Ingeniería de Sistemas
Permanent URI for this collection
Browse
Recent Submissions
Item Análisis de amenazas y estrategias de seguridad en redes sociales un panorama de ciberataques y violaciones de privacidad(Universidad Santiago de Cali, 2025) Rosero Giraldo, Catalina; Gil López, Johan Sebastián; Tavera Romero, Carlos Andrés (Director)In the digital age, social media has transformed human interactions, consolidating itself as essential spaces for connection, exchange of experiences and information. These platforms have acquired a central role in everyday life, also standing out as main sources of entertainment and key tools for business strategies, especially in advertising and customer acquisition. Therefore, this article aims to analyze the main cyber threats targeting social media users. A systematic review of the literature was carried out following the PRISMA protocol to ensure methodological rigor in the selection of information. The search was carried out in recognized databases such as Google Scholar, Scopus and ScienceDirect, covering studies published between 2018 and 2024. A total of 14 relevant articles were identified and analyzed after applying inclusion and exclusion criteria. The analysis was complemented with tools such as Mendeley for bibliographic organization and descriptive techniques for data synthesis. The study confirmed an increase in threats such as phishing, ransomware, malware, identity theft, and social engineering attacks. Significant cases of privacy violations were documented, including the Cambridge Analytica scandal and vulnerabilities of platforms such as Facebook and TikTok. It concluded that social networks face a high level of risk due to their popularity and accessibility, mitigating these threats requires a joint effort between users, companies and regulators, highlighting the need to educate users and implement security standards.Item Tendencias actuales de las vulnerabilidades y ataques de inyección SQL(Universidad Santiago de Cali, 2025) Duque Muñoz, Sebastián David; Montero Muñoz, Byron Leandro; Prieto Bolaños, Ricardo Andrés (Director)The objective of the research was to explore the vulnerabilities of SQL injection attacks, seen from the topics covered in recent research and international reports. The methodology consisted of a systematic review that allows us to know the current status addressed from several questions: What is the trend in detections of SQL injection attacks? What are the main techniques to identify this type of vulnerability? How do these attacks manifest? What tools are used to identify this type of vulnerability? What are the measures to mitigate this type of vulnerability from being exploited? The databases used were IEEE, ACM, Elservier, taking the period from 2020 to 2024. The results show that up to 2,000 SQL injection attacks have been reported annually, which demonstrates a significant increase over the years. SQL injection attacks manifest themselves by allowing data theft, data manipulation, unauthorized access, denial of services, among others. The types of attacks discussed in the article are: basic, blind, error-based, and UNION-based. The main techniques to identify these vulnerabilities are: static code analysis, penetration testing, vulnerability scanning and log review, using the tools Sebastian David Duque Muñoz, Byron Leandro Montero Muñoz, Henry Raúl González Brito & Yaimí Trujillo Casañola. 2024 SQLMap, OWASP ZAP, Burp Suite, Acunetix, among others. The main measures to mitigate the presence of this type of vulnerabilities and prevent their exploitation are aimed at: input validation and processing, use of parameterized queries, regular vulnerability scanning, application of security updates and security audits.Item Análisis de indicadores de seguridad web y su impacto en el posicionamiento seo en motores de búsqueda(Universidad Santiago de Cali, 2025) Ruiz Guerrero, Ricardo Steven; Loaiza Buitrago, Diego Fernando (Director)Currently, there are various components that affect the SEO positioning of a webpage on search engines. Most companies focus on user experience, usability, webpage loading times, and optimization, neglecting the security of the application, unaware of its significant impact on SEO. This article explores the cybersecurity indicators considered by search engines for the SEO positioning of web applications and the negative impact that neglecting these indicators can have.Item Desarrollo de un sistema de información para la empresa de sorteos Distribuciones JM(Universidad Santiago de Cali, 2025) Burbano Sarria, Kevin Stiven; Hoyos Tobar, Luis Gabriel; Del Rosario Segovia, Patricia (Directora)This study addresses the development of an information system for data management at Distribuciones JM, a company with 24 years of experience in the commercialization of sweepstakes in Cali, Colombia. The development follows the PSP methodology that includes planning, design, coding, compilation, testing and post-mortem; the 6 steps of the PSP were grouped into 4 phases: analysis, design, construction and testing. The theoretical framework is based on the importance of information systems for data automation and business process optimization. The system built, based on principles of automation and efficient data management, is expected to reduce operating costs, improve customer satisfaction and strengthen the company's competitive position. This project not only offers a solution for Distribuciones JM, but also contributes to the knowledge about the implementation of information systems in sweepstakes companies, considering legal aspects such as personal data protection.Item Desarrollo de un sistema de monitoreo y control de compras en tiendas escolares para supervisar el consumo estudiantil en comunidades vulnerables de Cali(Universidad Santiago de Cali, 2025) Bolaños Bravo, Kevin Alexander; Marcus Martínez, Alejandro (Director)This project proposes the development of a monitoring and purchase control system for school stores, aiming to improve the supervision of student consumption in vulnerable communities in Cali. The technological solution will allow parents to top up their children's balance, monitor purchases in real-time, and access a transaction history, thereby limiting the use of cash and promoting healthier consumption habits. For its development, a structured methodology was used, which included data collection through surveys and visits to educational institutions, system design with a user-centered approach, and the development of a point-of-sale (POS) system in Java along with a web portal in Django. The system validation was carried out through performance tests with JMeter, functionality and usability evaluations with users, and a security analysis with OWASP ZAP. The results obtained allowed for the identification of improvement opportunities and ensured that the system meets the necessary stability, security, and usability requirements for its future adoption in educational environments.Item Sistema informativo administrativo para el control de reservas en discotecas “Easy Booking”(Universidad Santiago de Cali, 2025) Rosero Rentería, Luigi Davide; Tavera Romero, Carlos Andrés (Director)This degree project aims to develop a reservation system for nightclubs called "Easy Booking." Built using Python and a MySQL database, this system seeks to optimize administrative management and improve reservation control. Its main functionality includes an administrative login exclusive to nightclub staff, editable table layouts, and an automated customer registration system. Additionally, it features a mobile application for clients to self-book, check events, and make online payments. "Easy Booking" aspires to positively impact the bar and nightclub sector on a national and global scale.Item Generación automática de reglas procedurales a partir de objetos 3D aplicado al modelado de entornos urbanos (GENOME)(Universidad Santiago de Cali, 2025) Calvache Clavijo, Juan Felipe; Alomia Peñafiel, Gustavo Adolfo (Director)3D modeling is a virtualization technique applied in different fields such as architecture, design, video games and digital environments, the characteristics of the different techniques are given by their complexity or time consumption, therefore, the project aims to study the technique known as procedural modeling, for the creation of a tool and a workflow, that allows to reduce the time in the creation of structures in urban environments. The workflow created in the project comprises three phases, the first aims to capture information, data from geographic information systems (GIS) and photographic image analysis are integrated, the second takes the data from phase one where it is processed by software, generating procedural rules that describe how to model the captured building. The third phase consists of implementing the rules generated in Phase 2 in the CityEngine software. This tool uses procedural rules to extrude 2D axioms into complete 3D models. This project was developed in order to create a tool that would allow the construction of these structures so that the process of building digital environments could be streamlined.Item Software como herramienta complementaria durante el proceso de aprendizaje en el área de matemáticas para estudiantes de grado quinto de primaria(Universidad Santiago de Cali, 2021) Lozano Amaya, Daniela; Ochoa Асosta, Diego Fernando; Tavera, Carlos Andres (Director)Item Transición de la certificación ISO 27001:2013 a ISO 27001:2022 en una empresa de juegos de azar(Universidad Santiago de Cali, 2025) Castellanos Orejuela, María Jannina; Ruiz Cárdenas, Camilo Andrés; Marcus Martínez, Alejandro (Director)This study addresses the transition from ISO 27001:2013 certification to the 2022 version in a technology company within the gambling sector, which faces the challenge of updating its Information Security Management System (ISMS) to comply with new international standards. The main objective is to support this company in the transition by assessing its current status and developing an action plan that ensures regulatory compliance. The PDCA (Plan, Do, Check, Act) methodology was used, allowing for a systematic and flexible approach to implementing the necessary changes. The results indicate that although the company already has robust controls and strong management commitment, there are weaknesses in adapting to new risks and in the current documentation. Specific requirements of the new standard were identified during the diagnostic phase that had not yet been met, such as new controls for cloud data management and cybersecurity; however, these were addressed to ensure compliance. The conclusions suggest that the transition is not only essential to meet regulatory requirements but also enhances the company’s security and competitiveness in an increasingly complex digital environment.Item Desarrollo de una plataforma de gestión documental para el área de atención al cliente de una empresa de telecomunicaciones(Universidad Santiago de Cali, 2025) Mendoza Rodriguez, Diego; Prieto Bolaños, Ricardo Andrés (Director)This article presents the creation of a document management platform to improve the efficiency of customer service analysts in a telecommunications company. The study aimed to improve document management of key processes through a digital system that automates internal documentation. Design Thinking was used in the development, using web and database technologies. The results show less time spent searching and processing documents, along with improved traceability and version control. The implementation of the system also resulted in increased staff satisfaction, measured through post-implementation surveys. In conclusion, the developed platform satisfies the established technical and functional requirements, providing added value by facilitating more effective information management and contributing to a more efficient and organized work environment.Item Desarrollo de un sistema de información para teléfonos inteligentes que permita mejorar el seguimiento de los procedimientos quirúrgicos(Universidad Santiago de Cali, 2025) Hernández Zamora, Carlos Augusto; Tavera Romero, Carlos Andrés (Director)This paper presents the development of an information system for smartphones to track surgical procedures in hospitals, allowing to visualize the status of each stage, from preparation to patient recovery. The solution implements BLoC architecture and NoSQL databases for efficient data management. The methodology used was Agile Unified Process (AUP), structured in four phases: initiation, elaboration, construction and transition, allowing the identification of requirements, architecture design, system implementation and business simulation with the Enterprise Architect tool. The developed application improves the coordination and communication of the medical team, allowing greater control over surgeries and reducing interruptions caused by delays or lack of information. In this way, a support tool for the follow-up of surgical procedures was generated.Item PEIPI (Plataforma para la extracción de Informes de profesores e Investigadores)(Universidad Santiago de Cali, 2025) Bejarano Betancourt, Juan Sebastian; Tavera Romero, Carlos Andrés (Director)This paper presents a system designed to extract information from teachers and researchers of a high-quality accredited institution in Colombia, focusing on the CvLAC and GrupLAC platforms. Using advanced web scraping techniques and the Django framework, the system optimizes data collection from the Faculty of Engineering, with easy adaptation to other faculties and academic programs. The selected methodology was PSP (Personal Software Process), ensuring user-centered development and innovative solutions focused on solving the problem with automation. Django stands out as the best option thanks to its robust libraries and its compatibility with the Python language, facilitating an agile and efficient development. The main contribution of this development is to offer the USC Faculty of Engineering a computer system that reduces the time it takes to build faculty reports.Item Desarrollo de prototipo de un agente inteligente para extraer información legal en el sitio web de la rama judicial de Colombia(Universidad Santiago de Cali, 2025) Guayara Suarez, Víctor Manuel; Waitoto Garces, Luis Felipe; Alomia Peñafiel, Gustavo Adolfo (Director)Efficiency in the judicial system is crucial to ensure fairness and justice; however, the Judicial Branch in Colombia faces numerous challenges due to the manual tracking of legal proceedings, resulting in a high propensity for errors and inefficient use of resources. It is worth mentioning that this project proposes the development of a prototype of an automated legal case management system by means of an intelligent agent, using web scraping techniques. In the same way, this system will improve the efficiency and accuracy in the follow-up of legal procedures, thus optimizing the management of customer relations in a service sector company in Santiago de Cali. In this way, the implementation of this prototype in a web environment will facilitate its connection and use, adjusting to the roles provided to users and optimizing the space in its modules. At the same time, it will provide fast and efficient remote support, which will translate into greater customer satisfaction. In short, the analyses generated by the system will focus on providing better proposals for clients, contributing to an efficient and equitable judicial system.Item Prototipo de programa para la enseñanza de programación básica a personas con discapacidad visual mediante inteligencia artificia(Universidad Santiago de Cali, 2025) Mosquera Palacios, Miller Sair; Ruiz Botina, José Julián; Cerón, Lorena (Directora)The inclusion of visually impaired individuals in the world of programming is essential in an increasingly digital society. Currently, millions of people face obstacles that limit their access to technological tools, which affects their personal and professional development. This project developed a prototype program, using artificial intelligence, designed to teach basic programming concepts to visually impaired individuals. The process was developed under the waterfall methodology, ensuring structured planning from identifying needs to implementing accessible technologies such as Text-to-Speech (TTS) and Speech-to-Text (SST). The aim was to create an accessible interface that allows for efficient navigation through voice commands and keyboard input. A functional prototype is expected to be obtained that facilitates programming learning for visually impaired individuals, validated through practical tests carried out with real users. Through these tests, aspects such as usability, accessibility, and effectiveness in teaching basic programming concepts will be evaluated, identifying areas for improvement to optimize the user experience. The project conclusions will not only analyze the efficiency of the tool in acquiring programming knowledge but also its potential to reduce access barriers in technological education, increasing social and professional inclusion opportunities for visually impaired individuals. This prototype represents a significant advance toward a more inclusive education, as it provides this population group with a pathway to integrate into the technological field, promoting their active participation and the appreciation of their unique contributions in the development of new technologies.Item Análisis de la vulnerabilidad XSS persistente: Estado actual, medidas de mitigación y herramientas de detección(Universidad Santiago de Cali, 2025) Pinta Higuita, Sergio Iván; Ordoñez Serna, Farid; Rojas Montes, Javier Salvador (Director)This review article focuses on the threat of persistent Cross-Site Scripting (XSS) in web applications, covering its emergence, evolution, exploitation methods, emerging trends, and impact on the IT sector. A systematic literature review was conducted following the PRISMA methodology (Preferred Reporting Items for Systematic Reviews and Meta-Analyses), selecting relevant sources from academic databases such as SpringerLink, Taylor & Francis Online, Scopus, Google Scholar, IEEE Xplore, ACM Digital Library, and ScienceDirect. Studies were evaluated based on relevance, timeliness, and data quality. Subsequently, detection tools such as OWASP ZAP, Burp Suite, and Acunetix are reviewed, highlighting their role in the early identification of vulnerabilities. Prevention and mitigation strategies are also examined, including rigorous data validation, secure encoding, the use of frameworks and security tools, and the importance of training IT security personnel to raise awareness of cybersecurity's importance within organizations. Additionally, integrating security practices throughout the software lifecycle is proposed to ensure a robust defense against persistent XSS. The information collected was analyzed and synthesized to provide a comprehensive view of the persistent XSS vulnerability. The most relevant conclusion emphasizes the importance of a defense-in-depth approach, using detection tools, well-defined security policies, and continuous staff training as critical approaches to effectively mitigate the risks associated with persistent XSS in web applications.Item Desarrollo de un portal web corporativo para la gestión de cotizaciones en la empresa Xideaceros(Universidad Santiago de Cali, 2024) González Grajales, Edward Fernando; Marcus Martínez, Alejandro (Director)In this research, a quote management web portal was developed for the company Xideaceros, in order to optimize the quote process. The company usually makes quotes manually or with Word, which generates inconsistencies, lack of organization and poor optimization. For the development of the system, the V model was chosen due to its structured approach and suitable for projects with clear requirements and Laravel and FilamentPHP were used with the MVC pattern for system coding, while MySQL was used for data storage. . The results obtained were significant since the system allows quotes to be developed and sent 62.70% faster. The proposed system allows you to manage quotes, clients and offers in an integrated way, with functionalities to create quotes, view them in PDF format and send them by email directly from the platformItem Revisión bibliográfica de la vulnerabilidad de falsificación de solicitudes del lado del servidor (SSRF)(Universidad Santiago de Cali, 2024) García Morales, Rubén Darío; Marcus Martínez, Alejandro (Director)Since 2021, server-side request forgery or SSRF began to be registered as a risk to computer security in the top 10 vulnerabilities published by the Open Web Application Security Project or OWASP (2024). The SSRF is a Web security vulnerability that allows the attacker to access a server to make HTTP or other requests to resources internal or external to the network, without the knowledge or consent of the server or authorized users who, if applicable, exploited, threatens the security of information systems, networks and data against unauthorized access, use, disclosure, interruption, modification or destruction. In that sense, literature aimed at computer security has addressed the vulnerabilities of the OWASP Top 10:2021, but in a general way, and the texts that refer to SSRF focus on making recommendations to prevent it. Therefore, the objective of this literature review is to synthesize what is known about the SSRF vulnerability; In that sense, it was proposed to succinctly address the scope of computer security, what SSRF consists of, and how it is prevented. The methodology corresponds to a systemic review of documents on the SSRF based on the OWASP 2021 report. The results indicate that attackers take advantage of failures and validation of URLs and the lack of control over the requests made by the server to exploit the SSRF. In this situation, to ensure the protection of information, it is important to identify and correct SSRF vulnerabilities through appropriate security practices.Item Análisis de pruebas de penetración en sistemas y servicios web(Universidad Santiago de Cali, 2024) Mateus Rendon, Erick Steven; Chaves Cárdenas, Dalessandro; González Mejía, Erick Santiago; Rojas Montes, Javier Salvador (Director)IT services face various risks, mainly from cyber attacks. Web penetration testing determines whether a web system is vulnerable to attacks using tools and techniques that are usually used by penetration specialists who are dedicated to identifying vulnerabilities in these. Case studies are presented in order to expose an adequate management of cybersecurity, using specialized tools such as Nessus, which includes a practical case of a university where this tool is used to evaluate the security of its websites, and also Metasploit, which together with the Kali Linux operating system addresses a practical case where IoT devices are completely compromised. The review was prepared using the PRISMA methodology, selecting 70 articles and of which 26 articles were used. This methodology guarantees the quality and reliability of the sources. Web penetration testing evaluated vulnerabilities using black, white and gray box approaches, using manual and/or automated techniques. Web penetration testing consists of a 5-phase methodology: planning, scanning, exploitation, maintaining access and generating reports. In conclusion, it was found that the combination of penetration testing approaches (black, white and grey box), together with the use of emerging technologies such as artificial intelligence, not only optimizes vulnerability detection, but also strengthens system security. The incorporation of automated tools and advanced attack simulation allows organizations to mitigate potential impacts and protect their systems more efficiently.Item Análisis de vulnerabilidad en contraseñas de correos electrónicos(Universidad Santiago de Cali, 2024) Caicedo Olaya, William Alexander; Rojas Cardona, Brayan Esteban; Marcus Martínez, Alejandro (Director)In the digital age, password security has become critically important due to the increased reliance on online platforms for both personal and professional information management. With increasing connectivity and the massive sharing of sensitive data via email, password-related vulnerabilities have increased significantly. Weak passwords, reuse of credentials and attacks such as phishing and cracking expose both individuals and organizations to the risk of unauthorized access and data exploitation. This study focuses on the analysis of vulnerable passwords in emails, examining the most common cases of poor password management practices. Password-related threats not only affect individual users, but also compromise critical infrastructures and essential services, magnifying the impact of potential security breaches. Among the strategies proposed are multi-factor authentication, the use of automatically generated passwords using algorithms, and the implementation of password managers to create complex and secure credentials. The research reveals patterns of vulnerability that reinforce the urgent need to improve email security practices. It also underscores the importance of a comprehensive approach to cybersecurity, in which both users and technology developers share responsibility for fostering a culture of security that protects privacy and maintains trust in digital platforms. Proper password protection is key to ensuring data integrity.Item Integración de modelos de inteligencia artificial y tecnología cisco IoT: Una revisión bibliográfica para la definición de requisitos y configuración de modelos AIoT(Universidad Santiago de Cali, 2025) Tobón González, Luis Miguel; Mina Guevara, Cristian; Rojas Montes, Javier Salvador (Director)Internet of Things systems are widely used in various applications. However, these systems still have limitations, such as high latency for sending information to the cloud and real-time responses. This paper aims to conduct a review of the integration of edge computing and blockchain in IoT systems and document how Artificial Intelligence combined with the Internet of Things harnesses the power of both technologies for efficient data management. It also examines different models and infrastructures for proper implementation with fog computing and edge computing, where it highlights the need for strategic planning and ongoing training. The paper highlights that AIoT is crucial for improving operational efficiency and promoting innovation in an increasingly connected and data-driven world. A systematic literature review was conducted following the guidelines established by the PRISMA methodology, ensuring a rigorous and structured approach. Relevant sources were identified using academic databases and studies were selected according to criteria of relevance, timeliness and data quality.