiqui, "White hat security: An overview of penetration testing tools," in 2nd International Conference on Advancement in Electronics & Communication Engineering (AECE 2022), 2022.
Z. Asrak, Penetration testing tools: The use of penetration testing tools in Kali Linux, 2020.
I. U. Haq and T. A. Khan, "Penetration frameworks and development issues in secure mobile application development," 2021. [Online]. Available: https://doi.org/10.1109/ACCESS.2021.3088229
R. Mehta and R. Chaher, "Implementation of robotic process automation (RPA) in digital marketing," in 3rd International Conference for Emerging Technology (INCET), 2022.
J. I. Amador Escalera, "Propuesta metodológica para implementar RPA's," 2020.
J. Siderska, "Robotic process automation — A driver of digital transformation?," Engineering Management in Production and Services, vol. 12, no. 2, 2020. [Online]. Available: https://doi.org/10.2478/emj-2020-0009
S. Khan, "Comparative analysis of RPA tools - UiPath, Automation Anywhere and BluePrism," 2020. [Online]. Available: https://doi.org/10.47760/ijcsma.2020.v08i11.001
R. Sindhuja, P. T. Modugu, S. A. Goud, E. R. Kumar, G. S. Babu, and R. Reddy, "A comparative analysis of RPA tools: UiPath, Automation Anywhere and Robocorp," in 2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.0, Raigarh, India, 2024, pp. 1-6, doi: 10.1109/OTCON60325.2024.10688237.
J. Ribeiro, R. Lima, T. Eckhardt, and S. Paiva, "Robotic process automation and artificial intelligence in Industry 4.0 – A literature review," in CENTERIS - International Conference on ENTERprise Information System, 2021. [Online]. Available: https://doi.org/10.1016/j.procs.2021.01.104
B. Axmann and H. Harmoko, "Process & software selection for robotic process automation (RPA)," 2022. [Online]. Available: https://doi.org/10.31803/tg-20220417182552
P. Desai, S. Joshi, Y. Desai, N. Kothari, and D. Sawant, "Leading platforms in robotic process automation: Review," in Proceedings of the International Conference on Cognitive and Intelligent Computing, 2022. [Online]. Available: https://doi.org/10.1007/978-981-19-2350-0_62
D. Andrade, "Challenges of automated software testing with robotic process automation RPA - A comparative analysis of UiPath and Automation Anywhere," International Journal of Intelligent Computing Research, vol. 11, pp. 1066-1072, 2020. doi:10.20533/ijicr.2042.4655.2020.0129.
S. Baweja, "Exploring advanced process automation with Blue Prism," 2023.
N. Delilovic, Implementing Advanced Amazon AWS Authentication Capabilities for the Robot Test-Automation Framework, 2022.
R. Matzenberger, Exploring open-source robotic process automation: The Robocorp approach, 2022.
UiPath, "Integrations with enterprise applications - Automation partners." [Online]. Available: https://www.uipath.com/partners/technology-alliances. [Accessed: Nov. 21, 2024].
S. Mandvikar, "Indexing robotic process automation products," International Journal of Computer Trends and Technology, vol. 71, pp. 52-56, 2023. doi: 10.14445/22312803/IJCTT-V71I8P108.
Google Trends, "Explore Google Trends." [Online]. Available: https://trends.google.com. [Accessed: Nov. 5, 2024].
Blue Prism, "Blue Prism RPA software." [Online]. Available: https://www.blueprism.com. [Accessed: Nov. 5, 2024].
Robocorp, "Robocorp - Open source RPA for developers." [Online]. Available: https://robocorp.com. [Accessed: Nov. 21, 2024]
C. Correia, A. Silva, and V. Lobo, "Cybersecurity test automation: Experiences with RPA tools and ZAP technologies using ASL4RPA," in 2024 International Conference on Emerging Computing and Engineering Technologies (ICECET), 2024, pp. 1-6, doi: 10.1109/ICECET61485.2024.10698536.
Downloads
-
Vistas(Views): 336
- PDF (Español (España)) Descargas(Downloads): 188
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Scientia et Technica
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyrights
The journal is free open access. The papers are published under the Creative Commons Attribution / Attribution-NonCommercial-NoDerivatives 4.0 International - CC BY-NC-ND 4.0 license. For this reason, the author or authors of a manuscript accepted for publication will yield all the economic rights to the Universidad Tecnológica of Pereira free of charge, taking into account the following:
In the event that the submitted manuscript is accepted for publication, the authors must grant permission to the journal, in unlimited time, to reproduce, to edit, distribute, exhibit and publish anywhere, either by means printed, electronic, databases, repositories, optical discs, Internet or any other required medium. In all cases, the journal preserves the obligation to respect, the moral rights of the authors, contained in article 30 of Law 23 of 1982 of the Government Colombian.
The transferors using ASSIGNMENT OF PATRIMONIAL RIGHTS letter declare that all the material that is part of the article is entirely free of copyright. Therefore, the authors are responsible for any litigation or related claim to intellectual property rights. They exonerate of all responsibility to the Universidad Tecnológica of Pereira (publishing entity) and the Scientia et Technica journal. Likewise, the authors accept that the work presented will be distributed in free open access, safeguarding copyright under the Creative Commons Attribution / Recognition-NonCommercial-NoDerivatives 4.0 International - https://creativecommons.org/licenses/by-nc-nd/4.0/deed.es license.