securing the internet of things rsac - owasp€¦ · securing the internet of things: mapping...
TRANSCRIPT
![Page 1: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/1.jpg)
SESSION ID:
#RSAC
ASD-T10
Security ResearchHP Fortify on Demand
@danielmiessler
Daniel Miessler
Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10
![Page 2: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/2.jpg)
#RSAC
2
! HP Fortify on Demand ! Security Research & Development ! Penetration Testing ! OWASP Project Leader (IoT, Mobile)
![Page 3: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/3.jpg)
#RSAC
The Plan
3
! Let’s Talk About Naming ! A Vision of the Future (Universal Daemonization) ! Why IoT is Currently Broken ! Examples From Research ! The OWASP IoT Project ! Applying What We’ve Learned ! One more thing…
![Page 4: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/4.jpg)
#RSAC
What does it mean?
4
![Page 5: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/5.jpg)
#RSAC
What does it mean?
5
! [ WIKIPEDIA ] The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices.
! [ OXFORD ] A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.
![Page 6: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/6.jpg)
#RSAC
Better Names
6
! Universal Daemonization ! Universal Object Interaction ! Programmable Object Interfaces (POIs) ! Transfurigated Phase Inversion
![Page 7: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/7.jpg)
#RSAC
The Real Internet of Things
7
![Page 8: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/8.jpg)
#RSAC
The Real Internet of Things
8
![Page 9: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/9.jpg)
#RSAC
Universal Daemonization
9
![Page 10: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/10.jpg)
#RSAC
The Current IoT Security Problem
10
![Page 11: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/11.jpg)
#RSAC
The Current IoT Security Problem
11
network ! services, encryption, firewall, input…
![Page 12: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/12.jpg)
#RSAC
The Current IoT Security Problem
12
networkapplication ! authN, authZ, input validation, etc.
![Page 13: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/13.jpg)
#RSAC
The Current IoT Security Problem
13
networkapplication
mobile ! insecure APIs, lack of encryption, etc.
![Page 14: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/14.jpg)
#RSAC
The Current IoT Security Problem
14
networkapplication
mobilecloud ! yadda yadda AuthSessionAccess
![Page 15: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/15.jpg)
#RSAC
IoT Security is the Worst-of-All-Worlds
15
networkapplication
mobilecloudIoT ! net + app + mobile + cloud = IoT
! yadda yadda AuthSessionAccess
! insecure APIs, lack of encryption, etc.
! authN, authZ, input validation, etc.
! services, encryption, firewall, input…
![Page 16: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/16.jpg)
#RSAC
The Current IoT Security Problem
16
networkapplication
mobilecloudIoT
1 + 1 = 5
![Page 17: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/17.jpg)
#RSAC
IoT Security Fail Examples
17
networkapplication
mobilecloudIoT
![Page 18: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/18.jpg)
#RSAC
IoT Security Fail Examples (Authentication)
18
networkapplication
mobilecloudIoT
! 10/10 security systems accept ‘123456’! Account enumeration! Lack of account lockout
![Page 19: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/19.jpg)
#RSAC
IoT Security Fail Examples (Update Systems)
19
networkapplication
mobilecloudIoT
! No signing of updates! Download over FTP! Server was world-writeable! Server held ALL products
![Page 20: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/20.jpg)
#RSAC
IoT Security Fail Examples
20
networkapplication
mobilecloudIoT
! 10/10 security systems accept ‘123456’! 10/10 security systems with no lockout! 10/10 security systems with enumeration! SSH listeners with root/“” access! 6/10 web interfaces with XSS/SQLi! 70% of devices not using encryption! 8/10 collected personal information! 9/10 had no two-factor options! Unauthenticated video streaming! Completely flawed software update systems
![Page 21: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/21.jpg)
#RSAC
The Need for a Methodology
21
networkapplication
mobilecloudIoT
![Page 22: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/22.jpg)
#RSAC
Mapping IoT Attack Surface Areas
22
![Page 23: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/23.jpg)
#RSAC
OWASP IoT: I1 — Insecure Web Interface
23
![Page 24: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/24.jpg)
#RSAC
OWASP IoT: I1 — Insecure Web Interface
24
![Page 25: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/25.jpg)
#RSAC
OWASP IoT: I2 — Insecure Network Services
25
![Page 26: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/26.jpg)
#RSAC
OWASP IoT: I3 — Lack of Transport Encryption
26
![Page 27: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/27.jpg)
#RSAC
OWASP IoT: I5 — Privacy Concerns
27
![Page 28: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/28.jpg)
#RSAC
OWASP IoT: I6 — Insecure Cloud Interface
28
![Page 29: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/29.jpg)
#RSAC
OWASP IoT: I7 — Insecure Mobile Interface
29
![Page 30: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/30.jpg)
#RSAC
OWASP IoT: I8 — Insufficient Security Configurability
30
![Page 31: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/31.jpg)
#RSAC
OWASP IoT: I9 — Insecure Software/Firmware
31
![Page 32: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/32.jpg)
#RSAC
OWASP IoT: I10 — Poor Physical Security
32
![Page 33: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/33.jpg)
#RSAC
OWASP IoT Project Goals
33
1. Understand the main attack surface areas for any IoT device or ecosystem
![Page 34: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/34.jpg)
#RSAC
OWASP IoT Project Goals
34
1. Understand the main attack surface areas for any IoT device or ecosystem
2. As a tester, be able to hit the major issues for each surface area for the product you’re testing
![Page 35: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/35.jpg)
#RSAC
OWASP IoT Project Goals
35
1. Understand the main attack surface areas for any IoT device or ecosystem
2. As a tester, be able to hit the major issues for each surface area for the product you’re testing
3. As a manufacturer, be able to ensure that you’ve done your due diligence in security across the main surface areas
![Page 36: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/36.jpg)
#RSAC
OWASP IoT Project Goals
36
1. Understand the main attack surface areas for any IoT device or ecosystem
2. As a tester, be able to hit the major issues for each surface area for the product you’re testing
3. As a manufacturer, be able to ensure that you’ve done your due diligence in security across the main surface areas
4. As a developer, be able to ensure that you’re avoiding the top security issues while building your particular component
![Page 37: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/37.jpg)
#RSAC
OWASP IoT Project Goals
37
1. Understand the main attack surface areas for any IoT device or ecosystem
2. As a tester, be able to hit the major issues for each surface area for the product you’re testing
3. As a manufacturer, be able to ensure that you’ve done your due diligence in security across the main surface areas
4. As a developer, be able to ensure that you’re avoiding the top security issues while building your particular component
5. As a consumer, ensure you’re using the technology safely
![Page 38: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/38.jpg)
#RSAC
OWASP IoT Project Goals
38
1. Understand the main attack surface areas for any IoT device or ecosystem
2. As a tester, be able to hit the major issues for each surface area for the product you’re testing
3. As a manufacturer, be able to ensure that you’ve done your due diligence in security across the main surface areas
4. As a developer, be able to ensure that you’re avoiding the top security issues while building your particular component
5. As a consumer, ensure you’re using the technology safely
![Page 39: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/39.jpg)
#RSAC
OWASP IoT Project Organization
39
![Page 40: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/40.jpg)
#RSAC
OWASP IoT Project (Context-based Recommendations)
40
![Page 41: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/41.jpg)
#RSAC
OWASP IoT Project (Consumer Recommendations)
41
![Page 42: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/42.jpg)
#RSAC
OWASP IoT Project (FAQ)
42
1. If IoT is just a collection of other technologies, why not just use existing OWASP projects?
![Page 43: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/43.jpg)
#RSAC
OWASP IoT Project (FAQ)
43
1. If IoT is just a collection of other technologies, why not just use existing OWASP projects? (one place, multiple spaces)
2. Why call it a Top 10 List, which is traditionally a list of vulnerabilities?
![Page 44: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/44.jpg)
#RSAC
OWASP IoT Project (FAQ)
44
1. If IoT is just a collection of other technologies, why not just use existing OWASP projects? (one place, multiple spaces)
2. Why call it a Top 10 List, which is traditionally a list of vulnerabilities? (tradition, approachability)
3. Why not have X category, or Y category, or you should move I7 to I2, etc.
![Page 45: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/45.jpg)
#RSAC
OWASP IoT Project (FAQ)
45
1. If IoT is just a collection of other technologies, why not just use existing OWASP projects? (one place, multiple spaces)
2. Why call it a Top 10 List, which is traditionally a list of vulnerabilities? (tradition, approachability)
3. Why not have X category, or Y category, or you should move I7 to I2, etc. (excellent, come help)
https://lists.owasp.org/mailman/listinfo/owasp_internet_of_things_top_ten_project
![Page 46: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/46.jpg)
#RSAC
How to Apply This
46
Concept Application
![Page 47: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/47.jpg)
#RSAC
How to Apply This
47
The Internet of Things is not just about sensors and machines. It’s about people, and how they will continuously interact with their environments through their personal assistants and Universal Daemonization.
Concept Application
![Page 48: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/48.jpg)
#RSAC
How to Apply This
48
The Internet of Things is not just about sensors and machines. It’s about people, and how they will continuously interact with their environments through their personal assistants and Universal Daemonization.
You now know the future before others do, and can use that knowledge to inform better decisions.
Concept Application
![Page 49: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/49.jpg)
#RSAC
How to Apply This
49
The Internet of Things is not just about sensors and machines. It’s about people, and how they will continuously interact with their environments through their personal assistants and Universal Daemonization.
You now know the future before others do, and can and use that knowledge to inform better decisions.
IoT Security is broken for three reasons: it’s worst-of-all-worlds scenario, nobody is paid to secure IoT, and 1+1=5 when it comes to security and complexity.
Concept Application
![Page 50: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/50.jpg)
#RSAC
How to Apply This
50
The Internet of Things is not just about sensors and machines. It’s about people, and how they will continuously interact with their environments through their personal assistants and Universal Daemonization.
You now know the future before others do, and can use that knowledge to inform better decisions.
IoT Security is broken for three reasons: it’s worst-of-all-worlds scenario, nobody is paid to secure IoT, and 1+1=5 when it comes to security and complexity.
You can now identify the common causes for the mistakes, and look out for them in projects you consult on.
Concept Application
![Page 51: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/51.jpg)
#RSAC
How to Apply This
51
The Internet of Things is not just about sensors and machines. It’s about people, and how they will continuously interact with their environments through their personal assistants and Universal Daemonization.
Know the future before others do, and use that knowledge to inform better decisions.
IoT Security is broken for three reasons: it’s worst-of-all-worlds scenario, nobody is paid to secure IoT, and 1+1=5 when it comes to security and complexity.
You can now identify the common causes for the mistakes, and look out for them in projects you consult on.
The OWASP IoT Top 10 Project maps IoT attack surface areas and gives contextual and prescriptive guidance on how to avoid vulnerabilities within each.
Concept Application
![Page 52: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/52.jpg)
#RSAC
How to Apply This
52
The Internet of Things is not just about sensors and machines. It’s about people, and how they will continuously interact with their environments through their personal assistants and Universal Daemonization.
Know the future before others do, and use that knowledge to inform better decisions.
IoT Security is broken for three reasons: it’s worst-of-all-worlds scenario, nobody is paid to secure IoT, and 1+1=5 when it comes to security and complexity.
You can now identify the common causes for the mistakes, and look out for them in projects you consult on.
The OWASP IoT Top 10 Project maps IoT attack surface areas and gives contextual and prescriptive guidance on how to avoid vulnerabilities within each.
You can now use the OWASP IoT Project as a tangible guide to securing the IoT systems you work with.
Concept Application
![Page 53: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/53.jpg)
#RSAC
Other IoT Resources
! Build It Securely Project (connects SMBs with researchers) ! Mark Stanislav and Zach Lanier
! I am the Cavalry (focuses on automotive IoT security) ! Josh Corman
! IoT Firmware Testing Training ! Paul Asadoorian (BlackHat)
53
![Page 54: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/54.jpg)
#RSAC
Just One More Thing…
! OWASP IoT Top 10 Mini-poster ! ! Card stock ! Two-sided ! Covers Top 10 Surface Areas ! Available for download as well
54
![Page 55: Securing the Internet of Things RSAC - OWASP€¦ · Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10. #RSAC 2! ... cloud IoT! 10/10 security](https://reader036.vdocument.in/reader036/viewer/2022062916/5ec9a8e9b24d80163d519d2a/html5/thumbnails/55.jpg)
#RSAC
Thank you!
55
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project
[email protected]://danielmiessler.com
@danielmiessler