This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "IoT Security Checklist"
From OWASP
(→Client-device encryption) |
|||
| Line 1: | Line 1: | ||
= The Checklist = | = The Checklist = | ||
Originally presented by @wallarm at OWASP Russia Meetup #2. | Originally presented by @wallarm at OWASP Russia Meetup #2. | ||
| − | |||
== Threat model : neighbour == | == Threat model : neighbour == | ||
| Line 46: | Line 45: | ||
* Present | * Present | ||
* Not present | * Not present | ||
| − | |||
== Threat model : website == | == Threat model : website == | ||
| Line 57: | Line 55: | ||
* Not present | * Not present | ||
* Threat model applies for guest too! | * Threat model applies for guest too! | ||
| − | |||
== Threat model : physical == | == Threat model : physical == | ||
Revision as of 12:59, 1 March 2015
The Checklist
Originally presented by @wallarm at OWASP Russia Meetup #2.
Threat model : neighbour
Unprotected wireless channel
- Present
- Not present
Threat model : guest
Authentication between client and device
- Not present
- Login/password
- Key
Client-device encryption
- Not present
- Weak
- Strong
- Type:
- Symmetric
- Asymmetric
- Encryption key length
Authentication for firmware update
- Not present
- Login/password
- Key
Firmware integrity controls
- Not present
- Weak
- Strong
- Type:
- E-signature
- Checksum
- Self-written
- Threat model applies for reseller too!
Threat model : vendor
Hidden data exchange services
- Present
- Not present
Backdoor accounts
- Present
- Not present
Threat model : website
Client-side vulnerabilities in web interface
- Present
- Not present
Server-side vulnerabilities in web interface
- Present
- Not present
- Threat model applies for guest too!
Threat model : physical
Physical protection from damage
- Present
- Not present
