The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.
The project looks to define a structure for various IoT sub-projects separated into the following categories – Seek & Understand, Validate & Test, and Governance. Right now, you can find the following active and upcoming OWASP Internet of Things projects:
- Daniel Miessler
- Aaron Guzman
- Vishruta Rudresh
- Craig Smith
Top ten things to avoid when building, deploying or managing IoT systems.
|OWASP IoT Top 10 2018||Description|
|I1 Weak, Guessable, or Hardcoded Passwords||Use of easily bruteforced, publicly available, or unchangeable credentials, including backdoors in firmware or client software that grants unauthorized access to deployed systems.|
|I2 Insecure Network Services||Unneeded|