Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Dec 3, 2015
A SURFACE AREA APPROACH TO PEN-TESTING THE IOT Daniel Miessler @DanielMiessler
BIO: Daniel Miessler is Practice Principal with HP Fortify based out of San Francisco, California with a 15-year background in penetration testing and vulnerability assessment. He leads the Fortify on Demand security research team, and is a project leader on the OWASP IoT and OWASP Mobile Top Ten projects.
ABSTRACT: Securing the Internet of Things is a difficult task for many reasons, but the most important may be the fact that IoT is actually a collection of spaces instead of a space of its own. IoT is made up of networks, web applications, mobile applications, and cloud components--all assembled together to produce a usable system designed for maximum connectivity. What could go right?
The OWASP Top 10 Project starts the IoT security scope conversation by defining the 10 primary attack surface areas for the Internet of Things, and by giving prescriptive guidance on how testers, manufacturers, developers, and consumers can make better security decisions, when creating, evaluating, and implementing IoT technologies.
Attendees will learn about the 10 surface areas from the penetration testing perspective, including the common vulnerabilities found in each surface area and how to avoid them. Examples will be given from research on real-world devices conducted by the speaker's team.
A handout will be given as a tangible reference for the 10 attack surface areas.
REASON: Everyone's talking about IoT, but nobody's talking about how to properly address IoT security as a whole, in a practical and tangible way. This talk gives practical and tangible guidance that will help attendees the very next time they're asked to assess an IoT system.