Application of MAGERIT to reduce risks in Web services in an academic context in Ecuador.

This study presents an adaptation of the MAGERIT methodology that allows us to manage the IT security risks of a company's web services. For this purpose, the first step was to determine the company’s information assets along with possible threats, and in the event of materialization the impact of these threats was then measured to identify the safeguards of these assets. After this, a web services vulnerability detection test was performed using a free software tool called VEGA. Finally, the level of risk was determined so that IT staff will be better able to make future decisions. In the analysis of the vulnerability of web services, the most common vulnerabilities found were: SQL Injection, PHP Error Detected and Directory Listing Detected, among others. With the implementation of this model, high risk vulnerabilities were reduced to 87.87% and 12.13% of all vulnerabilities were eliminated.