The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks and their OWASP Top 10 provides a list of the 10 Most Critical Security Risks. For each risk it provides a description, example vulnerabilities, example attacks, guidance on how to avoid and references to OWASP and other related resources. Many of you are familiar with their Top 10 Most Critical Web Application Security Risks. They provide the list for awareness and guidance on some of the critical web applications security areas to address. It is a great list and many security vendors point to it to show the types of attacks that can be mitigated.
Now the Internet of Things (IoT) has its own OWASP Top 10.
If you've lived under a rock for the past year, IoT or as I like to call it, the Internet of Nouns, is this era where everyday objects - refrigerators, toasters, thermostats, cars, sensors, etc - are connected to the internet and can send and receive data. There have been tons of articles covering IoT over the last 6 months or so, including some of my own.
The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.
The OWASP Internet of Things Top 10 - 2014 is as follows:
- 1 Insecure Web Interface
- 2 Insufficient Authentication/Authorization
- 3 Insecure Network Services
- 4 Lack of Transport Encryption
- 5 Privacy Concerns
- 6 Insecure Cloud Interface
- 7 Insecure Mobile Interface
- 8 Insufficient Security Configurability
- 9 Insecure Software/Firmware
- 10 Poor Physical Security
You can click on each to get a detailed view on the threat agents, attack vectors, security weaknesses, along with the technical and business impacts. They also list any privacy concerns along with example attack scenarios. Good stuff!
ps
Related:
- The Icebox Cometh
- The Applications of Our Lives
- Standards for 'Things'
- Securing the Internet of Things: is the web already breaking up?
- 4 things that will happen in the Internet of Things space in 2014
- Tech's brightest unconvinced by internet of things
- OWASP Internet of Things Top 10
Connect with Peter: | Connect with F5: |
No comments:
Post a Comment