Podbean logo
  • Discover
  • Podcast Features
    • Podcast Hosting

      Start your podcast with all the features you need.
    • Podbean AI Podbean AI

      AI-Enhanced Audio Quality and Content Generation.
    • Blog to Podcast

      Repurpose your blog into an engaging podcast.
    • Video to Podcast

      Convert YouTube playlists to podcasts, videos to audios.
  • Monetization
    • Ads Marketplace

      Join Ads Marketplace to earn through podcast sponsorships.
    • PodAds

      Manage your ads with dynamic ad insertion capability.
    • Apple Podcasts Subscriptions Integration

      Monetize with Apple Podcasts Subscriptions via Podbean.
    • Live Streaming

      Earn rewards and recurring income from Fan Club membership.
  • Podbean App
    • Podcast Studio

      Easy-to-use audio recorder app.
    • Podcast App

      The best podcast player & podcast app.
  • Help and Support
    • Help Center

      Get the answers and support you need.
    • Podbean Academy

      Resources and guides to launch, grow, and monetize podcast.
    • Podbean Blog

      Stay updated with the latest podcasting tips and trends.
    • What’s New

      Check out our newest and recently released features!
    • Podcasting Smarter

      Podcast interviews, best practices, and helpful tips.
  • Popular Topics
    • How to Start a Podcast

      The step-by-step guide to start your own podcast.
    • How to Start a Live Podcast

      Create the best live podcast and engage your audience.
    • How to Monetize a Podcast

      Tips on making the decision to monetize your podcast.
    • How to Promote Your Podcast

      The best ways to get more eyes and ears on your podcast.

    • Podcast Advertising 101

      Everything you need to know about podcast advertising.
    • Mobile Podcast Recording Guide

      The ultimate guide to recording a podcast on your phone.
    • How to Use Group Recording

      Steps to set up and use group recording in the Podbean app.
  • All Arts Business Comedy Education
  • Fiction Government Health & Fitness History Kids & Family
  • Leisure Music News Religion & Spirituality Science
  • Society & Culture Sports Technology True Crime TV & Film
  • Live
  • How to Start a Podcast
  • How to Start a Live Podcast
  • How to Monetize a podcast
  • How to Promote Your Podcast
  • How to Use Group Recording
  • Log in
  • Start your podcast for free
  • Podcasting
    • Podcast Features
      • Podcast Hosting

        Start your podcast with all the features you need.
      • Podbean AI Podbean AI

        AI-Enhanced Audio Quality and Content Generation.
      • Blog to Podcast

        Repurpose your blog into an engaging podcast.
      • Video to Podcast

        Convert YouTube playlists to podcasts, videos to audios.
    • Monetization
      • Ads Marketplace

        Join Ads Marketplace to earn through podcast sponsorships.
      • PodAds

        Manage your ads with dynamic ad insertion capability.
      • Apple Podcasts Subscriptions Integration

        Monetize with Apple Podcasts Subscriptions via Podbean.
      • Live Streaming

        Earn rewards and recurring income from Fan Club membership.
    • Podbean App
      • Podcast Studio

        Easy-to-use audio recorder app.
      • Podcast App

        The best podcast player & podcast app.
  • Advertisers
  • Enterprise
  • Pricing
  • Resources
    • Help and Support
      • Help Center

        Get the answers and support you need.
      • Podbean Academy

        Resources and guides to launch, grow, and monetize podcast.
      • Podbean Blog

        Stay updated with the latest podcasting tips and trends.
      • What’s New

        Check out our newest and recently released features!
      • Podcasting Smarter

        Podcast interviews, best practices, and helpful tips.
    • Popular Topics
      • How to Start a Podcast

        The step-by-step guide to start your own podcast.
      • How to Start a Live Podcast

        Create the best live podcast and engage your audience.
      • How to Monetize a Podcast

        Tips on making the decision to monetize your podcast.
      • How to Promote Your Podcast

        The best ways to get more eyes and ears on your podcast.

      • Podcast Advertising 101

        Everything you need to know about podcast advertising.
      • Mobile Podcast Recording Guide

        The ultimate guide to recording a podcast on your phone.
      • How to Use Group Recording

        Steps to set up and use group recording in the Podbean app.
  • Discover
    • Log in
    Sign up free
BrakeSec Education Podcast

BrakeSec Education Podcast

News:Tech News

2019-002-part 2 of the OWASP IoT Top 10 with Aaron Guzman

2019-002-part 2 of the OWASP IoT Top 10 with Aaron Guzman

2019-01-22
Download Right click and do "save link as"

intro

CFP for Bsides Barcelona is open! https://bsides.barcelona

Aaron Guzman: @scriptingxss

https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive

https://www.owasp.org/index.php/IoT_Attack_Surface_Areas

https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html

OWASP SLACK: https://owasp.slack.com/

https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg

Team of 10 or so… list of “do’s and don’ts”

Sub-projects? Embedded systems, car hacking

Embedded applications best practices? *potential show*

Standards: https://xkcd.com/927/

CCPA:  https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act

California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327

How did you decide on the initial criteria?

  1. Weak, Guessable, or Hardcoded passwords
  2. Insecure Network Services
  3. Insecure Ecosystem interfaces
  4. Lack of Secure Update mechanism
  5. Use of insecure or outdated components
  6. Insufficient Privacy Mechanisms
  7. Insecure data transfer and storage
  8. Lack of device management
  9. Insecure default settings
  10. Lack of physical hardening

2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014)

2014 list:

  • I1 Insecure Web Interface
  • I2 Insufficient Authentication/Authorization
  • I3 Insecure Network Services
  • I4 Lack of Transport Encryption
  • I5 Privacy Concerns
  • I6 Insecure Cloud Interface
  • I7 Insecure Mobile Interface
  • I8 Insufficient Security Configurability
  • I9 Insecure Software/Firmware
  • I10 Poor Physical Security

BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3

OWASP SLACK: https://owasp.slack.com/

What didn’t make the list? How do we get Devs onboard with these?

How does someone interested get involved with OWASP Iot working group?

https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices

https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf

https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf

https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747977/Mapping_of_IoT__Security_Recommendations_Guidance_and_Standards_to_CoP_Oct_2018.pdf

 

https://www.mocana.com/news/mocana-xilinx-avnet-infineon-and-microsoft-join-forces-to-secure-industrial-control-and-iot-devices

 

https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 

view more

More Episodes

JW Goerlich on Training, phishing exercises, security metrics,getting the most from user training
2022-07-05
RSA conference, Zero Trust, SSO, 2FA, and multi-cloud tenancy with J Goerlich
2022-06-25
jon-dimaggio-part2-threat intel-hacking back-analyzing malware
2022-06-16
Jon DiMaggio_Art-of-cyberwarfare_hacking_back-insider-threat-messaging_P1
2022-06-09
news, infosystir's talk at RSA, conti has an 'image' problem
2022-05-24
Mieng Lim, Ransomware actions, using insurance to offset risk, good IR/PR comms
2022-05-15
Mieng-Lim-Ransomware-Best-Practices-p1
2022-05-11
Mick Douglas on threat intel, customer worries about being hacked, and more
2022-05-04
news, farmers affected by ransomware, protestware for the 3rd time, trusting opensource
2022-04-26
Mick Douglas discusses What2Log, and guidance in light of Okta incident
2022-04-21
logging analysis, log correlation, and threat analysis dicussion continues - p2
2022-04-10
Amanda and Bryan discusses log analysis, finding, IOCs, and what to do about them.
2022-04-05
Shannon Noonan and Stacey Cameron - process automation -p2
2022-03-22
Shannon Noonan and Stacey Cameron - process automation
2022-03-12
K12SIX-project-Doug_Levin-Eric_Lankford-threat_intel-edusec-p2
2022-03-01
K12SIX's Eric Lankford and Doug Levin on helping schools get added security -p1
2022-02-22
April Wright and Alyssa Miller - IoT platforms, privacy and security, embracing standards
2022-02-15
Alyssa Miller, April Wright, on IoT Privacy & Security, using tech for stalking, what could be done? Part1
2022-02-07
Bit of news, Belarus train system hack, VMware Horizon vulns, edge network device vulns
2022-02-01
April Wright and Alyssa Miller- Open Source sustainabilty
2022-01-24
  • ←
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • →
012345678910111213141516171819

Get this podcast on your
phone, FREE

Download Podbean app on App Store Download Podbean app on Google Play

Create your
podcast in
minutes

  • Full-featured podcast site
  • Unlimited storage and bandwidth
  • Comprehensive podcast stats
  • Distribute to Apple Podcasts, Spotify, and more
  • Make money with your podcast
Get started

It is Free

  • Podcast Services

    • Podcast Features
    • Pricing
    • Enterprise Solution
    • Private Podcast
    • The Podcast App
    • Live Stream
    • Audio Recorder
    • Remote Recording
    • Podbean AI
  •  
    • Create a Podcast
    • Video Podcast
    • Start Podcasting
    • Start Radio Talk Show
    • Create a Podcast for Spotify
    • Education Podcast
    • Church Podcast
    • Get Sermons Online
    • Free Audiobooks

  • MONETIZATION & MORE

    • Podcast Advertising
    • Dynamic Ads Insertion
    • Apple Podcasts Subscriptions
    • AI Podcast Creator
    • Blog to Podcast
    • YouTube to Podcast
    • Submit Your Podcast
    • Switch to Podbean
    • Podbean Plugins

  • KNOWLEDGE BASE

    • How to Start a Podcast
    • How to Start a Live Podcast
    • How to Monetize a Podcast
    • How to Promote Your Podcast
    • Mobile Podcast Recording Guide
    • How to Use Group Recording
    • Podcast Advertising 101

  • Support

    • Support Center
    • What’s New
    • Free Webinars
    • Podcast Events
    • Podbean Academy
    • Podbean Amplified Podcast
    • Badges
    • Resources
    • Developers

  • Podbean

    • About Us
    • Podbean Blog
    • Careers
    • Press and Media
    • Green Initiative
    • Affiliate Program
    • Contact Us
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
  • Consent Preferences
  • Copyright © 2015-2026 Podbean.com