|By Peter Silva||
|August 17, 2014 08:15 PM EDT||
The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks and their OWASP Top 10 provides a list of the 10 Most Critical Security Risks. For each risk it provides a description, example vulnerabilities, example attacks, guidance on how to avoid and references to OWASP and other related resources. Many of you are familiar with their Top 10 Most Critical Web Application Security Risks. They provide the list for awareness and guidance on some of the critical web applications security areas to address. It is a great list and many security vendors point to it to show the types of attacks that can be mitigated.
Now the Internet of Things (IoT) has its own OWASP Top 10.
If you’ve lived under a rock for the past year, IoT or as I like to call it, the Internet of Nouns, is this era where everyday objects – refrigerators, toasters, thermostats, cars, sensors, etc – are connected to the internet and can send and receive data. There have been tons of articles covering IoT over the last 6 months or so, including some of my own.
The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.
The OWASP Internet of Things Top 10 – 2014 is as follows:
- 1 Insecure Web Interface
- 2 Insufficient Authentication/Authorization
- 3 Insecure Network Services
- 4 Lack of Transport Encryption
- 5 Privacy Concerns
- 6 Insecure Cloud Interface
- 7 Insecure Mobile Interface
- 8 Insufficient Security Configurability
- 9 Insecure Software/Firmware
- 10 Poor Physical Security
You can click on each to get a detailed view on the threat agents, attack vectors, security weaknesses, along with the technical and business impacts. They also list any privacy concerns along with example attack scenarios. Good stuff!
- The Icebox Cometh
- The Applications of Our Lives
- Standards for ‘Things’
- Securing the Internet of Things: is the web already breaking up?
- 4 things that will happen in the Internet of Things space in 2014
- Tech’s brightest unconvinced by internet of things
- OWASP Internet of Things Top 10
|Connect with Peter:||Connect with F5:|
Tricky charts and visually deceptive graphs often make a case for the impact IT performance has on business. The debate isn't around the obvious; of course, IT performance metrics like website load time influence business metrics such as conversions and revenue. Rather, this presentation will explore various data analysis concepts to understand how, and how not to, assert such correlations. In his session at 20th Cloud Expo, Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Sys...
Feb. 26, 2017 09:45 AM EST Reads: 1,937
In recent years, containers have taken the world by storm. Companies of all sizes and industries have realized the massive benefits of containers, such as unprecedented mobility, higher hardware utilization, and increased flexibility and agility; however, many containers today are non-persistent. Containers without persistence miss out on many benefits, and in many cases simply pass the responsibility of persistence onto other infrastructure, adding additional complexity.
Feb. 26, 2017 09:30 AM EST Reads: 1,437
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change the...
Feb. 26, 2017 09:15 AM EST Reads: 5,412
SYS-CON Events announced today that Hitrons Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Hitrons Solutions Inc. is distributor in the North American market for unique products and services of small and medium-size businesses, including cloud services and solutions, SEO marketing platforms, and mobile applications.
Feb. 26, 2017 09:15 AM EST Reads: 336
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
Feb. 26, 2017 09:15 AM EST Reads: 1,508
Unsecured IoT devices were used to launch crippling DDOS attacks in October 2016, targeting services such as Twitter, Spotify, and GitHub. Subsequent testimony to Congress about potential attacks on office buildings, schools, and hospitals raised the possibility for the IoT to harm and even kill people. What should be done? Does the government need to intervene? This panel at @ThingExpo New York brings together leading IoT and security experts to discuss this very serious topic.
Feb. 26, 2017 09:15 AM EST Reads: 2,980
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
Feb. 26, 2017 09:00 AM EST Reads: 6,073
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of Soli...
Feb. 26, 2017 08:45 AM EST Reads: 1,314
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 26, 2017 08:45 AM EST Reads: 2,215
Feb. 26, 2017 08:30 AM EST Reads: 8,129
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his general session at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore...
Feb. 26, 2017 08:30 AM EST Reads: 1,629
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, introduced the technologies required for implementing these idea...
Feb. 26, 2017 08:00 AM EST Reads: 6,830
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
Feb. 26, 2017 06:00 AM EST Reads: 4,361
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
Feb. 26, 2017 06:00 AM EST Reads: 6,332
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Feb. 26, 2017 06:00 AM EST Reads: 5,837