Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ハニーポットで見るOWASP_IoT_TOP10.pdf
Search
TK
March 09, 2019
Technology
1
980
ハニーポットで見るOWASP_IoT_TOP10.pdf
第6回ハニーポッター技術交流会で使用した資料です。
TK
March 09, 2019
Tweet
Share
More Decks by TK
See All by TK
サイバーセキュリティとISMS
okura
3
340
オワスプナイトナゴヤ#2 LT資料
okura
1
2.1k
Other Decks in Technology
See All in Technology
「改善」ってこれでいいんだっけ?
ukigmo_hiro
0
290
AgentCon Accra: Ctrl + Alt + Assist: AI Agents Edition
bethany
0
110
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
12
80k
「使い方教えて」「事例教えて」じゃもう遅い! Microsoft 365 Copilot を触り倒そう!
taichinakamura
0
400
Claude Code Subagents 再入門 ~cc-sddの実装で学んだこと~
gotalab555
10
15k
ニッポンの人に知ってもらいたいGISスポット
sakaik
0
150
20251007: What happens when multi-agent systems become larger? (CyberAgent, Inc)
ornew
1
300
プレーリーカードを活用しよう❗❗デジタル名刺交換からはじまるイベント会場交流のススメ
tsukaman
0
170
そのWAFのブロック、どう活かす? サービスを守るための実践的多層防御と思考法 / WAF blocks defense decision
kaminashi
0
200
OAuthからOIDCへ ― 認可の仕組みが認証に拡張されるまで
yamatai1212
0
130
RDS の負荷が高い場合に AWS で取りうる具体策 N 連発/a-series-of-specific-countermeasures-available-on-aws-when-rds-is-under-high-load
emiki
4
3.4k
エンタメとAIのための3Dパラレルワールド構築(GPU UNITE 2025 特別講演)
pfn
PRO
0
380
Featured
See All Featured
Git: the NoSQL Database
bkeepers
PRO
431
66k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
253
22k
The Language of Interfaces
destraynor
162
25k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Designing for Performance
lara
610
69k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
Code Reviewing Like a Champion
maltzj
526
40k
Building an army of robots
kneath
306
46k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
115
20k
How to Ace a Technical Interview
jacobian
280
24k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.2k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Transcript
" OWASP IoT TOP10 ! ( $# ')%&
Ffi] u @ookura1978 u :9 ?68e C/G) u g^$VL
:9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD
OWASP IoT TOP10$' The Open Web Application Security
Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD
I1Weak, Guessable, or Hardcoded Passwords
> 2)(+6 =;50! *$,'". @<?74)'#'! *$,' 16/)(+&%9:38-
I2Insecure Network Services ! $#
8<% IoT$A .+,2 '( 0) &% " 6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4
I3 Insecure Ecosystem Interfaces A A
I W AP e T b6
I5Use of Insecure or Outdated Components *" (#
,) 7;+* ?>/, % .- ( &$ ?>/ =< $!'3) 50 .4=< 2 I4Lack of Secure Update Mechanism /!' !+( ,) 16-%#&" 9:68(
I6Insufficient Privacy Protection 8 0-A>17' 7' !$)9 2( :4
I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4 I8Lack of Device Management /'"7'%+7'=B7'C5 :4 6
I9Insecure Default Settings (. %! )$ +*
H 8&%(? #' -, ) "& IoT64D #'*$50>3 /-2B #+ $)'*:90 FE ;G .= 761&%("!AC<@,
I10Lack of Physical Hardening
?57> 3EUSB*& A HFG.6)' > :2/"!+,%8= @4 0; 961)(*$#CD<B-
TW A 0 A I A 0 0 1 O
A A A 0 A A P A TS A o 0 Fin 6 TS