This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Internet of Things Project
OWASP Internet of Things (IoT) ProjectOxford defines the Internet of Things as: “A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.” The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. The project looks to define a structure for various IoT sub-projects such as Attack Surface Areas, Testing Guides and Top Vulnerabilities. LicensingThe OWASP Internet of Things Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
What is the OWASP Internet of Things Project?The OWASP Internet of Things Project provides: Project Leaders
Related Projects |
Email ListQuick DownloadNews and EventsClassifications
| |||||||
The OWASP IoT Attack Surface Areas (DRAFT) are as follows:
| Attack Surface | Vulnerability |
|---|---|
| Ecosystem Access Control |
|
| Device Memory |
|
| Device Physical Interfaces |
|
| Device Web Interface |
|
| Device Firmware |
|
| Device Network Services |
|
| Administrative Interface |
|
| Local Data Storage |
|
| Cloud Web Interface |
|
| Third-party Backend APIs |
|
| Update Mechanism |
|
| Mobile Application |
|
| Vendor Backend APIs |
|
| Ecosystem Communication |
|
| Network Traffic |
|
