The OWASP Internet of Things (IoT) Top 10

A tour through the OWASP IoT Top 10 with examples of how things have gone wrong in the real world and ideas for improving things in the future.

OWASP (Open Web Application Security Project) is, of course, famous for their Top 10, but what some people don’t realise is that it’s specifically the Top 10 Web Application Security Risks. There are other Top 10s, dealing with different areas. We’re going to have a quick trip through the Internet of Things (IoT) Top 10. How does it differ from the Web App Top 10? Are there any overlaps? How has the IoT list changed over time?

I’ve done this talk once before but unfortunately the sound wasn’t recorded (https://youtu.be/AKy6VrPyP_s?t=4920). It’s based on a previous talk “IoT - How to fight the tyre fire” (https://www.papercall.io/talks/42509). I keep updating this as software, infosec and the industry move forward.