This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "IoT Security Checklist"

From OWASP
Jump to: navigation, search
 
(4 intermediate revisions by one other user not shown)
Line 2: Line 2:
 
Originally presented by @wallarm at OWASP Russia Meetup #2.
 
Originally presented by @wallarm at OWASP Russia Meetup #2.
  
 +
* Contents have been merged into the IoT Attack Surface Areas project with the permission of this article's original creator.
  
== Threat model : neighbour ==
+
* [https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#IoT_Attack_Surface_Areas_Project IoT Attack Surface Area Project]
=== Unprotected wireless channel ===
 
* Present
 
* Not present
 
 
 
== Threat model : guest ==
 
=== Authentication between client and device ===
 
* Not present
 
* Login/password
 
* Key
 
 
 
=== Client-device encryption ===
 
* Not present
 
* Weak/strong
 
* Symmetric/asymmetric
 
* Encryption key length
 
 
 
=== Authentication for firmware update ===
 
* Not present
 
* Login/password
 
* Key
 
 
 
=== Firmware integrity controls ===
 
* Not present
 
* Weak/strong
 
* E-signature
 
* Checksum
 
* Self-written
 
* Threat model applies for reseller too!
 
 
 
 
 
== Threat model : vendor ==
 
=== Hidden data exchange services ===
 
* Present
 
* Not present
 
 
 
=== Backdoor accounts ===
 
* Present
 
* Not present
 
 
 
 
 
== Threat model : website ==
 
=== Client-side vulnerabilities in web interface ===
 
* Present
 
* Not present
 
 
 
=== Server-side vulnerabilities in web interface ===
 
* Present
 
* Not present
 
* Threat model applies for guest too!
 
 
 
 
 
== Threat model : physical ==
 
=== Physical protection from damage ===
 
* Present
 
* Not present
 

Latest revision as of 16:15, 6 January 2016

The Checklist

Originally presented by @wallarm at OWASP Russia Meetup #2.

  • Contents have been merged into the IoT Attack Surface Areas project with the permission of this article's original creator.