Slide 1

Slide 1 text

 " OWASP IoT TOP10 ! ( $#  ')%& 

Slide 2

Slide 2 text

Ffi] u  @ookura1978 u :9 ?68e C/G) u g^$VL :9 ?68$ad!QPMJ =B1 2-; 40@A7,%'& https://tk-secu.hateblo.jp/ OWASP Nagoya356<$Zb#Wh u "#!:9 ?68!% cK#j_ SR& "$ `[H"!%&&kNE +.8>68%*( !U& O6I:9 ?65 Y\TXD

Slide 3

Slide 3 text

OWASP IoT TOP10$'   The Open Web Application Security Project $ *9@- />B&1,=@4+%J) :?B4+*RMNL IoT/04<&1,=@4+F&YOG]TOP10 # KI .B9A$"[\ 87 ;36&SQ' XE& 87 ;36%U(! HCHC(#&5 2# P6I87 ;32 WZTVD

Slide 4

Slide 4 text

I1Weak, Guessable, or Hardcoded Passwords      > 2)(+6     =;50! *$,'".  @

Slide 5

Slide 5 text

I2Insecure Network Services   !   $#  8<% IoT$A .+,2 '( 0)  &% "  6 3 639 &65D;E!# CBF" :67/- 1+* ?@=>4

Slide 6

Slide 6 text

I3 Insecure Ecosystem Interfaces     A A I W AP e T b6

Slide 7

Slide 7 text

I5Use of Insecure or Outdated Components *"   (# ,)  7;+*  ?>/,  % .- ( &$  ?>/ =< $!'3) 50   .4=< 2   I4Lack of Secure Update Mechanism /!' !+( ,)  16-%#&" 9:68(

Slide 8

Slide 8 text

I6Insufficient Privacy Protection 8 0-A>17'  7' !$)9 2( :4  I7Insecure Data Transfer and Storage D@#,*?C5 #,36&<;. :4  I8Lack of Device Management /'"7'%+7'=B7'C5  :4  6 

Slide 9

Slide 9 text

I9Insecure Default Settings  (. %! )$  +*  H 8&%(? #' -, )   "&  IoT64D #'*$50>3  /-2B #+ $)'*:90 FE  ;G  .=  761&%("!AC<@,

Slide 10

Slide 10 text

I10Lack of Physical Hardening        ?57> 3EUSB*& A   HFG.6)'  >  :2/"!+,%8= @4  0;  961)(*$#CD

Slide 11

Slide 11 text

TW A 0 A I A 0 0 1 O A A  A 0 A A P A TS A o 0       Fin 6 TS