|By Peter Silva||
|August 17, 2014 08:15 PM EDT||
The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks and their OWASP Top 10 provides a list of the 10 Most Critical Security Risks. For each risk it provides a description, example vulnerabilities, example attacks, guidance on how to avoid and references to OWASP and other related resources. Many of you are familiar with their Top 10 Most Critical Web Application Security Risks. They provide the list for awareness and guidance on some of the critical web applications security areas to address. It is a great list and many security vendors point to it to show the types of attacks that can be mitigated.
Now the Internet of Things (IoT) has its own OWASP Top 10.
If you’ve lived under a rock for the past year, IoT or as I like to call it, the Internet of Nouns, is this era where everyday objects – refrigerators, toasters, thermostats, cars, sensors, etc – are connected to the internet and can send and receive data. There have been tons of articles covering IoT over the last 6 months or so, including some of my own.
The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.
The OWASP Internet of Things Top 10 – 2014 is as follows:
- 1 Insecure Web Interface
- 2 Insufficient Authentication/Authorization
- 3 Insecure Network Services
- 4 Lack of Transport Encryption
- 5 Privacy Concerns
- 6 Insecure Cloud Interface
- 7 Insecure Mobile Interface
- 8 Insufficient Security Configurability
- 9 Insecure Software/Firmware
- 10 Poor Physical Security
You can click on each to get a detailed view on the threat agents, attack vectors, security weaknesses, along with the technical and business impacts. They also list any privacy concerns along with example attack scenarios. Good stuff!
- The Icebox Cometh
- The Applications of Our Lives
- Standards for ‘Things’
- Securing the Internet of Things: is the web already breaking up?
- 4 things that will happen in the Internet of Things space in 2014
- Tech’s brightest unconvinced by internet of things
- OWASP Internet of Things Top 10
|Connect with Peter:||Connect with F5:|
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
Sep. 29, 2016 04:45 AM EDT Reads: 1,793
Sep. 29, 2016 04:30 AM EDT Reads: 4,672
Sep. 29, 2016 04:00 AM EDT Reads: 1,805
Sep. 29, 2016 04:00 AM EDT Reads: 1,207
Sep. 29, 2016 03:45 AM EDT Reads: 4,818
Sep. 29, 2016 03:30 AM EDT Reads: 3,028
Sep. 29, 2016 03:30 AM EDT Reads: 1,375
Sep. 29, 2016 03:15 AM EDT Reads: 3,573
Sep. 29, 2016 03:15 AM EDT Reads: 1,905
Sep. 29, 2016 03:00 AM EDT Reads: 1,867
Sep. 29, 2016 02:45 AM EDT Reads: 1,718
Sep. 29, 2016 02:30 AM EDT Reads: 520
Sep. 29, 2016 02:30 AM EDT Reads: 2,174
Sep. 29, 2016 02:00 AM EDT Reads: 1,591
Sep. 29, 2016 01:45 AM EDT Reads: 2,057