This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "IoT Attack Surface Area - Administrative Interface"

From OWASP
Jump to: navigation, search
 
Line 33: Line 33:
 
|
 
|
 
* Test
 
* Test
 +
|-
 
| '''Device Web Interface'''
 
| '''Device Web Interface'''
 
|
 
|

Latest revision as of 19:12, 7 August 2015

The goal of this page is

Attack Surface Vulnerability Data Type
Ecosystem Access Control
  • Implicit trust between components
  • Enrollment security
  • Decommissioning system
  • Lost access procedures
  • Test
Device Memory
  • Cleartext usernames
  • Cleartext passwords
  • Third-party credentials
  • Encryption keys
  • Test
Device Physical Interfaces
  • Firmware extraction
  • User CLI
  • Admin CLI
  • Privilege escalation
  • Reset to insecure state
  • Test
Device Web Interface
  • SQL injection
  • Cross-site scripting
  • Username enumeration
  • Weak passwords
  • Account lockout
  • Known credentials
  • Test