Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポットで見るOWASP_IoT_TOP10.pdf

Avatar for TK TK
March 09, 2019
Technology
1
980

 ハニーポットで見るOWASP_IoT_TOP10.pdf

第6回ハニーポッター技術交流会で使用した資料です。

Avatar for TK

TK

March 09, 2019
Tweet

More Decks by TK

See All by TK
サイバーセキュリティとISMS
Avatar for TK okura
3
340
オワスプナイトナゴヤ#2 LT資料
Avatar for TK okura
1
2.1k

Other Decks in Technology

See All in Technology
多様な事業ドメインのクリエイターへ 価値を届けるための営みについて
Avatar for massyuu massyuu
1
470
オープンソースでどこまでできる?フォーマル検証チャレンジ
Avatar for msyksphinz msyksphinz
0
120
空間を設計する力を考える / 20251004 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
4
440
From Prompt to Product @ How to Web 2025, Bucharest, Romania
Avatar for Jan Werner janwerner
0
120
​Vibe Coding Year in Review. From Karpathy to Real-World Agents by Niels Rolland, CEO Paatch
Avatar for Strapi vcoisne
0
110
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
Avatar for Sagara sagara
0
230
Access-what? why and how, A11Y for All - Nordic.js 2025
Avatar for Geisy Domiciano gdomiciano
1
120
AI時代こそ求められる設計力- AWSクラウドデザインパターン3選で信頼性と拡張性を高める-
Avatar for Ken'ichirou Kimura kenichirokimura
3
160
E2Eテスト設計_自動化のリアル___Playwrightでの実践とMCPの試み__AIによるテスト観点作成_.pdf
Avatar for ファインディ株式会社(イベント資料アップ用) findy_eventslides
1
530
OCI Network Firewall 概要
Avatar for oracle4engineer oracle4engineer
PRO
1
7.8k
AWS Top Engineer、浮いてませんか? / As an AWS Top Engineer, Are You Out of Place?
Avatar for Yuji Oshima yuj1osm
2
170
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
Avatar for Koji Miyata miyatakoji
1
160

Featured

See All Featured
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
56
14k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
53k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
45
2.5k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.1k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.9k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
9.9k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
620
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
5
210
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k

Transcript

  1.  " OWASP IoT TOP10 ! ( $#  ')%&

    

  2. Ffi] u  @ookura1978 u :9 ?68e C/G) u g^$VL

    :9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD

  3. OWASP IoT TOP10$'   The Open Web Application Security

    Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD

  4. I1Weak, Guessable, or Hardcoded Passwords     

    > 2)(+6     =;50! *$,'".  @<?74)'#'! *$,'   16/)(+&%9:38-

  5. I2Insecure Network Services   !   $# 

    8<% IoT$A .+,2 '( 0)  &% "  6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4

  6. I3 Insecure Ecosystem Interfaces     A A

    I W AP e T b6

  7. I5Use of Insecure or Outdated Components *"   (#

    ,)  7;+*  ?>/,  % .- ( &$  ?>/ =< $!'3) 50   .4=< 2   I4Lack of Secure Update Mechanism /!' !+( ,)  16-%#&" 9:68(

  8. I6Insufficient Privacy Protection 8 0-A>17'  7' !$)9 2( :4

     I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4  I8Lack of Device Management /'"7'%+7'=B7'C5  :4  6 

  9. I9Insecure Default Settings  (. %! )$  +* 

    H 8&%(? #' -, )   "&  IoT64D #'*$50>3  /-2B #+ $)'*:90 FE  ;G  .=  761&%("!AC<@,

  10. I10Lack of Physical Hardening      

     ?57> 3EUSB*& A   HFG.6)'  >  :2/"!+,%8= @4  0;  961)(*$#CD<B-

  11. TW A 0 A I A 0 0 1 O

    A A  A 0 A A P A TS A o 0       Fin 6 TS