This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Internet of Things Top Ten Project"

From OWASP
Jump to: navigation, search
Line 134: Line 134:
 
This goal of this page is help manufacturers build more secure products in the Internet of Things space. The guidance below is at a basic level, giving builders of products a basic set of guidelines to consider from their perspective. This is not a comprehensive list of considerations, and should not be treated as such, but ensuring that these fundamentals are covered will greatly improve the security of any IoT product.
 
This goal of this page is help manufacturers build more secure products in the Internet of Things space. The guidance below is at a basic level, giving builders of products a basic set of guidelines to consider from their perspective. This is not a comprehensive list of considerations, and should not be treated as such, but ensuring that these fundamentals are covered will greatly improve the security of any IoT product.
  
{| border="1" class="wikitable" style="text-align: left;"
+
{| border="1" class="wikitable"
|+ IoT Manufacturer Security Considerations
+
|
 
! Category
 
! Category
 
! IoT Security Consideration
 
! IoT Security Consideration
|- style="text-align: left;"
+
|-  
 
! I1: Insecure Web Interface
 
! I1: Insecure Web Interface
 
|  * Ensure that any web interface present in the product disallows weak passwords
 
|  * Ensure that any web interface present in the product disallows weak passwords
 
* Ensure that any web interface present in the product has an account lockout mechanism
 
* Ensure that any web interface present in the product has an account lockout mechanism
|- style="text-align: left;"
+
|-  
 
! I2: Next Category
 
! I2: Next Category
 
| * Those
 
| * Those

Revision as of 22:44, 5 February 2015

OWASP Project Header.jpg

OWASP Internet of Things Top 10

Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”

The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.

Examples of IoT Devices: Cars, lighting systems, refrigerators, telephones, SCADA systems, traffic control systems, home security systems, TVs, DVRs, etc…

Licensing

The OWASP Internet of Things Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is the OWASP Internet of Things Top 10?

The OWASP Internet of Things Top 10 provides:

  • A list of the 10 Most Critical Internet of Things Security Risks

And for each Risk it provides:

  • A description
  • Example vulnerabilities
  • Example attacks
  • Guidance on how to avoid
  • References to OWASP and other related resources

Project Leaders

  • Daniel Miessler
  • Craig Smith
  • Jason Haddix

Related Projects


Quick Download

Email List

[Subcribe here]

News and Events

Classifications

Owasp-flagship-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg