Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポットで見るOWASP_IoT_TOP10.pdf

3c349cf807435f021b4e554c3d001287?s=47 TK
March 09, 2019
Technology
1
560

 ハニーポットで見るOWASP_IoT_TOP10.pdf

第6回ハニーポッター技術交流会で使用した資料です。

3c349cf807435f021b4e554c3d001287?s=128

TK

March 09, 2019
Tweet

More Decks by TK

See All by TK
3c349cf807435f021b4e554c3d001287?s=48 okura
3
250
3c349cf807435f021b4e554c3d001287?s=48 okura
1
1.1k

Other Decks in Technology

See All in Technology
Fccbd625997f63e7b251d9725cb905a5?s=48 futo23
1
260
3373c144fef1d3518b9b3f24a6b46ad0?s=48 lmi
2
790
7c3b3366947123ba6772698b09edf4e2?s=48 subroh0508
4
220
Fdcc88b334334c866232fab429ccca33?s=48 lancers_pr
4
1.4k
Cd823abda454a7a2065fe6fe273ae84b?s=48 viva_tweet_x
1
350
A85883525b7d876db1a1a6bf200e9e88?s=48 xecus
0
170
5a065e7ea7c56f4b04c2271771688df3?s=48 raykataoka
9
7.6k
Bc0167df60f90a38e0ec30895b7ecc6c?s=48 karabish
0
170
D9e65f4b0af059ae9ba243c8c2265e4f?s=48 pohjus
1
740
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
130
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
160
71c9ebde850996d2533c5df4df2c93c6?s=48 opdavies
0
1.7k

Featured

See All Featured
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
684
180k
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
56
6.3k
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
157
6.4k
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
61
9.2k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
128
20k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
100
11k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
200
20k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
627
43k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
113
25k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
196
15k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
103
5k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
230
18k

Transcript

  1.  " OWASP IoT TOP10 ! ( $#  ')%&

    

  2. Ffi] u  @ookura1978 u :9 ?68e C/G) u g^$VL

    :9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD

  3. OWASP IoT TOP10$'   The Open Web Application Security

    Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD

  4. I1Weak, Guessable, or Hardcoded Passwords     

    > 2)(+6     =;50! *$,'".  @<?74)'#'! *$,'   16/)(+&%9:38-

  5. I2Insecure Network Services   !   $# 

    8<% IoT$A .+,2 '( 0)  &% "  6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4

  6. I3 Insecure Ecosystem Interfaces     A A

    I W AP e T b6

  7. I5Use of Insecure or Outdated Components *"   (#

    ,)  7;+*  ?>/,  % .- ( &$  ?>/ =< $!'3) 50   .4=< 2   I4Lack of Secure Update Mechanism /!' !+( ,)  16-%#&" 9:68(

  8. I6Insufficient Privacy Protection 8 0-A>17'  7' !$)9 2( :4

     I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4  I8Lack of Device Management /'"7'%+7'=B7'C5  :4  6 

  9. I9Insecure Default Settings  (. %! )$  +* 

    H 8&%(? #' -, )   "&  IoT64D #'*$50>3  /-2B #+ $)'*:90 FE  ;G  .=  761&%("!AC<@,

  10. I10Lack of Physical Hardening      

     ?57> 3EUSB*& A   HFG.6)'  >  :2/"!+,%8= @4  0;  961)(*$#CD<B-

  11. TW A 0 A I A 0 0 1 O

    A A  A 0 A A P A TS A o 0       Fin 6 TS