Preview Mode Links will not work in preview mode

Jan 22, 2019


CFP for Bsides Barcelona is open!

Aaron Guzman: @scriptingxss


Team of 10 or so… list of “do’s and don’ts”

Sub-projects? Embedded systems, car hacking

Embedded applications best practices? *potential show*



California SB-327:

How did you decide on the initial criteria?

  1. Weak, Guessable, or Hardcoded passwords
  2. Insecure Network Services
  3. Insecure Ecosystem interfaces
  4. Lack of Secure Update mechanism
  5. Use of insecure or outdated components
  6. Insufficient Privacy Mechanisms
  7. Insecure data transfer and storage
  8. Lack of device management
  9. Insecure default settings
  10. Lack of physical hardening

2014 OWASP IoT list:

2014 list:

BrakeSec Episode on ASVS


What didn’t make the list? How do we get Devs onboard with these?

How does someone interested get involved with OWASP Iot working group?


Check out our Store on Teepub!

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email

#Brakesec Store!:



#Youtube Channel:

#iTunes Store Link:

#Google Play Store:

Our main site:

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast by using our #Paypal OR our #Patreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App: