Internet of Things (IoT) Security Resource: OWASP Top 10

Posted by Dustin Smith, Chief Technologist
August 27, 2014

We recently wrote a blog describing how the Internet of Things (IoT) affects the data center. Not too surprisingly, the number one challenge was security. A recent study by HP on the state of IoT revealed some startling insights that bring this challenge to light, not the least of which was that 70 percent of the most commonly used IoT devices contained serious vulnerabilities.

The report identified that, on average, they found 25 vulnerabilities per device, including:

  • Privacy concerns
  • Insufficient authorization
  • Lack of transport encryption
  • Insecure web interface
  • Inadequate software protection

The Open Web Application Security Project (OWASP) was created—in part by HP—to improve the security of software, and now the IoT has its own top 10 that we think is worth sharing:

  1. Insecure Web Interface
  2. Insufficient Authentication/Authorization
  3. Insecure Network Services
  4. Lack of Transport Encryption
  5. Privacy Concerns
  6. Insecure Cloud Interface
  7. Insecure Mobile Interface
  8. Insufficient Security Configurability
  9. Insecure Software/Firmware
  10. Poor Physical Security

Clicking on each hyperlink above will take you to a page that identifies the threat agents, attack vectors, security weaknesses, technical and business impacts. It also provides example attack scenarios, which can be helpful.

Gartner predicts that by 2020 there will be more than 26 billion items connected to the IoT, so dialing into information from OWASP should be worthwhile. We’ll continue to bring you updates and share resources on IoT security as we identify them.

About Dustin Smith Throughout his twenty-year career, Dustin Smith has specialized in designing enterprise architectural solutions. As the Chief Technologist, Dustin is responsible for the strategic direction of aligning the company’s growing consulting services with the client challenges he finds in the field, and he works closely with his regional architects to design new programs to address these issues.

Filed Under: Internet of Things

0 Responses to 'Internet of Things (IoT) Security Resource: OWASP Top 10'

Leave a Comment

Please copy "hQKkHtcQKz8DcLn1mOQ85EkI16wmCQ1v" into the field labeled "Uncaptcha"