Ingeniería de Sistemas
Permanent URI for this collection
Browse
Recent Submissions
Item Análisis de vulnerabilidades de tipo SQL Injection(Universidad Santiago de Cali, 2026) Timaran Hernandez, Danilo Alfonso; Quintero Cardona, Wilson Andres; Alomia Peñafiel, Gustavo Adolfo (Director)SQL Injection vulnerabilities is one of the most persistent threats to web application security, despite advances in secure development practices and protection technologies. The aim of this study was to analyze the evolution, impact, and main detection and prevention strategies related to SQL Injection through an exploratory review of literature published between 2018 and 2025. The methodology involved searching and selecting peer-reviewed articles from specialized databases, applying predefined inclusion and exclusion criteria. Eighteen studies were analyzed and organized according to detection approaches, prevention strategies, automation mechanisms, and research gaps. The results reveal a predominance of machine learning and deep learning–based models, which report high detection accuracy, as well as the continued relevance of secure coding practices as a foundational preventive measure. However, limitations related to model generalization, adversarial robustness, and deployment in legacy systems were identified. It is concluded that a multi layered defense strategy, integrating secure development, intelligent detection, and continuous monitoring, represents the most effective approach to mitigating SQL Injection vulnerabilities, while future research should focus on real-world applicability and resilience.Item Desarrollo de un sistema de gestión, asignación y control de pedidos de taxis para la empresa Aerotans Ltda(Universidad Santiago de Cali, 2026) Gaviria Bolaños, Andrés Camilo; Navarrete Perea, Alfred David; Arboleda Martínez, Mónica Helen (Director)The transport company Aerotrans, located in Pitalito, Huila,faces difficulties in managing its taxi fleet, which generateslosses due to the inability to handle multiple requestssimultaneously. To address this problem, the study proposes the development ofa web-based management platform that will reduce the loss of requests. Thesystem was designed to be flexible and accessible from different devices forthose interested. It was developed using MVC architecture andtechnologies such as Next.js and Firebase for data storage and management.The methodology used was PSP, aligned with the CDIO framework, which allowedthe process to be organized in fortnightly stages and to maintain adequate control ofprogress. As a result, a functional web platform was delivered to thecompany Aerotrans, significantly improving the simultaneous management oftransport requests and providing a solution to the bottlenecksgenerated during peak seasons.Item Análisis comparativo de las plataformas no-code Orange y KNIME para la clasificación de especies de pingüinos(Universidad Santiago de Cali, 2026) Jaramillo Lucumi, John Leyder; Lemus Asprilla, Geimar Shamir; Mosquera Donado, Luis David; Viera Balanta, Víctor (Director)This article presents a comparative study of the no-code tools Orange and KNIME, focused on building predictive models in their environment, applied to the classification of penguin species, using the Penguin Dataset as a case study. The growth of the no-code approach in machine learning is presented, which is notable for educational and non-specialized environments. Using the CRISP-DM methodology, the steps carried out in the two tools are described: from data understanding to model evaluation. Focus is also placed on the classification algorithms and the implementation of Random Forest. The paper compares the usability, runtime, and resources of the two tools. It verifies how each environment or tool facilitates the construction of workflows without programming. This analysis aims to serve as a methodological and practical guide for students and teachers interested in implementing machine learning techniques using no-code tools, as well as collaborating in the democratization of artificial intelligence for its integration into teaching and learning processes.Item Evolución y desarrollo de los protocolos criptográficos SSL/TLS para la seguridad web (1994–2025)(Universidad Santiago de Cali, 2026) Rodríguez Villegas, Jefferson; Restrepo Castillo, Edgar Alirio (Director)In the current era, a large percentage of the population communicates via the internet, which transmits and processes countless amounts of data daily. This data plays a vital and strategic role for both individuals and businesses, who are exposed to various threats ranging from unauthorized intervention and modification by third parties to outright destruction. This study aims to present the origins and characteristics of SSL and TLS protocols, as well as to outline some of the changes and updates they have undergone over their respective lifespans. Finally, it will discuss some of their most well-known vulnerabilities and provide a perspective on their future in the context of emerging quantum computing.Item YOLOv8 vs YOLOv11: revisión sistemática y validación experimental en detección de objetos(Universidad Santiago de Cali, 2026) Izquierdo Serrano, Luis David; Rodriguez Quintero, Carlos David; Forero Velasco, Jhon Arley; Arboleda Duque, Andres Felipe (Director)This article presents a comparative analysis of the development and performance of YOLOv8 and YOLOv11, two recent versions of the "You Only Look Once" (YOLO) real-time detection algorithm, known for its speed and accuracy. The main focus is to analyze and compare the results of different metrics in both versions using various datasets. To this end, multiple model variants ("n", "s", and "m") are considered to evaluate their behavior under different capacity levels. Furthermore, the study is founded on theoretical principles of free knowledge, computational optimization, and open licenses, which support the use of open source code in academic and scientific environments. A documentary and experimental methodology is adopted, applying PRISMA for literature review and the OSEMN framework for preparation, modeling, and evaluation. Along the same lines, standardized metrics such as mAP@0.5 and mAP@0.5-0.95 were used, along with indicators like training time. The results show that the performance of each version depends on the dataset and the model size. YOLOv8 achieved greater precision and mAP in scenarios such as African Wildlife and PI3final, while YOLOv11 stood out for its computational efficiency and training times in the 'n' and 's' variants. In conclusion, YOLOv8 excels in accuracy and robustness, while YOLOv11 proves more efficient on limited hardware; both versions contribute to academic progress on the evolution of YOLO’s in computer vision.Item Aprendizaje profundo para el diseño y predicción de ofertas de mercado en el comercio minorista(Universidad Santiago de Cali, 2024) Calderón Parra, Bryan; Prieto Bolaños, Ricardo Andrés (Director)To carry out this project, the application of Deep Learning in the market was examined to determine supply prediction, with the purpose of developing software based on an artificial intelligence model that provides relevant information to design strategies. digital marketing in the retail sector. The functionalities of the prediction model were identified, adapting them according to the specific requirements of this area. To guarantee the reliability and effectiveness of the results of the predictive model, data collection and purification strategies based on web scrapers were used. The accuracy of the model was evaluated through the validation of acceptance criteria, the results of which suggest the effectiveness of this technology in optimizing trend analysis processes and establishing product prices. This approach seeks to reduce the uncertainty associated with the analysis of deviations related to budgets or financial forecasts that assume consumer behaviors.Item Importancia de la implementación herramientas de técnicas y industria aplicadas en la gestión de calidad de la textil en las empresas colombianas(Universidad Santiago de Cali, 2021) Viafara García, Carlos Alberto; Montilla Gualguan, Diana Marcela; Guerrero Moreno, David Rodrigo (Director); Prieto, Ricardo Andrés (Director)Quality management has been determined as a tool for organizational success, since it leads to the improvement of each and every one of the business processes, both productive and administrative, in order to generate differentiating advantages over competitors and thereby attract A greater number of clients, however, for the appropriation of quality in the processes, it is essential to link the quality tools, which allow monitoring, adjustments, follow-ups and improvements to the activities, thereby seeking the efficiency of the processes. In this sense, the quality policy implementation process involves all levels of the organization, since they are systematic activities that require the commitment of all stakeholders. For this reason, the development of this bibliographic review article is to determine the importance of linking quality management techniques and tools for business strengthening in textile companies in Colombia, for which a methodological review process is used. documentary with a qualitative approach to analysis and collection of information, where a review of the main components of quality management is carried out and their impact, either positive or negative, on business growth. As the main conclusion, it is highlighted that, the implementation of quality techniques and statistical tools leads to the implementation of unique controls to improve processes and fluidly manage the exponential growth of its results in the medium term, resulting in beneficial for companies in the textile sector that want to grow at accelerated rates but based on quality as the main differentiating tool of processes, procedures, and products.Item Implementación de un Data Warehouse para el análisis de datos históricos del Consorcio de Investigación Científica Caucaseco(Universidad Santiago de Cali, 2022) Hoyos Pérez, Andrés José; Trejos Quintero, Wilmer; Rojas López, Johanna (Directora); Prieto Bolaños, Ricardo Andrés (Director)Item Lean Project Management aplicado a la Tecnología de la Información (IT)(Universidad Santiago de Cali, 2022) Aguas Castillo, Einer Ronaldo; Molina Suárez, Francisco Javier; Díaz Contreras, Johan Sebastián; García Jiménez, Juan Camilo (Director)This article presents a literature review on Project Management focused on information technology (IT), a sector that has been strongly affected in achieving success by keeping its processes aligned to traditional methodologies; therefore, the objective of this study was to analyze how Lean Project Managment can provide optimal solutions that not only substantially increase the success of projects of this type, but also generate value for the customer through the reduction and/or elimination of mudas (waste) not covered by other methodologies. In order to achieve this objective, we proceeded to research in different bibliographic sources on traditional methodologies compared to Lean and case studies that demonstrate the success of using Lean Project Management.Item Análisis de amenazas y estrategias de seguridad en redes sociales un panorama de ciberataques y violaciones de privacidad(Universidad Santiago de Cali, 2025) Rosero Giraldo, Catalina; Gil López, Johan Sebastián; Tavera Romero, Carlos Andrés (Director)In the digital age, social media has transformed human interactions, consolidating itself as essential spaces for connection, exchange of experiences and information. These platforms have acquired a central role in everyday life, also standing out as main sources of entertainment and key tools for business strategies, especially in advertising and customer acquisition. Therefore, this article aims to analyze the main cyber threats targeting social media users. A systematic review of the literature was carried out following the PRISMA protocol to ensure methodological rigor in the selection of information. The search was carried out in recognized databases such as Google Scholar, Scopus and ScienceDirect, covering studies published between 2018 and 2024. A total of 14 relevant articles were identified and analyzed after applying inclusion and exclusion criteria. The analysis was complemented with tools such as Mendeley for bibliographic organization and descriptive techniques for data synthesis. The study confirmed an increase in threats such as phishing, ransomware, malware, identity theft, and social engineering attacks. Significant cases of privacy violations were documented, including the Cambridge Analytica scandal and vulnerabilities of platforms such as Facebook and TikTok. It concluded that social networks face a high level of risk due to their popularity and accessibility, mitigating these threats requires a joint effort between users, companies and regulators, highlighting the need to educate users and implement security standards.Item Tendencias actuales de las vulnerabilidades y ataques de inyección SQL(Universidad Santiago de Cali, 2025) Duque Muñoz, Sebastián David; Montero Muñoz, Byron Leandro; Prieto Bolaños, Ricardo Andrés (Director)The objective of the research was to explore the vulnerabilities of SQL injection attacks, seen from the topics covered in recent research and international reports. The methodology consisted of a systematic review that allows us to know the current status addressed from several questions: What is the trend in detections of SQL injection attacks? What are the main techniques to identify this type of vulnerability? How do these attacks manifest? What tools are used to identify this type of vulnerability? What are the measures to mitigate this type of vulnerability from being exploited? The databases used were IEEE, ACM, Elservier, taking the period from 2020 to 2024. The results show that up to 2,000 SQL injection attacks have been reported annually, which demonstrates a significant increase over the years. SQL injection attacks manifest themselves by allowing data theft, data manipulation, unauthorized access, denial of services, among others. The types of attacks discussed in the article are: basic, blind, error-based, and UNION-based. The main techniques to identify these vulnerabilities are: static code analysis, penetration testing, vulnerability scanning and log review, using the tools Sebastian David Duque Muñoz, Byron Leandro Montero Muñoz, Henry Raúl González Brito & Yaimí Trujillo Casañola. 2024 SQLMap, OWASP ZAP, Burp Suite, Acunetix, among others. The main measures to mitigate the presence of this type of vulnerabilities and prevent their exploitation are aimed at: input validation and processing, use of parameterized queries, regular vulnerability scanning, application of security updates and security audits.Item Análisis de indicadores de seguridad web y su impacto en el posicionamiento SEO en motores de búsqueda(Universidad Santiago de Cali, 2025) Ruiz Guerrero, Ricardo Steven; Loaiza Buitrago, Diego Fernando (Director)Currently, there are various components that affect the SEO positioning of a webpage on search engines. Most companies focus on user experience, usability, webpage loading times, and optimization, neglecting the security of the application, unaware of its significant impact on SEO. This article explores the cybersecurity indicators considered by search engines for the SEO positioning of web applications and the negative impact that neglecting these indicators can have.Item Desarrollo de un sistema de información para la empresa de sorteos Distribuciones JM(Universidad Santiago de Cali, 2025) Burbano Sarria, Kevin Stiven; Hoyos Tobar, Luis Gabriel; Segovia De Maya, Patricia Del Rosario (Directora)This study addresses the development of an information system for data management at Distribuciones JM, a company with 24 years of experience in the commercialization of sweepstakes in Cali, Colombia. The development follows the PSP methodology that includes planning, design, coding, compilation, testing and post-mortem; the 6 steps of the PSP were grouped into 4 phases: analysis, design, construction and testing. The theoretical framework is based on the importance of information systems for data automation and business process optimization. The system built, based on principles of automation and efficient data management, is expected to reduce operating costs, improve customer satisfaction and strengthen the company's competitive position. This project not only offers a solution for Distribuciones JM, but also contributes to the knowledge about the implementation of information systems in sweepstakes companies, considering legal aspects such as personal data protection.Item Desarrollo de un sistema de monitoreo y control de compras en tiendas escolares para supervisar el consumo estudiantil en comunidades vulnerables de Cali(Universidad Santiago de Cali, 2025) Bolaños Bravo, Kevin Alexander; Marcus Martínez, Alejandro (Director)This project proposes the development of a monitoring and purchase control system for school stores, aiming to improve the supervision of student consumption in vulnerable communities in Cali. The technological solution will allow parents to top up their children's balance, monitor purchases in real-time, and access a transaction history, thereby limiting the use of cash and promoting healthier consumption habits. For its development, a structured methodology was used, which included data collection through surveys and visits to educational institutions, system design with a user-centered approach, and the development of a point-of-sale (POS) system in Java along with a web portal in Django. The system validation was carried out through performance tests with JMeter, functionality and usability evaluations with users, and a security analysis with OWASP ZAP. The results obtained allowed for the identification of improvement opportunities and ensured that the system meets the necessary stability, security, and usability requirements for its future adoption in educational environments.Item Sistema informativo administrativo para el control de reservas en discotecas “Easy Booking”(Universidad Santiago de Cali, 2025) Rosero Rentería, Luigi Davide; Tavera Romero, Carlos Andrés (Director)This degree project aims to develop a reservation system for nightclubs called "Easy Booking." Built using Python and a MySQL database, this system seeks to optimize administrative management and improve reservation control. Its main functionality includes an administrative login exclusive to nightclub staff, editable table layouts, and an automated customer registration system. Additionally, it features a mobile application for clients to self-book, check events, and make online payments. "Easy Booking" aspires to positively impact the bar and nightclub sector on a national and global scale.Item Generación automática de reglas procedurales a partir de objetos 3D aplicado al modelado de entornos urbanos (GENOME)(Universidad Santiago de Cali, 2025) Calvache Clavijo, Juan Felipe; Alomia Peñafiel, Gustavo Adolfo (Director)3D modeling is a virtualization technique applied in different fields such as architecture, design, video games and digital environments, the characteristics of the different techniques are given by their complexity or time consumption, therefore, the project aims to study the technique known as procedural modeling, for the creation of a tool and a workflow, that allows to reduce the time in the creation of structures in urban environments. The workflow created in the project comprises three phases, the first aims to capture information, data from geographic information systems (GIS) and photographic image analysis are integrated, the second takes the data from phase one where it is processed by software, generating procedural rules that describe how to model the captured building. The third phase consists of implementing the rules generated in Phase 2 in the CityEngine software. This tool uses procedural rules to extrude 2D axioms into complete 3D models. This project was developed in order to create a tool that would allow the construction of these structures so that the process of building digital environments could be streamlined.Item Software como herramienta complementaria durante el proceso de aprendizaje en el área de matemáticas para estudiantes de grado quinto de primaria(Universidad Santiago de Cali, 2021) Lozano Amaya, Daniela; Ochoa Асosta, Diego Fernando; Tavera Romero, Carlos Andrés (Director)Item Herramienta web interactiva para la comprensión del algoritmo de encriptación RSA(Universidad Santiago de Cali, 2025) Moreno Marín, Kevin Alexander; Pizarro Robles, Daniel; Del Rio Molano, Juan José; Marcus Martínez, Alejandro (Director)This study addresses the difficulty in teaching the RSA asymmetric encryption algorithm due to the lack of interactive educational tools, proposing the development of a web platform to enhance its learning within the field of cybersecurity. The primary objective was to design and implement an innovative educational resource that integrates theory and practice to promote autonomous learning among users. A methodology based on the CDIO approach and constructivism was adopted, employing tools such as Figma for interface design, Node.js, Express, and MySQL for system development, with exhaustive unit tests conducted on each module. The results demonstrated the platform’s proper technical functioning, evidenced by the efficiency of its database connection processes, RSA key generation and validation, and interface management, as well as by the users’ evaluative performance—although a decline in performance in subsequent assessments and some areas for improvement in the user experience were noted. In conclusion, the platform proves to be a viable and effective tool for teaching the RSA algorithm, underscoring the need to optimize pedagogical strategies and refine certain technical aspects to enhance its educational impact.Item Transición de la certificación ISO 27001:2013 a ISO 27001:2022 en una empresa de juegos de azar(Universidad Santiago de Cali, 2025) Castellanos Orejuela, María Jannina; Ruiz Cárdenas, Camilo Andrés; Marcus Martínez, Alejandro (Director)This study addresses the transition from ISO 27001:2013 certification to the 2022 version in a technology company within the gambling sector, which faces the challenge of updating its Information Security Management System (ISMS) to comply with new international standards. The main objective is to support this company in the transition by assessing its current status and developing an action plan that ensures regulatory compliance. The PDCA (Plan, Do, Check, Act) methodology was used, allowing for a systematic and flexible approach to implementing the necessary changes. The results indicate that although the company already has robust controls and strong management commitment, there are weaknesses in adapting to new risks and in the current documentation. Specific requirements of the new standard were identified during the diagnostic phase that had not yet been met, such as new controls for cloud data management and cybersecurity; however, these were addressed to ensure compliance. The conclusions suggest that the transition is not only essential to meet regulatory requirements but also enhances the company’s security and competitiveness in an increasingly complex digital environment.Item Desarrollo de una plataforma de gestión documental para el área de atención al cliente de una empresa de telecomunicaciones(Universidad Santiago de Cali, 2025) Mendoza Rodríguez, Diego; Prieto Bolaños, Ricardo Andrés (Director)This article presents the creation of a document management platform to improve the efficiency of customer service analysts in a telecommunications company. The study aimed to improve document management of key processes through a digital system that automates internal documentation. Design Thinking was used in the development, using web and database technologies. The results show less time spent searching and processing documents, along with improved traceability and version control. The implementation of the system also resulted in increased staff satisfaction, measured through post-implementation surveys. In conclusion, the developed platform satisfies the established technical and functional requirements, providing added value by facilitating more effective information management and contributing to a more efficient and organized work environment.