Jan 14, 2019
Aaron Guzman: @scriptingxss
https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive
https://www.owasp.org/index.php/IoT_Attack_Surface_Areas
OWASP SLACK: https://owasp.slack.com/
https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg
Team of 10 or so… list of “do’s and don’ts”
Sub-projects? Embedded systems, car hacking
Embedded applications best practices? *potential show*
Standards: https://xkcd.com/927/
CCPA: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act
California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327
How did you decide on the initial criteria?
2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014)
2014 list:
BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3
OWASP SLACK: https://owasp.slack.com/
What didn’t make the list? How do we get Devs onboard with these?
How does someone interested get involved with OWASP Iot working group?
https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices
https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf
https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf