How to shield an IoT product from the OWASP IoT top 10

Recordings

https://www.youtube.com/watch?v=gOTqU7153Cw

View Recording

Slides

/files/slides/01-05_Secure-IoT_with_OWASP_Top_10-v0.4.2-bsides-munich-long.pdf

View Slides

Abstract

The “S” in IoT stands for security. I’ve read this line so many times on blogs and on twitter, that I think it is time to do something about it. So, how do we make an IoT product secure? Or how do we design a secure product from the start? The answer to the last question is easy, but doing it for an existing product, that is a big challenge. It probably can’t be done in one release, but you have to start somewhere.

This talk with walk you through IoT, its components, some principles to design a secure product, the OWASP IoT Top 10 and how to address them, setting up security requirements and controls, and last but not least analyze two popular IoT use cases: a GPS tracker and smart cities irrigation system. These should lay a fertile ground for further discussion.

Outline

  • Introduction
  • Securing an IoT project
  • Securing an existing product
  • Fixing the issues
  • OWASP IoT Top 10
  • Use cases

Pablo Endres

@epablosensei

Managing director / Lead Security Consultant Pablo Endres, Founder of SevenShift GmbH. Experienced security consultant, professional hacker and trainer. Published Author. Pablo’s career has taken place mostly doing security in a variety of industries, like Cloud Service providers, Banks, Telecommunications, contact centers, and universities. He holds a degree in computer engineering, as well as a handful security certifications: ISC2 CISSP, CompTIA Security+, and ISECOM’s OPSA + OPST. Pablo has founded multiple companies in different continents and enjoys hacking, IoT, teaching, working with new technologies, startups, collaborating with Open Source projects, learning new things and being challenged. In the last couple of years, he has been working mainly IoT security, testing dozens of devices, working with multiple platform providers to secure their solutions, and teaching an IoT Security Bootcamps.