Digital Edition

SYS-CON.TV
'Internet of Things' OWASP Top Ten
Now The Internet of Things (IoT) has its own OWASP Top 10

The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks and their OWASP Top 10 provides a list of the 10 Most Critical Security Risks. For each risk it provides a description, example vulnerabilities, example attacks, guidance on how to avoid and references to OWASP and other related resources. Many of you are familiar with their Top 10 Most Critical Web Application Security Risks. They provide the list for awareness and guidance on some of the critical web applications security areas to address. It is a great list and many security vendors point to it to show the types of attacks that can be mitigated.

Now the Internet of Things (IoT) has its own OWASP Top 10.

If you’ve lived under a rock for the past year, IoT or as I like to call it, the Internet of Nouns, is this era where everyday objects – refrigerators, toasters, thermostats, cars, sensors, etc – are connected to the internet and can send and receive data. There have been tons of articles covering IoT over the last 6 months or so, including some of my own.

The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.

The OWASP Internet of Things Top 10 – 2014 is as follows:

You can click on each to get a detailed view on the threat agents, attack vectors, security weaknesses, along with the technical and business impacts. They also list any privacy concerns along with example attack scenarios. Good stuff!

ps

Related:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]


About Peter Silva
Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of...
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd Inter...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especia...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access ...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to ...
"Akvelon is a software development company and we also provide consultancy services to folks who are...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native a...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced yo...
The question before companies today is not whether to become intelligent, it’s a question of how and...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objecti...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, N...
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offe...
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are...
"MobiDev is a software development company and we do complex, custom software development for everyb...
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mis...
High-velocity engineering teams are applying not only continuous delivery processes, but also lesson...
"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in...
While some developers care passionately about how data centers and clouds are architected, for most,...
"NetApp is known as a data management leader but we do a lot more than just data management on-prem ...