Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポットで見るOWASP_IoT_TOP10.pdf

Avatar for TK TK
March 09, 2019
Technology
1
970

 ハニーポットで見るOWASP_IoT_TOP10.pdf

第6回ハニーポッター技術交流会で使用した資料です。
Avatar for TK

TK

March 09, 2019
Tweet

More Decks by TK

See All by TK
サイバーセキュリティとISMS
Avatar for TK okura
3
330
オワスプナイトナゴヤ#2 LT資料
Avatar for TK okura
1
2.1k

Other Decks in Technology

See All in Technology
PostgreSQL 18 cancel request key長の変更とRailsへの関連
Avatar for Yasuo Honda yahonda
0
110
Amazon Bedrockで実現する 新たな学習体験
Avatar for Kazuki Maeda kzkmaeda
1
420
Wasm元年
Avatar for asuka askua
0
120
監視のこれまでとこれから/sakura monitoring seminar 2025
Avatar for FUJIWARA Shunichiro fujiwara3
11
3.5k
Snowflake Summit 2025全体振り返り / Snowflake Summit 2025 Overall Review
Avatar for k.muguruma mtpooh
2
370
Agentic DevOps時代の生存戦略
Avatar for KAMEGAWA Kazushi kkamegawa
1
1.2k
AWS CDK 実践的アプローチ N選 / aws-cdk-practical-approaches
Avatar for k.goto gotok365
5
580
生成AIで小説を書くためにプロンプトの制約や原則について学ぶ / prompt-engineering-for-ai-fiction
Avatar for nwiizo nwiizo
2
390
Oracle Cloud Infrastructure:2025年6月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
2
160
あなたの声を届けよう! 女性エンジニア登壇の意義とアウトプット実践ガイド #wttjp / Call for Your Voice
Avatar for kondoyuko kondoyuko
3
280
Uniadex__公開版_20250617-AIxIoTビジネス共創ラボ_ツナガルチカラ_.pdf
Avatar for AIxIoTビジネス共創ラボ iotcomjpadmin
0
150
CI/CD/IaC 久々に0から環境を作ったらこうなりました
Avatar for Kaz Watanabe kaz29
1
120

Featured

See All Featured
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
44
2.4k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
31
8.6k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
90
590k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
16
940
BBQ
Avatar for Matthew Crist matthewcrist
89
9.7k
Visualization
Avatar for Eitan Lees eitanlees
146
16k
Side Projects
Avatar for Sacha Greif sachag
455
42k

Transcript

  1.  " OWASP IoT TOP10 ! ( $#  ')%&

    

  2. Ffi] u  @ookura1978 u :9 ?68e C/G) u g^$VL

    :9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD

  3. OWASP IoT TOP10$'   The Open Web Application Security

    Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD

  4. I1Weak, Guessable, or Hardcoded Passwords     

    > 2)(+6     =;50! *$,'".  @<?74)'#'! *$,'   16/)(+&%9:38-

  5. I2Insecure Network Services   !   $# 

    8<% IoT$A .+,2 '( 0)  &% "  6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4

  6. I3 Insecure Ecosystem Interfaces     A A

    I W AP e T b6

  7. I5Use of Insecure or Outdated Components *"   (#

    ,)  7;+*  ?>/,  % .- ( &$  ?>/ =< $!'3) 50   .4=< 2   I4Lack of Secure Update Mechanism /!' !+( ,)  16-%#&" 9:68(

  8. I6Insufficient Privacy Protection 8 0-A>17'  7' !$)9 2( :4

     I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4  I8Lack of Device Management /'"7'%+7'=B7'C5  :4  6 

  9. I9Insecure Default Settings  (. %! )$  +* 

    H 8&%(? #' -, )   "&  IoT64D #'*$50>3  /-2B #+ $)'*:90 FE  ;G  .=  761&%("!AC<@,

  10. I10Lack of Physical Hardening      

     ?57> 3EUSB*& A   HFG.6)'  >  :2/"!+,%8= @4  0;  961)(*$#CD<B-

  11. TW A 0 A I A 0 0 1 O

    A A  A 0 A A P A TS A o 0       Fin 6 TS