Preview Mode Links will not work in preview mode

Jan 14, 2019

Aaron Guzman: @scriptingxss


Team of 10 or so… list of “do’s and don’ts”

Sub-projects? Embedded systems, car hacking

Embedded applications best practices? *potential show*



California SB-327:

How did you decide on the initial criteria?

  1. Weak, Guessable, or Hardcoded passwords
  2. Insecure Network Services
  3. Insecure Ecosystem interfaces
  4. Lack of Secure Update mechanism
  5. Use of insecure or outdated components
  6. Insufficient Privacy Mechanisms
  7. Insecure data transfer and storage
  8. Lack of device management
  9. Insecure default settings
  10. Lack of physical hardening

2014 OWASP IoT list:

2014 list:

BrakeSec Episode on ASVS


What didn’t make the list? How do we get Devs onboard with these?

How does someone interested get involved with OWASP Iot working group?