Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポットで見るOWASP_IoT_TOP10.pdf

3c349cf807435f021b4e554c3d001287?s=47 TK
March 09, 2019
Technology
1
600

 ハニーポットで見るOWASP_IoT_TOP10.pdf

第6回ハニーポッター技術交流会で使用した資料です。

3c349cf807435f021b4e554c3d001287?s=128

TK

March 09, 2019
Tweet

More Decks by TK

See All by TK
3c349cf807435f021b4e554c3d001287?s=48 okura
3
260
3c349cf807435f021b4e554c3d001287?s=48 okura
1
1.1k

Other Decks in Technology

See All in Technology
68753ad1beb5f665fa03ade3278f9e33?s=48 roadroller
2
180
848cae20fe522dfbecef7743f107fe0f?s=48 nishino
0
1.9k
35fa62e1944d634eb5cb7fabffb1d84d?s=48 enkuma
0
340
6e28f76cf4ddc493b1df1d284e0d3400?s=48 hhj4ck
0
2.2k
10c17b2a6e7687c9b039c5c8f9958495?s=48 missasan
2
750
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
PRO
0
120
7e6a435700dda6cdb22105d601f20892?s=48 picardparis
4
2.7k
6ddc65998177a0f05be629dc31321a8f?s=48 kken78
0
130
928b1395afedebb5ee48d44ab917c5f1?s=48 ryusa
1
150
4924e08c88a442edbffd87b91cb45131?s=48 zaki_lknr
0
510
D8e3492ad16d2087b7cb8b2f6c4d3eb9?s=48 iseki
1
170
B84123138372542a55401c92b170b528?s=48 hassaku63
1
840

Featured

See All Featured
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
56
9.5k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
104
11k
78b475797a14c84799063c7cd073962f?s=48 holman
463
280k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.6k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
13
920
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
660
54k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
129
20k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
85
5k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
315
21k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
36k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
189
14k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
54k

Transcript

  1.  " OWASP IoT TOP10 ! ( $#  ')%&

    

  2. Ffi] u  @ookura1978 u :9 ?68e C/G) u g^$VL

    :9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD

  3. OWASP IoT TOP10$'   The Open Web Application Security

    Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD

  4. I1Weak, Guessable, or Hardcoded Passwords     

    > 2)(+6     =;50! *$,'".  @<?74)'#'! *$,'   16/)(+&%9:38-

  5. I2Insecure Network Services   !   $# 

    8<% IoT$A .+,2 '( 0)  &% "  6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4

  6. I3 Insecure Ecosystem Interfaces     A A

    I W AP e T b6

  7. I5Use of Insecure or Outdated Components *"   (#

    ,)  7;+*  ?>/,  % .- ( &$  ?>/ =< $!'3) 50   .4=< 2   I4Lack of Secure Update Mechanism /!' !+( ,)  16-%#&" 9:68(

  8. I6Insufficient Privacy Protection 8 0-A>17'  7' !$)9 2( :4

     I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4  I8Lack of Device Management /'"7'%+7'=B7'C5  :4  6 

  9. I9Insecure Default Settings  (. %! )$  +* 

    H 8&%(? #' -, )   "&  IoT64D #'*$50>3  /-2B #+ $)'*:90 FE  ;G  .=  761&%("!AC<@,

  10. I10Lack of Physical Hardening      

     ?57> 3EUSB*& A   HFG.6)'  >  :2/"!+,%8= @4  0;  961)(*$#CD<B-

  11. TW A 0 A I A 0 0 1 O

    A A  A 0 A A P A TS A o 0       Fin 6 TS