Purpose: Each year, the number of enterprise and consumer devices with embedded software are on the rise. Given the publicity with IoT and more devices becoming network connected, it is crucial that guidelines form OWASP on embedded software should be created. Embedded Application Security is not often a high priority for embedded devices such as Routers, Managed Switches, IoT devices, and even ATM Kiosks. There are many challenges in the embedded field including ODM supply chain, limited memory, a small stack, and the challenge of pushing firmware updates securely to an endpoint.
The goal of this project is to identify the risks in embedded applications on a generalized list of devices, create a list of best practices, draw on the resources that OWASP already has, and bring OWASP expertise to the embedded world.
Please see our Google Group for discussions and progress
https://groups.google.com/a/owasp.org/forum/?hl=en#!forum/embedded-appsec
|