IoT Security - Ecosystem, Interoperability and Standards
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the challenges and solutions for securing Internet of Things (IoT) devices in this AppSecUSA 2018 conference talk. Dive into the Security & Privacy Development Lifecycle (SPDL), an agile framework tailored for IoT platforms that addresses both process and technical challenges. Learn about the shortcomings of traditional Security Development Lifecycle (SDL) methodologies when applied to IoT and how SPDL overcomes them. Discover the importance of privacy in IoT development, including compliance with regulations like GDPR, and understand the proposed privacy vulnerability scoring framework (CPVSS) for measuring and prioritizing privacy breaches. Gain insights from industry experts on securing various IoT devices, from smart fridges to pacemakers, and explore topics such as hardware and firmware security paradigms, software security, communication protocols, and ecosystem security challenges. Watch demonstrations of ecosystem overviews and exploit scenarios to better understand the complexities of IoT security.
Syllabus
Intro
Agenda
Process Challenges
Technical Challenges
Holistic Security & Privacy Process
Security Topics
Hardware & Firmware Security Paradigms
SW Security Paradigms: application SW
Communication Protocols
Ecosystem security challenges
Demo 1: Ecosystem overview
Device communication
The Problem - Prelude
Example - Wearable Ecosystem 1
Demo 2: Ecosystem overview
Target : Sign-up and Profile pages
Exploit Scenario: The attack
Victim - logs in
Attacker's c&c
Access to admin portal
Privacy & Data Access Laws
Quantifying Privacy Vulnerabilities
Summary
Taught by
OWASP Foundation
Related Courses
Understanding the GDPRUniversity of Groningen via FutureLearn Protecting Health Data in the Modern Age: Getting to Grips with the GDPR
University of Groningen via FutureLearn Introduction to GDPR: General Data Protection Regulation
University College London via FutureLearn The European Charter of Fundamental Rights and Data Protection in the European legal framework
Global Campus of Human Rights via Independent Privacy in Europe
EIT Digital via Coursera