This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

IoT Attack Surface Area - Administrative Interface

From OWASP
Revision as of 19:11, 7 August 2015 by Craig Smith (talk | contribs)

Jump to: navigation, search

The goal of this page is

Attack Surface Vulnerability Data Type
Ecosystem Access Control
  • Implicit trust between components
  • Enrollment security
  • Decommissioning system
  • Lost access procedures
  • Test
Device Memory
  • Cleartext usernames
  • Cleartext passwords
  • Third-party credentials
  • Encryption keys
  • Test
Device Physical Interfaces
  • Firmware extraction
  • User CLI
  • Admin CLI
  • Privilege escalation
  • Reset to insecure state
  • Test
 Device Web Interface
  • SQL injection
  • Cross-site scripting
  • Username enumeration
  • Weak passwords
  • Account lockout
  • Known credentials
  • Test
Retrieved from "https://wiki.owasp.org/index.php?title=IoT_Attack_Surface_Area_-_Administrative_Interface&oldid=198549"