|
|
| (207 intermediate revisions by 8 users not shown) |
| Line 1: |
Line 1: |
| − | {{Social Media Links}}
| + | #REDIRECT [[OWASP_Internet_of_Things_Project]] |
| − | | |
| − | =Main=
| |
| − | | |
| − | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
| |
| − | | |
| − | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| |
| − | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
| |
| − | | |
| − | ==OWASP Internet of Things Top 10 Project==
| |
| − | | |
| − | Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”
| |
| − | | |
| − | The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.
| |
| − | | |
| − | Examples of IoT Devices: Cars, lighting systems, refrigerators, telephones, SCADA systems, traffic control systems, home security systems, TVs, DVRs, etc…
| |
| − | | |
| − | | |
| − | | |
| − | ==Licensing==
| |
| − | The OWASP Internet of Things Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
| |
| − | | |
| − | | |
| − | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
| |
| − | | |
| − | == What is the OWASP Internet of Things Top 10? ==
| |
| − | | |
| − | The OWASP Internet of Things Top 10 provides:
| |
| − | | |
| − | * A list of the 10 Most Critical Internet of Things Security Risks
| |
| − | | |
| − | And for each Risk it provides:
| |
| − | * A description
| |
| − | * Example vulnerabilities
| |
| − | * Example attacks
| |
| − | * Guidance on how to avoid
| |
| − | * References to OWASP and other related resources
| |
| − | | |
| − | == Project Leaders ==
| |
| − | | |
| − | * Daniel Miessler
| |
| − | * Jason Haddix
| |
| − | * Craig Smith
| |
| − | | |
| − | == Related Projects ==
| |
| − | | |
| − | * [[OWASP_CISO_Survey]]
| |
| − | | |
| − | | |
| − | | |
| − | | valign="top" style="padding-left:25px;width:200px;" |
| |
| − | | |
| − | == Quick Download ==
| |
| − | | |
| − | | |
| − | | |
| − | == Email List ==
| |
| − | | |
| − | | |
| − | == News and Events ==
| |
| − | | |
| − | | |
| − | ==Classifications==
| |
| − | | |
| − | {| width="200" cellpadding="2"
| |
| − | |-
| |
| − | | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| |
| − | | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
| |
| − | |-
| |
| − | | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
| |
| − | |-
| |
| − | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
| |
| − | |-
| |
| − | | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
| |
| − | |}
| |
| − | | |
| − | |}
| |
| − | | |
| − | | |
| − | = OWASP Internet of Things Top 10 for 2014 =
| |
| − | | |
| − | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
| |
| − | | |
| − | | |
| − | The OWASP Internet of Things Top 10 - 2014 is as follows:
| |
| − | | |
| − | * [[Top_10_2014-Insecure Web Interface | Insecure Web Interface]]
| |
| − | * [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
| |
| − | * [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
| |
| − | * [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
| |
| − | * [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
| |
| − | * [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
| |
| − | * [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
| |
| − | * [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
| |
| − | * [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
| |
| − | * [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]
| |
| − | | |
| − | | |
| − | == Introduction ==
| |
| − | | |
| − | Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”
| |
| − | | |
| − | The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.
| |
| − | | |
| − | Examples of IoT Devices: Cars, lighting systems, refrigerators, telephones, SCADA systems, traffic control systems, home security systems, TVs, DVRs, etc…
| |
| − | | |
| − | | |
| − | | |
| − | == Feedback ==
| |
| − | | |
| − | Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!
| |
| − | | |
| − | We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to [email protected] Thanks! | |
| − | | |
| − | To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]
| |
| − | | |
| − | | |
| − | == Project Sponsors ==
| |
| − | | |
| − | | |
| − | | |
| − | <!-- ==== Project Identification ====
| |
| − | {{Template:OWASP OWASP_Top10 Project}} -->
| |
| − | | |
| − | | |
| − | | |
| − | = Project Details =
| |
| − | | |
| − | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
| |
| − | | |
| − | | |
| − | {{:Projects/OWASP_Internet_of_Things_Top_Ten_Project}}
| |
| − | | |
| − | | |
| − | | |
| − | | |
| − | __NOTOC__ <headertabs />
| |
| − | | |
| − | [[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]]
| |
