ハニーポットで見るOWASP_IoT_TOP10.pdf

3c349cf807435f021b4e554c3d001287?s=47 TK
March 09, 2019
Technology
1
520

 ハニーポットで見るOWASP_IoT_TOP10.pdf

第6回ハニーポッター技術交流会で使用した資料です。

3c349cf807435f021b4e554c3d001287?s=128

TK

March 09, 2019
Tweet

More Decks by TK

See All by TK
3c349cf807435f021b4e554c3d001287?s=48 okura
3
250
3c349cf807435f021b4e554c3d001287?s=48 okura
1
910

Other Decks in Technology

See All in Technology
332f89cc697355902a817506b6995f2b?s=48 ytaka23
8
1.8k
8a84268593355816432ceaf78777d585?s=48 dena_tech
0
2.3k
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
440
945e5c3ef6a52d8d7394b10a99e26277?s=48 guyrleech
0
200
69b4dadef85efe143ac825b62d36ed7c?s=48 fruitriin
3
320
53850955f15249a1a9dc49df6113e400?s=48 line_developers
1
170
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
1
230
F68a145ec870bf173a932bc409b20fab?s=48 jyamamoto
0
370
893dd6e1aa73c35621327c385cb27207?s=48 konnnnnok
0
130
Af61fe2beec7f195d7418e0a474a4dfc?s=48 kfujieda
3
1.2k
24837993455f54c957883ba1f1db7f2d?s=48 atsushieno
1
180
3115a782126be714b5f94d24073c957d?s=48 oracle4engineer
3
300

Featured

See All Featured
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
84
7.6k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
202
35k
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
123
21k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
164
6.7k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
4
430
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
154
6.1k
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
65
250k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
775
240k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
115
4.7k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
196
19k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
436
28k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
121
20k

Transcript

  1.  " OWASP IoT TOP10 ! ( $#  ')%&

    

  2. Ffi] u  @ookura1978 u :9 ?68e C/G) u g^$VL

    :9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD

  3. OWASP IoT TOP10$'   The Open Web Application Security

    Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD

  4. I1Weak, Guessable, or Hardcoded Passwords     

    > 2)(+6     =;50! *$,'".  @<?74)'#'! *$,'   16/)(+&%9:38-

  5. I2Insecure Network Services   !   $# 

    8<% IoT$A .+,2 '( 0)  &% "  6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4

  6. I3 Insecure Ecosystem Interfaces     A A

    I W AP e T b6

  7. I5Use of Insecure or Outdated Components *"   (#

    ,)  7;+*  ?>/,  % .- ( &$  ?>/ =< $!'3) 50   .4=< 2   I4Lack of Secure Update Mechanism /!' !+( ,)  16-%#&" 9:68(

  8. I6Insufficient Privacy Protection 8 0-A>17'  7' !$)9 2( :4

     I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4  I8Lack of Device Management /'"7'%+7'=B7'C5  :4  6 

  9. I9Insecure Default Settings  (. %! )$  +* 

    H 8&%(? #' -, )   "&  IoT64D #'*$50>3  /-2B #+ $)'*:90 FE  ;G  .=  761&%("!AC<@,

  10. I10Lack of Physical Hardening      

     ?57> 3EUSB*& A   HFG.6)'  >  :2/"!+,%8= @4  0;  961)(*$#CD<B-

  11. TW A 0 A I A 0 0 1 O

    A A  A 0 A A P A TS A o 0       Fin 6 TS