Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Pwning IoT Devices Through Their Applications - From AppSec to IoT Security

OWASP Foundation via YouTube

Overview

Explore the intersection of AppSec and IoT security in this 45-minute conference talk by Alexei Kojenov, Lead Product Security Engineer at Salesforce. Dive into a hacking journey that begins with device configuration settings and progresses through software reverse engineering, vulnerability discovery, and the responsible disclosure of six new CVEs. Follow along as Kojenov guides you through firmware analysis, decompiling, code review, and vulnerability demonstrations, showcasing how application security principles can be applied to IoT devices. Gain insights into the evolving landscape of tiny general-purpose computers and learn how to approach them from an AppSec perspective. Discover the similarities between attacking IoT devices and conventional applications, and be inspired to expand your security expertise into new domains.

Syllabus

Intro
Common perception
Requirements
IoT Top 10
The proper venn diagram
March 2020
What is live streaming
Hardware encoder
Fixing color balance
Port scan
Firmware backup
Password file
Password hash
Demonstration
Application Security Assessment
Authentication
Backdoor
HTTP Request
Code Review
Find
Multipart data
File upload
PNG upload
Buffer overflow
RTSP
Denial of service
Showdown
Responsible disclosure
Cert Coordination Center
Huawei
Ten months later
Summary

Taught by

OWASP Foundation

Reviews

Start your review of Pwning IoT Devices Through Their Applications - From AppSec to IoT Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.