Digital Edition

SYS-CON.TV
'Internet of Things' OWASP Top Ten
Now The Internet of Things (IoT) has its own OWASP Top 10

The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks and their OWASP Top 10 provides a list of the 10 Most Critical Security Risks. For each risk it provides a description, example vulnerabilities, example attacks, guidance on how to avoid and references to OWASP and other related resources. Many of you are familiar with their Top 10 Most Critical Web Application Security Risks. They provide the list for awareness and guidance on some of the critical web applications security areas to address. It is a great list and many security vendors point to it to show the types of attacks that can be mitigated.

Now the Internet of Things (IoT) has its own OWASP Top 10.

If you’ve lived under a rock for the past year, IoT or as I like to call it, the Internet of Nouns, is this era where everyday objects – refrigerators, toasters, thermostats, cars, sensors, etc – are connected to the internet and can send and receive data. There have been tons of articles covering IoT over the last 6 months or so, including some of my own.

The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.

The OWASP Internet of Things Top 10 – 2014 is as follows:

You can click on each to get a detailed view on the threat agents, attack vectors, security weaknesses, along with the technical and business impacts. They also list any privacy concerns along with example attack scenarios. Good stuff!

ps

Related:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]


About Peter Silva
Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

In this presentation, you will learn first hand what works and what doesn't while architecting and d...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking q...
Creating replica copies to tolerate a certain number of failures is easy, but very expensive at clou...
"This week we're really focusing on scalability, asset preservation and how do you back up to the cl...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
"We work around really protecting the confidentiality of information, and by doing so we've develope...
"Software-defined storage is a big problem in this industry because so many people have different de...
"Our strategy is to focus on the hyperscale providers - AWS, Azure, and Google. Over the last year w...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the bu...
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Goo...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critica...
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined ...
In his session at 20th Cloud Expo, Brad Winett, Senior Technologist for DDN Storage, will present se...
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase...
"Cloud computing is certainly changing how people consume storage, how they use it, and what they us...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, ...
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will featur...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan...