OWASP Internet of Things
The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.
The project looks to define a structure for various IoT sub-projects separated into the following categories - Seek & Understand, Validate & Test, and Governance. Right now, you can find the following active and upcoming OWASP Internet of Things projects:
Seek & Understand
|IoT Top 10|| Daniel Miessler
Top ten things to avoid when building, deploying or managing IoT systems.
|IoT Top 10 Mapping Project||Aaron Guzman
José A. Rivas
Provides mappings of the OWASP IoT Top 10 2018 to industry publications and sister projects.
IoTGoat is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the top 10 vulnerabilities as documented by OWASP: https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project. IoTGoat is expected to be released in 2020.
Validate & Test
|Firmware Analysis Project||Craig Smith||The Firmware Analysis Project provides: Security testing guidance for vulnerabilities in the “Device Firmware” attack surface, Steps for extracting file systems from various firmware files, Guidance on searching a file systems for sensitive of interesting data, Information on static analysis of firmware contents, Information on dynamic analysis of emulated services (e.g. web admin interface), Testing tool links, and a site for pulling together existing information on firmware analysis|
|Firmware Security Testing Methodology (FSTM)||Aaron Guzman||
The Firmware Security Testing Methodology is composed of nine stages tailored to enable security researchers, software developers, consultants, hobbyists, and Information Security professionals with conducting firmware security assessments.
|ByteSweep||Matt Brown||ByteSweep is a Free Software IoT security analysis platform. This platform will allow IoT device makers, large and small, to conduct fully automated security checks before firmware is shipped.|
|Catalogue of IoT regulatory policies and Certifications||TBD||TBD|
Not what you are looking for? Please have a look at the Internet of Things Page Archive.
Want to start a new IoT security project? Follow https://www.owasp.org/index.php/Category:OWASP_Project#Starting_a_New_Project or contact one of the leaders of the active projects.
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.