Explore a comprehensive methodology for security testing Internet of Things (IoT) product ecosystems in this 53-minute conference talk from RSA Conference. Delve into the multifaceted nature of IoT and learn why a structured, holistic approach is crucial for effective testing. Gain insights into the technical details and challenges involved in creating an IoT testing program, covering areas such as mobile applications, cloud APIs, web services, network communication, radio frequency communication, and embedded firmware. Follow the presentation through various phases including functional evaluation, reconnaissance, testing, and analysis. Examine specific case studies on enterprise IoT sensor technology and consumer smart door lock APIs. Discover the basic entry-level testing skills required and how to set up a basic embedded testing lab. Understand the importance of training and exposure in this field, and consider the perspective of enterprise IoT consumers. Prerequisite knowledge of general security issues and vulnerabilities in related technologies is recommended.
Building a Comprehensive IoT Security Testing Methodology
Overview
Syllabus
RSAConference 2020
Security Testing Methodology Structure
Functional Evaluation Phase
Reconnaissance Phase
Testing Phase
Cloud & Web API Testing
Management & Control Application Testing
Network Testing
Embedded Hardware Testing
Firmware Analysis Testing
Radio (RF) Testing
Analysis Phase
Enterprise IoT Sensor Technology
Consumer Smart Door Lock APIs
Basic Entry Level Testing Skills
Basic Embedded Testing Lab
Training and Exposure
Enterprise Consumers of lot
Questions
Taught by
RSA Conference
