Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポットで見るOWASP_IoT_TOP10.pdf

Avatar for TK TK
March 09, 2019
Technology
1
980

 ハニーポットで見るOWASP_IoT_TOP10.pdf

第6回ハニーポッター技術交流会で使用した資料です。

Avatar for TK

TK

March 09, 2019
Tweet

More Decks by TK

See All by TK
サイバーセキュリティとISMS
Avatar for TK okura
3
340
オワスプナイトナゴヤ#2 LT資料
Avatar for TK okura
1
2.1k

Other Decks in Technology

See All in Technology
LLMを搭載したプロダクトの品質保証の模索と学び
Avatar for SmartHR 品質保証部 qa
0
960
「何となくテストする」を卒業するためにプロダクトが動く仕組みを理解しよう
Avatar for kawabeaver kawabeaver
0
260
AWSで始める実践Dagster入門
Avatar for キタガワ kitagawaz
1
510
BPaaSにおける人と協働する前提のAIエージェント-AWS登壇資料
Avatar for KentaroFujii kentarofujii
0
120
ZOZOマッチのアーキテクチャと技術構成
Avatar for ZOZO Developers zozotech
PRO
3
1.3k
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
Avatar for nagisa_53 nagisa53
8
2.5k
バッチ処理で悩むバックエンドエンジニアに捧げるAWS Glue入門
Avatar for morimorikochan diggymo
3
150
JTCにおける内製×スクラム開発への挑戦〜内製化率95%達成の舞台裏/JTC's challenge of in-house development with Scrum
Avatar for AEON aeonpeople
0
150
Function Body Macros で、SwiftUI の View に Accessibility Identifier を自動付与する/Function Body Macros: Autogenerate accessibility identifiers for SwiftUI Views
Avatar for Yuki Miida miichan
2
170
Nstockの一人目エンジニアが 3年間かけて向き合ってきた セキュリティのこととこれから〜あれから半年〜
Avatar for わだよし yo41sawada
0
210
Skrub: machine-learning with dataframes
Avatar for Gael Varoquaux gaelvaroquaux
0
120
【初心者向け】ローカルLLMの色々な動かし方まとめ
Avatar for Aratako aratako
7
3.3k

Featured

See All Featured
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
431
66k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
55
6.5k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
74
5k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
3
610
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
70
11k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
460k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
358
30k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
272
27k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
187
54k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
7
840
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
6.8k

Transcript

  1.  " OWASP IoT TOP10 ! ( $#  ')%&

    

  2. Ffi] u  @ookura1978 u :9 ?68e C/G) u g^$VL

    :9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD

  3. OWASP IoT TOP10$'   The Open Web Application Security

    Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD

  4. I1Weak, Guessable, or Hardcoded Passwords     

    > 2)(+6     =;50! *$,'".  @<?74)'#'! *$,'   16/)(+&%9:38-

  5. I2Insecure Network Services   !   $# 

    8<% IoT$A .+,2 '( 0)  &% "  6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4

  6. I3 Insecure Ecosystem Interfaces     A A

    I W AP e T b6

  7. I5Use of Insecure or Outdated Components *"   (#

    ,)  7;+*  ?>/,  % .- ( &$  ?>/ =< $!'3) 50   .4=< 2   I4Lack of Secure Update Mechanism /!' !+( ,)  16-%#&" 9:68(

  8. I6Insufficient Privacy Protection 8 0-A>17'  7' !$)9 2( :4

     I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4  I8Lack of Device Management /'"7'%+7'=B7'C5  :4  6 

  9. I9Insecure Default Settings  (. %! )$  +* 

    H 8&%(? #' -, )   "&  IoT64D #'*$50>3  /-2B #+ $)'*:90 FE  ;G  .=  761&%("!AC<@,

  10. I10Lack of Physical Hardening      

     ?57> 3EUSB*& A   HFG.6)'  >  :2/"!+,%8= @4  0;  961)(*$#CD<B-

  11. TW A 0 A I A 0 0 1 O

    A A  A 0 A A P A TS A o 0       Fin 6 TS