BlogInternet of Things (IoT) Security Resource: OWASP Top 10


We recently wrote a blog describing how the Internet of Things (IoT) affects the data center. Not too surprisingly, the number one challenge was security. A recent study by HP on the state of IoT revealed some startling insights that bring this challenge to light, not the least of which was that 70 percent of the most commonly used IoT devices contained serious vulnerabilities.

The report identified that, on average, they found 25 vulnerabilities per device, including:

  • Privacy concerns
  • Insufficient authorization
  • Lack of transport encryption
  • Insecure web interface
  • Inadequate software protection

The Open Web Application Security Project (OWASP) was created—in part by HP—to improve the security of software, and now the IoT has its own top 10 that we think is worth sharing:

  1. Insecure Web Interface
  2. Insufficient Authentication/Authorization
  3. Insecure Network Services
  4. Lack of Transport Encryption
  5. Privacy Concerns
  6. Insecure Cloud Interface
  7. Insecure Mobile Interface
  8. Insufficient Security Configurability
  9. Insecure Software/Firmware
  10. Poor Physical Security

Clicking on each hyperlink above will take you to a page that identifies the threat agents, attack vectors, security weaknesses, technical and business impacts. It also provides example attack scenarios, which can be helpful.

Gartner predicts that by 2020 there will be more than 26 billion items connected to the IoT, so dialing into information from OWASP should be worthwhile. We’ll continue to bring you updates and share resources on IoT security as we identify them.

About the Author

Dustin Smith

Dustin Smith, Chief Technologist

Throughout his twenty-five year career, Dustin Smith has specialized in designing enterprise architectural solutions. As the Chief Technologist at ASG, Dustin uses his advanced understanding of cloud compute models to help customers develop and align their cloud strategies with their business objectives. His master-level engineering knowledge spans storage, systems, and networking.