This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Internet of Things Project"

From OWASP
Jump to: navigation, search
m (Edge)
m (Framework Considerations for Cloud Component: (added audit))
Line 1,012: Line 1,012:
 
; Stack security considerations (no web UI to execute arbitrary code)
 
; Stack security considerations (no web UI to execute arbitrary code)
 
: Recognizing the complexity and multitude of component security configurations the framework should support full stack security solutions in the cloud component.  This includes security countermeasures and integrations on all layers of the cloud component, including potentially integration with cloud provider specific security  countermeasures such as isolation or intrusion detection.  The cloud component should include secure configuration management and integration with other system automatic updates.
 
: Recognizing the complexity and multitude of component security configurations the framework should support full stack security solutions in the cloud component.  This includes security countermeasures and integrations on all layers of the cloud component, including potentially integration with cloud provider specific security  countermeasures such as isolation or intrusion detection.  The cloud component should include secure configuration management and integration with other system automatic updates.
 +
; Audit capability
 +
: In many ecosystems it is critical to track communications to ensure their proper delivery and timeframe.  Frameworks should provide mechanisms to ensure delivery of targeted messages to specific edge components.  This feature will allow confidence in audit and troubleshooting and can be used to support delivery guarantees of security sensitive instructions or data.  This audit should be bidirectional to allow for tracking of messages to the edge and receipt of messages from the edge.
  
 
== Mobile ==
 
== Mobile ==

Revision as of 11:41, 27 October 2015

OWASP Project Header.jpg

OWASP Internet of Things (IoT) Project

Oxford defines the Internet of Things as: “A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”

The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.

The project looks to define a structure for various IoT sub-projects such as Attack Surface Areas, Testing Guides and Top Vulnerabilities.

Iot-project.png

Licensing

The OWASP Internet of Things Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is the OWASP Internet of Things Project?

The OWASP Internet of Things Project provides:

  • IoT Attack Surface Areas
  • IoT Testing Guides
  • Top IoT Vulnerabilities
  • IoT Security Guidance
  • Community Groups
  • Curated IoT Reading List

Project Leaders

  • Daniel Miessler
  • Craig Smith

Major Contributors

Related Projects

Email List

Subscribe to the Top Ten list

Quick Download

IoT Attack Surface Mapping DEFCON 23

IoT Testing Guidance Handout

OWASP IoT Top Ten PDF

OWASP IoT Top Ten Infographic

OWASP IoT Top Ten PPT

OWASP IoT Top Ten-RSA 2015

News and Events

  • Daniel Miessler gave his IoT talk at DEFCON 23
  • Migrating the IoT Top Ten to be under the IoT Project

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg